I need to be able to generate unique PIN codes (lots of em) which will be distributed via flyers / "credit cards" to potential clients. The client then logs on to my site and puts the code in, which directs them to a purchase page for a downloadable product.
I've looked around at some shopping cart providers, and none seem to have this functionality out of the box, but some come close with an add on - instead of being able to provide serials to users, these shopping cart scripts send the code to the user once the downloadable product is bought, rendering the marketing idea useless.
So, I am contemplating writing up my own PHP script that accesses a SQL db full of PINs and relevant redirect addresses to the product page via a search query.
Can anyone offer me guidance to this solution? I just got O'Riely's php book that I am reading (have been working with php for years now but don't know how to code it myself yet), and I would greatly appreciate any suggestions!
Last edited by nockemout; 03-16-2010 at 08:15 PM..
Generation of unique data is not the most difficult of tasks. Its a matter of ensuring that the length is proper; even using something like a UUID version 4 is randomized, but the number of potential combinations really minimizes the effects of collisions. That's a 128bit representation, so that provides what, 3 x 10^38 combinations? Thats huge.
I think the pear has a UUID generation class within it. If not, just wiki up uuid generation and code you're own V4 generator in PHP with pack. Thats the absolute easiest way I can think of to create non-incremental low collision identifiers.
Generation of unique data is not the most difficult of tasks. Its a matter of ensuring that the length is proper; even using something like a UUID version 4 is randomized, but the number of potential combinations really minimizes the effects of collisions. That's a 128bit representation, so that provides what, 3 x 10^38 combinations? Thats huge.
I think the pear has a UUID generation class within it. If not, just wiki up uuid generation and code you're own V4 generator in PHP with pack. Thats the absolute easiest way I can think of to create non-incremental low collision identifiers.
You store all of your MP3 files in one directory ... tucked away.
When someone buys a file, you assign a random code ...
where the code AND the real filename is added to a row in your database,
associated with the user's email, or account (however you do your database).
You email them with a link to a PHP script and the code as a PHP variable.
Your PHP script will serve them the file without giving away the location.
You can then choose to delete that row in your database, or use some sort
of date/time thing that allows them a certain amount of time to do it again.
I can choose to remove that code from my database once you click the link,
or after a certain number of clicks, or after a certain amount of time.
Each user that purchases that file would be given a unique random code,
but it's really the SAME file, no matter what code is used. And all of my
PDF files are in the same directory, using their original filenames.
The random code is only used to "connect" between the user and the file.
It can be any filetype, PDF, MP3, JPEG, etc.
The only thing you can't control is the user giving copies of it to other people.
Here is the script for serving the PDF files I have ... sort of a summary of the script:
PHP Code:
<?php
// get the random number from the URL
$number=$_GET['file'];
if($number){
// here I open my database and match the number to the filename.
// $file = the name of the PDF file.
$file=rtrim($file);
// Your $path would be your own website's path to your files ...
$path = "/home/users/web/b75/ipw.yoursite/public_web/myvideos/".$file; // the file made available for download via this PHP file
$mm_type="application/octet-stream"; // modify accordingly to the file type of $path, but in most cases no need to do so
You store all of your MP3 files in one directory ... tucked away.
When someone buys a file, you assign a random code ...
where the code AND the real filename is added to a row in your database,
associated with the user's email, or account (however you do your database).
You email them with a link to a PHP script and the code as a PHP variable.
Your PHP script will serve them the file without giving away the location.
You can then choose to delete that row in your database, or use some sort
of date/time thing that allows them a certain amount of time to do it again.
I can choose to remove that code from my database once you click the link,
or after a certain number of clicks, or after a certain amount of time.
Each user that purchases that file would be given a unique random code,
but it's really the SAME file, no matter what code is used. And all of my
PDF files are in the same directory, using their original filenames.
The random code is only used to "connect" between the user and the file.
It can be any filetype, PDF, MP3, JPEG, etc.
The only thing you can't control is the user giving copies of it to other people.
Here is the script for serving the PDF files I have ... sort of a summary of the script:
PHP Code:
<?php
// get the random number from the URL
$number=$_GET['file'];
if($number){
// here I open my database and match the number to the filename.
// $file = the name of the PDF file.
$file=rtrim($file);
// Your $path would be your own website's path to your files ...
$path = "/home/users/web/b75/ipw.yoursite/public_web/myvideos/".$file; // the file made available for download via this PHP file
$mm_type="application/octet-stream"; // modify accordingly to the file type of $path, but in most cases no need to do so
One thing though.. I see how you are able to assign a random code to connect the user to the file. This is a different from the code I use to connect the user to the purchase page, correct?
The code can be anything you want it to be ...
It's just a way for the PHP script to match it to the "real filename".
You just want to make sure nobody else can figure out what it is by using brute force.
You may want to make it so the user's email AND the code must both match.
Using MySQL queries pretty much gives you endless possibilities.
Don't forget you can JOIN two MySQL tables together ... shopping cart and download script?
Before you post, read our: 
