如何在结果中没有明显模式的情况下执行 Base62 编码/解码功能?
我有一个网站,用户必须使用典型的电子邮件确认脚本来确认他们的电子邮件,并为每个用户提供一个特定(但很长)的确认链接,其中包括常用的哈希参数。
我遇到的问题是,一些用户由于他们使用的设备而在使用又长又复杂的确认链接时遇到问题。
因此,我需要创建一种替代方法来为每个用户生成唯一的确认链接,这样就不会出现明显的模式,从而无法找出和滥用它。
我一直在研究 Base62 编码和解码,但我发现的编码和解码仅基于数字,这将限制我使用连续的唯一用户 ID,然后在编码结果中创建明显的连续模式,很容易被滥用。
最好,我想要一个不需要我更改数据库的解决方案。
理想情况下,我想基本上创建一个缩短的 URL,类似于 Bit.ly 和其他 url 缩短器创建其唯一 URL 的方式,但可以根据用户 ID、用户名或电子邮件进行编码和解码,并且最好具有编码/解码使用唯一的密钥“加盐”,以便编码结果中不会出现任何模式。
示例:
因此,确认链接不是如下所示:
http://domain.com/[email protected]&hash=1f3870be274f6c49b3e31a0c6728957f
我希望它看起来像:
http://domain.com/confirm/Sg5rdn
然后我只需解码 Sg5rdn 即可获取用户的用户名、用户 ID 或电子邮件并进行确认。
这可能吗?
I have a site where users must confirm their e-mail using a typical e-mail confirmation script with a specific (but long) Confirmation Link for each user that includes the usual hash parameter.
The problem I'm having is that some users are having problems with the long and complicated Confirmation Link due to the device they are using.
So I need to create an alternative way to generate the unique Confirmation Link for each user such that no pattern is obvious so that it cannot be figured out and abused.
I've been looking at Base62 encoding and decoding, but the one I found is based on numbers only, which would limit me to using the sequential unique User ID's, which then creates an obvious sequential pattern in the encoded results which could easily be abused.
Preferably, I want a solution that will not require me to alter the DB.
Ideally, I would like to basically create a shortened URL similar to how Bit.ly and other url shorteners create their unique URL's, but that can be encoded and decoded either off of the User ID, username, or e-mail, and preferably have the encoding/decoding "salted" with a unique key so that no pattern emerges in the encoded results.
EXAMPLE:
So instead of the confirmation link looking like:
http://domain.com/[email protected]&hash=1f3870be274f6c49b3e31a0c6728957f
I would like it to look like:
http://domain.com/confirm/Sg5rdn
Where I would then simply decode Sg5rdn to get the Username, User ID, or E-mail of the user and confirm them.
Is this even possible?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
相反,只需创建一个包含确认代码的表即可。当用户应该进行确认时,创建一个唯一的代码(使用 base62 或其他),将其插入该表并将其分配给用户 ID。
然后,当用户点击确认链接时,只需从确认代码表中获取用户 ID 等(并检查代码是否存在且尚未确认等)。
Instead, just create a table with confirmation codes. When a user should do a confirmation, create an unique code (using base62 or whatever), insert it into that table and assign it to the user id.
Then, when the user hits the confirmation link, just fetch the user id etc from the confirmation code table (and check that the code exists and still isn't confirmed etc).
我建议您将代码存储在用户表的一列中:
示例表非常缩短:
当用户注册帐户时,预先创建密钥并将其与用户名等一起存储
然后,当单击链接时,根据电子邮件检查密钥,然后将确认更新为 1。
您可以在链接上使用 .htaccess 使其更短:
例如:http://domain.com/confirm/[电子邮件受保护]/17g23f
希望这有帮助
I would suggest you store the code in a column in the user table:
example table very shortened:
As the user signs up for an account pre create the key and store it along with the username ect
Then when the link is clicked check for the key against the email, then update the confirmed to 1.
You could use .htaccess on the link to make it even shorter:
eg:http://domain.com/confirm/[email protected]/17g23f
Hope this helps
恐怕你的期望有点夸张。
你唯一能做的就是稍微缩短哈希值。
从 Sg5rdn 中“解码”用户名、用户 ID 和电子邮件的唯一方法是从数据库中获取它们。
I'm afraid your expectations a bit exaggerated.
The only thing you can really do is to shorten a hash a little.
the only way to "decode" Username, User ID and E-mail out of Sg5rdn is to fetch them all from the database.