Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Aug 2007
    Thanked 0 Times in 0 Posts

    Promotional Code Protection


    New to this forum so please go easy on me. I have a problem and not sure if this is the right forum to post on but here goes.

    I have been given a promotional code for a website and I want this to be protected so that only people who have paid for this code can use it. Is there anyway this can be done ? Obviously there are sights across the net where codes are just pasted left, right and centre and it is vital that this only goes to people who have purchased it.

    1) The user logs onto the site
    2) The user sees a offer he wishes ie.10% off Amazon.
    3) The user purchases this offer and recieves the promo code which he can then enter at the checkout.

    The problem is he could paste this on any forum.

    ALSO....I want this code to be only useable once.


  2. #2
    Senior Coder timgolding's Avatar
    Join Date
    Aug 2006
    Thanked 110 Times in 109 Posts
    usually stuff like this involves using a hash or some difficult to read string that when inputed to a box the user gains access to the content. Remember using longer character representations will decrease the chance of you being hacked. For instance using only numbers for all you codes would be bad


    Imagine that was a code issued and all your codes were 5 digit codes. Then someone could hack in in about 5 mins by going through the limit set of possible combinations, 99999 combinations infact. However if you used a 30 character string that could be any number or character then that would take a lot longer

    4887367798068925478930000000000000000000000000+ combinations for me to go through. If you consider that it takes a few seconds to send to the request and wait for authorization i would have a few years to wait to iterate through that lot.

    With regards to stopping users passing the codes around. Well then you just stop them being downloaded. Once a code has been used you declare it invalid all this is simple enough with php

    You might want to assign a time to live to these auth codes
    Last edited by timgolding; 08-01-2007 at 02:39 AM.
    You can not say you know how to do something, until you can teach it to someone else.

  3. #3
    Senior Coder whizard's Avatar
    Join Date
    Jan 2005
    Philadelphia, PA, USA
    Thanked 84 Times in 84 Posts
    You could email the user the codes, so that it was private. Then, as Tim said, you could disable the code after it was used pretty easily.

    Last edited by whizard; 08-02-2007 at 05:02 AM.
    PHP Tip: If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.

    Don't forget to save everyone time and mark your thread as Resolved :)

    "Also note that it is your responsibility to die() if necessary."



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts