0

I'm doing a system to reset password and I need pass email on URL like this:

http://example.com/reset?email=email@domain.com&token=89s8ads9

I'm doing this:

    return $this->redirect(array(
        'controller'=> 'site',
        'action'=> 'resetaSenha',
        '?'=> array('email'=> 'email=email@domain.com', 'token'=> 89s8ads9)
        )
    );

But is returning this:

http://example.com/reset?email=email%40domain.com&token=89s8ads9
Daniel Faria
  • 1,476
  • 5
  • 24
  • 45
  • 4
    Could you please explain your problem more detailed? If the problem is `%40`, it actually shouldn't be a problem as `%40` will be decoded to `@` – Nail Jul 13 '14 at 01:18
  • Exactly, now I realize that cakephp decode so if I access $this->request->query['email'] on controller they give me the email decoded in the right way. – Daniel Faria Jul 13 '14 at 01:35
  • What do you mean by redirect with e-mail? Are you sending it? – a coder Jul 13 '14 at 02:42
  • plug the randomly generated string directly from: http://stackoverflow.com/questions/4356289/php-random-string-generator into the e-mail, then store it as the recovery key temporarily. – a coder Jul 18 '14 at 04:29

3 Answers3

0

%40 is @ urlencoded.

Something in your code is converting @ to %40 for you. http://php.net/manual/en/function.urlencode.php

You can decode it with urlencode($_GET['email']); which will replace the %40 with an @

Jason
  • 15,017
  • 23
  • 85
  • 116
0

I did'nt realized that even on url with ?email=email%40domain, when we access from controller $this->request->query['email'], we obtain the email decoded in the right way email@domain.com.

Daniel Faria
  • 1,476
  • 5
  • 24
  • 45
-2

Do a captcha check, and deny access to the e-mail sender after the session var is unset.

a coder
  • 546
  • 4
  • 23
  • This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post. – Taifun Jul 13 '14 at 02:29
  • It technically does a redirect, when the e-mail is sent. That's the strangest thing I can think of with e-mail redirection, since a simple URL referring to a token checker is incredibly easy to do. – a coder Jul 13 '14 at 02:38
  • While that may be true, it's not an answer to the question the user was asking. – Andrew Barber Jul 17 '14 at 21:10
  • now it's marked as a cake issue, I'm lost with the question. if it was real PHP I could help better. – a coder Jul 18 '14 at 04:28