I'm starting to develop the user's registration on my project. The users would confirm their registering by a link sent by email.
I thought I could use the email inserted on the form, plus a random salt, and hash this concatened string, so that becomes each string token unique. The link would be something like this:
http://www.example.com/register/7ddf32e17a6ac5ce04a8ecbf782ca509
I think it's good and easy to build, but I'm not sure if it's secure enough.
I'm developing this project using CakePHP 2.7 and SQL Server 2014.
It really depends on how you generate the MD5. Just ensure your data is random. I don't use MD5 for generating these types of hashes, and instead will do something like:
$email_token = openssl_random_pseudo_bytes(16);
$token = bin2hex($email_token);
Personally, I would opt for something like this using random_bytes if using PHP7.
$email_token = bin2hex(random_bytes($length));
For PHP5 there's a polyfill available: https://github.com/paragonie/random_compat