(using PHP and MySQL)
When a unknown user creates an order on my website I want to send an email confirmation to them that will change the order state for that row to 'Active'. I am doing this to make sure that the user entered in their email address correctly(for billing later).
I am unsure of a secure way to do this as I only want the state to be able to change 1 time from "inactive' to 'Active'.
The part that I cannot figure out is how to securely send the url to change the state of the order to the customer.
How would I md5 hash the order id and maybe the page name? instead of looking like this:
Any suggestions on doing it a better way or help in figuring it out would be gratefully appreciated.