usually stuff like this involves using a hash or some difficult to read string that when inputed to a box the user gains access to the content. Remember using longer character representations will decrease the chance of you being hacked. For instance using only numbers for all you codes would be bad
Imagine that was a code issued and all your codes were 5 digit codes. Then someone could hack in in about 5 mins by going through the limit set of possible combinations, 99999 combinations infact. However if you used a 30 character string that could be any number or character then that would take a lot longer
4887367798068925478930000000000000000000000000+ combinations for me to go through. If you consider that it takes a few seconds to send to the request and wait for authorization i would have a few years to wait to iterate through that lot.
With regards to stopping users passing the codes around. Well then you just stop them being downloaded. Once a code has been used you declare it invalid all this is simple enough with php
You might want to assign a time to live to these auth codes
You can not say you know how to do something, until you can teach it to someone else.
Last edited by timgolding; 08-01-2007 at 02:39 AM..