Reputation: 2819
Allowing access to MySQL database without conventional authentication - PHP
I'm working on a project to learn PHP, and I'm realizing I have a ways to go.
I'm creating a basic site that allows traditional account creation for a user to go in and build email lists. They can then send out an email that it personalizes and makes a form letter. At the end of this letter I am including a link that the reader can go to (unique to each person) where they can select and fill out a short form that I would like to be able to process back into another table in my database. All the while keeping track of who said what.
I have everything working perfectly right now, but I didn't realize until just barely that the only reason it works is because I was already authenticated as the main user (when I was opening up test emails and saving my responses). So when I open an email and go to the link and fill out the form on a computer that doesn't have any cookies or session variables cached, I can't save because I have no access to the database.
My question
The URL that shows up in each person's email has a guid at the end that is made up of a combination of things that uniquely identifies that person. I'd really prefer not to make the email recipients make an account with me, but I need to be able to process their responses.
How can I give them access to writing to the database even though they don't have full login credentials? I know that they are legitimate based on their URL, can that somehow be made to work?
EDIT: Some code
Here is an example of a URL in the email:
mysite.com/process.php?guid=abcdefghijklmnopqrstuvwxyz
When clicked, I pull the guid out of the $_GET and look up some information about it. Now that I think about it, it doesn't really make sense that I can look up stuff in the database off the bat, but that's another issue. After the form is filled out, and the save button pressed, this is what is going on:
<?php
drequire("library/database.inc.php");
require("library/check-user.inc.php");
include("library/head1.inc.php"); // Load meta data
include("library/head2.inc.php"); // Load scripts
include("library/header.inc.php"); // Load header
$email = $_POST['email'];
$eqp = $_POST['eqp'];
$month = $_POST['month'];
$sqlDel = "DELETE FROM results WHERE eqp = $eqp AND month = '$month' AND email = '$email'";
mysql_query($sqlDel) or die('Error, could not delete.');
$sqlIns = "INSERT INTO results (month, email, eqp) VALUES ('$month', '$email', $eqp);";
mysql_query($sqlIns) or die('Error, could not insert.');
echo'Success! Keep up the good work!';
?>
But the insert doesn't occur. I am assuming it is because I really don't have a connection to the database.
Upvotes: 0
Views: 209
Answers (1)
Reputation: 60030
You need to post some code, but as a pseducode answer
function post_for_user_to_write($special_user_ID_in_email)
{
if ($special_user_ID_in_email == valid_special_ID())
{
// Connect to database
// Post data to database
}
}
Upvotes: 1
Related Questions
- Securely Connected to MySQL DB via PHP
- php database help, database hosted on separate server than web host
- Secure way to connect to a MySQL database
- simple authentication using credentials in php
- User authentication PHP/SQL
- How do I authenticate a user in PHP / MySQL?
- authorise user from mysql database
- authentication safely
- Use PHP to authenticate information in a MySQL database from an external server