Jabop Posted September 9, 2008 Share Posted September 9, 2008 I am setting up a referral link system for users to get incentives for miscellaneous things on my site. Standard referral link method, with the user having a link to the site with his/her unique ID. Every time that user gets a click or gets someone to purchase something, it's tracked. I know how to do this, but my question is simple. How to encode the user ID. It could be as simple as /link.html?id=5 However, I'd like to mask the user ID for simple security purposes. Should I use a simple hash? Should I go out of my way and apply an encryption to it? Once encrypted, it will need made safe for a url. base64_encode? How would you do it? Quote Link to comment https://forums.phpfreaks.com/topic/123442-referral-link-methods-seeking-opinions/ Share on other sites More sharing options...
lanmonkey Posted September 9, 2008 Share Posted September 9, 2008 What I might be inclined to do is when a referrer is added to my database to also include a random 16 digit hex code that represents that referrer. that code can then be used in referral links as opposed to the referrer ID and you can check it against the database to see if its valid. Quote Link to comment https://forums.phpfreaks.com/topic/123442-referral-link-methods-seeking-opinions/#findComment-637540 Share on other sites More sharing options...
JonnoTheDev Posted September 9, 2008 Share Posted September 9, 2008 lanmonkey is correct. Use md5() on the users email address to generate a unique key. Quote Link to comment https://forums.phpfreaks.com/topic/123442-referral-link-methods-seeking-opinions/#findComment-637544 Share on other sites More sharing options...
Minase Posted September 9, 2008 Share Posted September 9, 2008 you can encode the URL to a much better way (the ID) with SHA1 and MD5 $string = $userid; $id = MD5(Sha1(Sha1(MD5($string)))); if user id is 5,something like this will be returned 8596cff876787cd910de9d08937bdd9d so is a good method with plain MD5 / SHA1 it can be decrypted prety easy btw base64 have decode option is a 2 way encryption not 1 way like SHA1 and MD5 Quote Link to comment https://forums.phpfreaks.com/topic/123442-referral-link-methods-seeking-opinions/#findComment-637552 Share on other sites More sharing options...
Jabop Posted September 9, 2008 Author Share Posted September 9, 2008 How overkill is this? <?php function HashString($Str,$Secret) { return sha1(ENCKEY.$Str.sha1($Secret).sha1(ENCKEY)); } ?> Way overkill probably, but hey... Haha. Quote Link to comment https://forums.phpfreaks.com/topic/123442-referral-link-methods-seeking-opinions/#findComment-637565 Share on other sites More sharing options...
JonnoTheDev Posted September 9, 2008 Share Posted September 9, 2008 To be honest it doesnt matter if the key is decrypted. It is only used to perform a database lookup. You are only generating a unique key per user to be attached to a url param. You could create it from the current time: $userKey = md5(time()); Decrypting it would give you nothing secret! Quote Link to comment https://forums.phpfreaks.com/topic/123442-referral-link-methods-seeking-opinions/#findComment-637566 Share on other sites More sharing options...
Minase Posted September 9, 2008 Share Posted September 9, 2008 that is correct but sometimes user ID is better to remain hiden Quote Link to comment https://forums.phpfreaks.com/topic/123442-referral-link-methods-seeking-opinions/#findComment-637567 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.