February 11th, 2013, 12:54 AM
Ok, how can I use str_replace to do the following.
First of all, I am going to pass a string in a random
value, for example the url will pass:
the may change (I will make sure the code changes too)
and the after the domain may change (again I will make sure the code changes).
What I need to do is check if the Pf part of the string is at the end of the value of
and that the string before it 'email@example.com' is a valid email address syntax (maybe even going as far as checking the domain name is valid)
I am sure str_replace cannot check if the email is valid, so if you know of a way to do that, I would be very appreciative.
I have been playing with this but to no avail.
can you tell me how to do this?
I can do it easily in Perl, but am too Php challenged to pull it off in Php.
Thank you in advance for any help you can be.
February 11th, 2013, 12:56 AM
Ok, maybe I am going at it all wrong, maybe it has nothing to do with str_replace...
Just thinking out loud, sorry.
February 11th, 2013, 01:45 AM
Ok, I think preg_match may be the way to validate the end of the string contains the data I want it to have, but now I need to know how to remove it from the string and check the rest of it for a valid email address to make sure it came from an email I sent them and was not from an un-authorized source.
can you let me know how to do it?
February 11th, 2013, 02:45 AM
why do you use this weird approach with the email address glued together with "something"? Why don't you put the "something" into its own parameter? That would make things much easier.
Also note that PHP has a filter function built-in (with support for checking email addresses):
February 11th, 2013, 07:42 PM
You can use substr to separate the email address and the ending thingy, provided the length of the ending thing is always the same.
February 12th, 2013, 04:21 AM
Ok, I went and read the whole thread on substr...
Originally Posted by E-Oreo
I don't see how to get everything except the last two characters...
email addresses are unique, some are short, some are long.
so I don't know the length of it.
I suppose I could do it the long way, get the length, then get everything from 0 to length-2...
but is there an easier way?
BTW, I am doing it like this because I am going to change it up for security. This is something one script creates and then another reads, so this way, if someone tries to just steal something and they access it, they won't know what that page is looking for. I know anyone willing to spend time on it, will figure it out, I am just trying to stop the majority of common people from seeing they can pass a link around.
If they pass it around with their email address in it, then I will know who passed it around. So the email address is sort of like a key, the characters on the end of the email address tell me something about the email address, so if they change the email and the two characters are the same, it may or may not match. if it does not match, the I know they do not have permission to access the page.
I am working on making it completely different, this is just a temporary fix while I work on the bigger solution.
February 12th, 2013, 05:08 AM
Simply generate a random key and pass it via a URL parameter. If it's long enough (and truly random), this is a pretty secure approach -- but not as secure as a fully-featured login system, of course.
Using the email address doesn't add a lot of security, and it's kind of problematic to send the email address around with every request.
February 12th, 2013, 05:30 AM
If the user uses it only for themselves, then it is fine.
Originally Posted by Jacques1
That is what I want. I just don't want them emailing the link around to others.
February 12th, 2013, 05:42 AM
I understand what you're trying to do. The random key does exactly that, but it's more secure and less problematic with regard to privacy than using the email address + 2 random characters.
The only reason why the email address might make sense is purely psychological: Seeing your address in the link is kind of more impressive than an abstract key, so users with little technical knowledge might be more hesistant with sharing the link. But technically, a key identifies a user just as well as the email address.
February 12th, 2013, 07:37 AM
That makes since, but the problem is that the email that goes out with access is done by Send Pepper, so I cannot control the programming to create a key that my webpage can access. I can only create the key behind the email address for now.
Originally Posted by Jacques1
I am working on an upgrade that will auto-create the membership site to give them access automatically.
anyhow, can you tell me how to get the email from the value with the two extra characters?
February 12th, 2013, 07:42 AM