php - Send Links with POST Data via E-Mail -

php - Send Links with POST Data via E-Mail -

i want know how send link in e-mail contains $_post data. it's e-mail reset function in php. don't want send e-mail link like

http://example.reset.com/reset.php?token=5e51b695b8260632e55cad464039c2b4d7ec2cbca0331b881fabc4ada71cffac3808aa105ec5e9a9b693768774ddb6c3160359f9195c2e442c7c7a82ed849033

so possible realize this?

i check if token in database , if $exp_date_time info not old. user has 30 minutes alter password, after getting mail. if 1 of these steps doesn't work person tried connect reset.php redirected index.php.

now don't want have bot accidentally positive response this.

for info token length 128 , generated generated random password modified sha512 hash.

how can create more secure?

cheers

sven

additional information:

my database:

create table if not exists `email` ( `kasuser` varchar(12) not null default '', `be_mail` varchar(100) not null default '', `ba_mail` varchar(100) not null default '', `exp_date` varchar(19) not null default '2000-01-01 01:01:01', `token` varchar(200) not null default '', primary key (`kasuser`), unique key `be_mail` (`be_mail`), unique key `ba_mail` (`ba_mail`) )

to link 1 above, need fill in form, checks, if backup_mail (ba_mail) in database , bound be_mail, have send form. date generated +30min , token generated password generator hashes password , saves end product database. e-mail send ba_mail link above.

i wonder if it's possible generate "link" hidden form, sends token php $_post requires it. doubt, work in e-mail clients , there people see plain text. have @ to the lowest degree send them token or?

you generate token , store email in db, pass both of in email link.

reset.php?token=5e51b_etc&email=test%40example.com

$email = urldecode($_get['email']); $token = $_get['token'];

you craft query check token , email match in db.

edit: check time of access less $exp_date_time.

edit 2: noticed 'i don't want send e-mail link like'. can avoid link looks in email `password reset. utilize info process request , redirect either valid attempt/change password, or parameters wrong or request old. wouldn't worry url in scenario. it's not going visitor going homecoming unless sent email reset.

php email post hyperlink