Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
Thread: Promotional Code Protection
08-01-2007, 12:40 AM #1
- Join Date
- Aug 2007
- Thanked 0 Times in 0 Posts
Promotional Code Protection
New to this forum so please go easy on me. I have a problem and not sure if this is the right forum to post on but here goes.
I have been given a promotional code for a website and I want this to be protected so that only people who have paid for this code can use it. Is there anyway this can be done ? Obviously there are sights across the net where codes are just pasted left, right and centre and it is vital that this only goes to people who have purchased it.
1) The user logs onto the site
2) The user sees a offer he wishes ie.10% off Amazon.
3) The user purchases this offer and recieves the promo code which he can then enter at the checkout.
The problem is he could paste this on any forum.
ALSO....I want this code to be only useable once.
PLEASE HELP !!
08-01-2007, 01:37 AM #2
- Join Date
- Aug 2006
- Thanked 110 Times in 109 Posts
usually stuff like this involves using a hash or some difficult to read string that when inputed to a box the user gains access to the content. Remember using longer character representations will decrease the chance of you being hacked. For instance using only numbers for all you codes would be bad
Imagine that was a code issued and all your codes were 5 digit codes. Then someone could hack in in about 5 mins by going through the limit set of possible combinations, 99999 combinations infact. However if you used a 30 character string that could be any number or character then that would take a lot longer
4887367798068925478930000000000000000000000000+ combinations for me to go through. If you consider that it takes a few seconds to send to the request and wait for authorization i would have a few years to wait to iterate through that lot.
With regards to stopping users passing the codes around. Well then you just stop them being downloaded. Once a code has been used you declare it invalid all this is simple enough with php
You might want to assign a time to live to these auth codes
Last edited by timgolding; 08-01-2007 at 01:39 AM.You can not say you know how to do something, until you can teach it to someone else.
08-01-2007, 03:47 AM #3
- Join Date
- Jan 2005
- Philadelphia, PA, USA
- Thanked 76 Times in 76 Posts
You could email the user the codes, so that it was private. Then, as Tim said, you could disable the code after it was used pretty easily.
Last edited by whizard; 08-02-2007 at 04:02 AM.PHP Tip: If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.
Don't forget to save everyone time and mark your thread as Resolved :)
"Also note that it is your responsibility to die() if necessary."
DON'T USE THE MYSQL_ EXTENSION