Unsubscribe from mailing list

[Fuma]

I have a table that has email addresses of all the subscribers to promotions, news letters and etc.

ID email
--------------------------
1 subsriber1@whatever.co.za
2 subsriber2@whatever.co.za
3 subsriber3@whatever.co.za

They would also like to unsubscribe.
So when I send them emails, I have a url at the end of the mail
http://www.whatever.com/unsubscribe.php?id=1

I'll use that id to update/delete that record to unsubscribe.

Is there a better way I can do this? I don't like using the query string for this, unless if I can encrypt the id it.

Btw, I'm using PHP.

 

[murraybiscuit]

yeah. not a great way of doing it - i could unsubscribe your entire database this way.
you should rather use the id and email in the url to cross check one another.
that way if somebody tries to manipulate either, they can only unsubscribe valid id/email pairs. it's going to be hard to guess valid paris, so you should be safe with this.

that said, i don't think it's good practice to send non-essential user data through email / in get vars (do you really need to send the id?), so i'd rather obfuscate the email with a unique salted hash and then test when reading it back.

send email:

<?
$email = 'x';
$salt = 'xxxxxx'; // random 16 character unique value
$unsubscribe = sha1($email . $salt);
$url = 'http://unsubscribeurl?email=' . $email . '&unsubscribe=' . $unsubscribe;
// send mail here
// error / success handling
?>

url postback:

<?
if($_GET['email']){
$email = $_GET['email'];
$unsubscribe = $_GET['unsubscribe'];
if($unsubscribe == sha1($email . $salt)){
// change db flag
// error / success handling
}
}
?>

it's overkill for this example, but it's a good idea to get familiar with secure practices - be it for logging in or anything else.

 

[FarligOpptreden]

Why not have a GIUD also assigned to the table and querystring when unsubscribing? So instead of putting the email address in the querystring, use the GUID which is associated with the email address in the database. That way you don't have to expose the email address in the URL at all...

 

[murraybiscuit]

because the email address is already publicly known and it wouldn't take much to figure out that the recipient address is linked to the guid. email addresses and usernames should be used for public access, guid's / id's should be restricted to internal script access.
i see your point, but i prefer cross checks rather than single id checks.
and you're assuming that a single email is mapped to a single user

 

[Fuma]

I tried your suggestion ...... biscuit....and it works like a charm. Thanks.

Just lazy to think this time of the year. I need a holiday.

 

[murraybiscuit]

cool. i'm not a big guid user myself, but it's always good to know how other people solve these things.

 

[guest2013-1]

Most newsletter subscriptions these days takes you to a page to ask you to fill in your email address and click on "Unsubscribe" instead of having it been done automatically on click to the site.

Guess it's just another way to do that

 

[FarligOpptreden]

cool. i'm not a big guid user myself, but it's always good to know how other people solve these things.

GUIDs also work nicely for validating single-request pages, i.e. generating the GUID for the request, popping it into a Session variable, sending it through to a page with a querystring and matching it with the GUID in the Session variable. After a successful match, you can then clear the Session variable, effectively rendering further calls to the same URL invalid.

Works nicely for download tickets...