I want to add a unsubscribe link in my emails.
On my website I have deployed a PHP module with code as given below. I am worried if the link can be a misused (security loophole).
URL will be somewhat like seen below, wherein test@domain.com is the 'To' email ID which I will note in a text file via my PHP code.
https://example.com/unsubscribe/MyCode.php?param=test@domain.com
$file = 'access_log.txt';
$timestamp = date('Y-m-d H:i:s');
$ip = $_SERVER['REMOTE_ADDR'];
$param = isset($_GET['param']) ? $_GET['param'] : 'No Parameter';
$entry = "$timestamp, $ip, $param\n";
if (file_put_contents($file, $entry, FILE_APPEND | LOCK_EX)) {
echo "Log entry recorded.";
} else {
echo "Error writing to file.";
}
Instead of e-mails, use a unique, randomly generated string that is associated to the user's account. For example:
https://example.com/unsubscribe/MyCode.php?param=uaefa987asdfnkajdsfhaf7689aiasdfkhl8
So, you would need to add a column, sort of emailId to your user table.
Then, when you add or register a user in your website, generate this string and store it with the rest of the user data.
+---------+------------+------------------+--------------------------------+
| user_id | name | email | email_id |
+---------+------------+------------------+--------------------------------+
| 1 | John D. | john@example.com | asdfj87asdfhjahaldsfo87asdf... |
+---------+------------+------------------+--------------------------------+
Now, when you get a request, look up the e-mail given the emailId param, and log it.