I might have mis-understood your question but from what I gather you need:
-a way to authenticate a user
-the ability to pass over the page they wish to view on first-load and their email address.
The basis of this is simply symmetric key authentication - all that follows is ways to mash it up.
Put your data together (email address, Page to land on) and then hash it with a strong key.
Decrypt at other end and voila - done.
This method is secure if your password (key) is hard to guess - the following is one way that is hard to crack.
AUTHENTICATION
There are a couple of ways to do this - if you have access to their server (or someone there who can insert some code for you) then the following would work.
Create a php script that does the following.
I HAVE MASSIVELY OVER-ENGINEERED THIS TO DEMONSTRATE LOADS OF WAYS OF MAKING A HASHED STRING HARDER TO CRACK - YOU CAN CHOOSE YOUR OWN WAY!
(pseudo code)
$serverTimeStamp = timestamp;
$additionalNoise = "THEcat1sch33sy";
$time = $serverTimeStamp . "XAB"; <- needs to be a random code as delimeter.
$data = $additionalNoise + "email@email.com";
$salt = "wh4tW0u1dB4tm4nD0?" + $serverTimeStamp;
$password then needs hashing with a reversible hash (mcrypt is a good place to start)
$encrypted = mcrypt of $data and $salt ($salt is shared key);
$authenticationcode = $time . $encrypted;
This will give you a pretty damned strong random string with a time-stamp at the front followed by XAB then a random hashed string.
This would then be passed to your user validate script.
<iframe src="http://yoursite/validate/COMPLETELYRANDOMSTRING"></iframe>
From there you reverse the process.
IMPORTANT (ammendment) - I completely forgot one IMPORTANT element - store the random string that is sent to you in a database. These strings are 'single use' - if your receive the same string again it is an attack.
This is all facilitated by the timestamp being in the salt and at the beginning of the string - can send the same data 1000 times a day with a completely different string.
Get random string.
get time-stamp from front of random string -> using regex / index of looking for numbers and then XAB (hence the random XAB string - it is just a separator)
$timeStamp = "10200192XAB";
"wh4tW0u1dB4tm4nD0?" <-shared secret key.
$salt (secret key) = "wh4tW0u1dB4tm4nD0?" + $timeStamp;
decrypt using salt
you get your data preceded by
"THEcat1sch33sy" (your additional noise) (which is also a fixed shared key in effect)
Just strip the "THEcat1sch33sy" and you have your email address (which you then validate in the 1 in a million chance that the random string actually spits out "THEcat1sch33sy" at the begninning.
Voila - not 100% but believe me - if I am trying to get into your server - I won't try this way!
PASS PAGE OVER
Simply add it to the $data - so you would pass $email + "seperator" + $coursepage.
Hope this helps (and is clear)