as by title, which is the best way to build the sign in email confirm link?
i suppose id_user/23414/pass/md5(user password)
not? :P
You should create a token and assign it to the user - a guid or something. You shouldn't send the user id or the hashed password.