View Full Version : Promotional Code Protection

08-01-2007, 01:40 AM

New to this forum so please go easy on me. I have a problem and not sure if this is the right forum to post on but here goes.

I have been given a promotional code for a website and I want this to be protected so that only people who have paid for this code can use it. Is there anyway this can be done ? Obviously there are sights across the net where codes are just pasted left, right and centre and it is vital that this only goes to people who have purchased it.

1) The user logs onto the site
2) The user sees a offer he wishes ie.10% off Amazon.
3) The user purchases this offer and recieves the promo code which he can then enter at the checkout.

The problem is he could paste this on any forum.

ALSO....I want this code to be only useable once.


08-01-2007, 02:37 AM
usually stuff like this involves using a hash or some difficult to read string that when inputed to a box the user gains access to the content. Remember using longer character representations will decrease the chance of you being hacked. For instance using only numbers for all you codes would be bad


Imagine that was a code issued and all your codes were 5 digit codes. Then someone could hack in in about 5 mins by going through the limit set of possible combinations, 99999 combinations infact. However if you used a 30 character string that could be any number or character then that would take a lot longer

4887367798068925478930000000000000000000000000+ combinations for me to go through. If you consider that it takes a few seconds to send to the request and wait for authorization i would have a few years to wait to iterate through that lot.

With regards to stopping users passing the codes around. Well then you just stop them being downloaded. Once a code has been used you declare it invalid all this is simple enough with php

You might want to assign a time to live to these auth codes

08-01-2007, 04:47 AM
You could email the user the codes, so that it was private. Then, as Tim said, you could disable the code after it was used pretty easily.