I am working on a project on web portal where I need to send a form link to users for joining a team(Through Email) but I want to generate a custom url such that the field of team ID is already filled(extracted from database) and it cannot be changed by user. How to generate such a URL?
Asked
Active
Viewed 38 times
0
-
1Generate like any random number, strings etc. for example: $token = bin2hex(openssl_random_pseudo_bytes(24)); – Peter Oct 13 '22 at 17:04
-
I am sorry but can you please explain your approach in a bit detail. I am not sure what you mean here. – Bhavya Shah Oct 13 '22 at 17:09
-
_"it cannot be changed by user"_ - URL's can always be changed by the user since it's them making the request. What you should do is generate a unique token for the team (like @Peter suggested) and store that in your database together with the team id. When you get a request (you can pass the token as a query parameter), all you need to do is to check the database which team id the token belongs to. – M. Eriksson Oct 13 '22 at 17:12
-
When you store the team information in the database, also store a [random string](https://stackoverflow.com/a/4356295/231316). Send that in the URL. Check the random string. – Chris Haas Oct 13 '22 at 17:17
-
This is exactly how it should work as M.Eriksson and Chris Haas writes. A generated token will protect you from unauthorized people joining the group. The longer/stronger the token, the greater the security of your application. And you can generate it in various ways. – Peter Oct 13 '22 at 17:24