John John - 1 month ago 9
HTML Question

How do I make my own "unsubscribe" button in an email?

I got a controller that sends an email with an array of variables, which includes the person's name and the timestamp they made a request. The email sends an html file, and in the html file there has a "Click here to delete bla bla bla." line. When the user clicks on the link, the link will send them to a controller that will delete their name from my database.

Now, I'm not entirely sure how I'm supposed to do this. I could obviously do something like this:

Click <a href='https://xxx.xx.xxx.xxx:8000/web/misc/request/delete/<?php echo $data['timestamp']; ?>/<?php echo $data['name']; ?>'> here</a> to delete bla bla bla.


Then, in my routing file, I'll have:

Route::get('/web/misc/request/delete/{time}/{name}', 'EmailController@deleteRequest');


Then I can just query my database with the name and the timestamp, and viola, delete.

But someone could easily just edit the name or timestamp in the URL, right?

This made me want to use POST, but I'm not entirely sure how I'm supposed to do that in this scenario. I could just make a form, set some inputs to hidden, and then store the name and timestamp into those input values. I haven't tried this yet because it sounds pretty hacky.
Using a session also wouldn't work in this case, right?
Would this be a good time to use cookies? Or should I use some sort of keys?

Answer

But someone could easily just edit the name or timestamp in the URL, right?

Yes

This made me want to use POST

That wouldn't help. You would still depend entirely upon data under the control of the client.


Generate random alphanumeric strings to use an identifiers. Store it in your database with the rest of the data about the subscribed user. Include it in the URL.

When the request comes in, check that the email address being unsubscribed and matches the confirmation string in your database.

Comments