How to implement an Email Change Function?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

How to implement an Email Change Function?

Postby AGISB » Wed Jun 20, 2012 2:44 am

I am thinking on how to implement a email change function in light of the worst case scenario and how to revert it if it was malicious.

In light of people choosing the easiest possible password that I let them choose, I have to deal with a hacked account or a collegue using the logged in account to change the email just for fun.

If I change a customers email, I have to deal with the possibility that I am handing over his account to someone else.

My approach is the following:

- I ask for the password again when the Email is changed
- I create 2 Emails one to the old address one to the new. Both inlcude a different hash. The one to the new is obvious as it is used for validation. The one to the old includes 2 Links, one to finalize the change and one to deny the change in case of a malicious change request.

I change the emailadress on validation but I keep the possibility to reverse it if the user e.g. comes back from vacation and notices the problem.

Is this enough precaution or do I need more? I might be totally paranoid about this but I can think of a couple of scenarios where I might think that an automated email change system might be completely a bad idea ...
AGISB
Forum Contributor
 
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Re: How to implement an Email Change Function?

Postby social_experiment » Thu Jun 21, 2012 5:55 am

To ask the password for changing the email address is a good idea; a correct combination of both doesn't always indicate the owner of the account. I'm not so sure about sending a validation email to the new address; it feels to me like a bit of overkill;

If the correct password is provided; for both login and the request to update information, you can only assume the user is the valid owner of the account. A user also has an obligation to keep sensitive information secure.

AGISB wrote:In light of people choosing the easiest possible password that I let them choose

You should force a format for the passwords here (if you don't already); at least 8 characters in length and those characters be a mix of alpha numeric characters and non-word characters; generate passwords if you must.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
social_experiment
DevNet Master
 
Posts: 2768
Joined: Sun Feb 15, 2009 12:08 pm
Location: .za

Re: How to implement an Email Change Function?

Postby AGISB » Fri Jun 22, 2012 2:22 am

The validation email to the new account is just to make sure the email is correct, as my application requires a valid email so I can contact the user.

My problem was that I used the email adress as username as well but I changed this so most of the problems I had with changing the mail are gone now ;)
AGISB
Forum Contributor
 
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Re: How to implement an Email Change Function?

Postby Jonah Bron » Sun Jun 24, 2012 5:41 pm

AGISB wrote:The validation email to the new account is just to make sure the email is correct, as my application requires a valid email so I can contact the user.

It seems to me like that's the user's problem, not yours. However, there is a security problem with not confirming it. A malicious user could conceivably create an account under an email, change it to a non-existant email, and then register again with the first email. Using this method the person could create as many accounts as they like with only one valid email address. A good way to circumvent that would be to put a hold on the email for say, 36 hours, before allowing any particular email to be re-registered.

Overall, I don't think you need to be too worried about it, most sites are pretty lax in dealing with changing emails, I find, and there's not too much trouble.
User avatar
Jonah Bron
DevNet Master
 
Posts: 2765
Joined: Thu Mar 15, 2007 6:28 pm
Location: Redding, California


Return to PHP - Theory and Design

Who is online

Users browsing this forum: sterban and 3 guests