How to generate Gift Codes

[SaranacLake]

When someone buys a "platinum" members, they get several trial gift subscriptions to give to friends and family.

What would be the best way to generate unique, random codes that are maybe 8-12 digits long?

The workflow I came up with last night does this...

In MySQL, I have defined which gift subscriptions are linked to a given Product Versions.  (Hint: @gizmola)  😉

Then when someone subscribes, I go to my GIFT_CERTIFICATE_DETAILS table, determine the number of free gift subscriptions, and then my PHP will need to generate that many codes and insert them into my GIFT_SUBSCRIPTION table.

	- id
	- subscription_id
	- product_id
	- gift_code
	

 

I am thinking that it is better to give people a numeric code?

And maybe something 8-12 digits, so it is long enough to be unique across all time, but not so long or complicated that it's a pain in the ass to type into the web form to renew them.

Thoughts?

 

[gizmola]

As these are not registration keys AND they still have to be validated, you can simply generate a string of random numbers and characters, perhaps with some dashes between them.

Here is a simple routine that will spit out strings in the format of xxxx-xxxx-xxxx, with 256^6 combinations (281 trillion+) combinations.  

function generateRandomCode() {
  return substr(chunk_split(bin2hex(random_bytes(6)), 4, '-'), 0, -1);
}

Very low chance you will generate duplicate codes, but you still want your DB to have a unique index on gift_code, and recover should you try and insert a duplicate.  

Anything like this would work, as again these are not registration codes, are unique, and would be linked to a particular user.  

[SaranacLake]

 

8 hours ago, gizmola said:

As these are not registration keys AND they still have to be validated, you can simply generate a string of random numbers and characters, perhaps with some dashes between them.

What do you mean by "registration keys"?

The goal is to generate random, non-guessable codes that a member can share with friends or family.  When the recipient enters the code into the form, I check that the code matches against available member gift codes, and if there is a match, I add a "redeemed_on" date, adjust the shopping_cart price, and then allow the recipient to check out.

 

 

Quote

Here is a simple routine that will spit out strings in the format of xxxx-xxxx-xxxx, with 256^6 combinations (281 trillion+) combinations.  

function generateRandomCode() {
  return substr(chunk_split(bin2hex(random_bytes(6)), 4, '-'), 0, -1);
}

Very low chance you will generate duplicate codes, but you still want your DB to have a unique index on gift_code, and recover should you try and insert a duplicate.  

Anything like this would work, as again these are not registration codes, are unique, and would be linked to a particular user.  

Now that is very cool!!

Thanks!!!

Edited May 17, 2020 by SaranacLake

[gizmola]

17 hours ago, SaranacLake said:

What do you mean by "registration keys"?

These look a lot like registration keys for commercial software.  The problem with registration schemes for many commercial products is that the scheme gets reverse engineered and then people are able to generate their own "legitimate" keys that register and unlock software.  I was just pointing out that these might look like a registration key,  but they aren't. 

[SaranacLake]

18 hours ago, gizmola said:

These look a lot like registration keys for commercial software.  The problem with registration schemes for many commercial products is that the scheme gets reverse engineered and then people are able to generate their own "legitimate" keys that register and unlock software.  I was just pointing out that these might look like a registration key,  but they aren't. 

Yes, they do look like registration keys, and if anything, I think that makes things look more professional.

But to be clear, there is no risk of reverse engineering, right?

I mean I generate a code, store it in my database, and then when a gift receiver enters in the "gift code", IF it matches what is in my database, then i reduce the price to $0.

I suppose a person could guess a code and get lucky, but it seems to me that is mathematically impossible consdering the "gift code' length, right?

 

[gizmola]

3 minutes ago, SaranacLake said:

Yes, they do look like registration keys, and if anything, I think that makes things look more professional.

But to be clear, there is no risk of reverse engineering, right?

I mean I generate a code, store it in my database, and then when a gift receiver enters in the "gift code", IF it matches what is in my database, then i reduce the price to $0.

I suppose a person could guess a code and get lucky, but it seems to me that is mathematically impossible consdering the "gift code' length, right?

 

Very unlikely, given the number of possible permutations.  Furthermore, I would assume your system would track redemptions and limit them to a single use.  

[SaranacLake]

17 minutes ago, gizmola said:

Very unlikely, given the number of possible permutations.  Furthermore, I would assume your system would track redemptions and limit them to a single use.  

Yes, one code, one use, plus in my usual paranoid way, i will likely tie the code to some PII so that Suzy Q cannot buy a "Platinum" plan and give herself 12 gift code, nor can she give all 12 to one friend.

Probably tie the gift code to a name, email, etc to try and limit abuse...