ollie
Reputation: 823
How to handle email invite system with user accounts
What's the standard/best way to handle the following situation?
A user enters email address [email protected] to send an invite to an event on a website. The person receiving the invite already has an account at the website but has signed up with [email protected] as their email address.
How do I verify that it's the right person while letting the user sign in with their actual account? I can use an invite ID to tie that account with that invite but what's stopping any person with access to that ID logging in?
Upvotes: 1
Views: 509
Answers (1)
Matt S
Reputation: 15364
It depends on your level of trust. You have a few choices:
- Trust the person sending the invite. Anyone who visits with a valid invite response URL can register with their choice of email, regardless of who was sent the invite.
- Deny invite responses where the recipient and registered user email addresses don't match.
- Only let users send invites for people already registered and have them choose the right account within the system.
Upvotes: 1
Related Questions
- Creating Invite Code to send to Database
- Inviting users through email
- how to keep record of the email invited by member of my website
- How should I track my user's email invites
- giving users invites?
- Activating user's accounts by mailing them
- fetch email ids from user input
- Is It Easy to Make an Email Address Book Invite?
- Sending an invite email with an HTML form and a PHP script