SaranacLake Posted May 17, 2020 Share Posted May 17, 2020 When someone buys a "platinum" members, they get several trial gift subscriptions to give to friends and family. What would be the best way to generate unique, random codes that are maybe 8-12 digits long? The workflow I came up with last night does this... In MySQL, I have defined which gift subscriptions are linked to a given Product Versions. (Hint: @gizmola) 😉 Then when someone subscribes, I go to my GIFT_CERTIFICATE_DETAILS table, determine the number of free gift subscriptions, and then my PHP will need to generate that many codes and insert them into my GIFT_SUBSCRIPTION table. - id - subscription_id - product_id - gift_code I am thinking that it is better to give people a numeric code? And maybe something 8-12 digits, so it is long enough to be unique across all time, but not so long or complicated that it's a pain in the ass to type into the web form to renew them. Thoughts? Quote Link to comment Share on other sites More sharing options...
gizmola Posted May 17, 2020 Share Posted May 17, 2020 As these are not registration keys AND they still have to be validated, you can simply generate a string of random numbers and characters, perhaps with some dashes between them. Here is a simple routine that will spit out strings in the format of xxxx-xxxx-xxxx, with 256^6 combinations (281 trillion+) combinations. function generateRandomCode() { return substr(chunk_split(bin2hex(random_bytes(6)), 4, '-'), 0, -1); } Very low chance you will generate duplicate codes, but you still want your DB to have a unique index on gift_code, and recover should you try and insert a duplicate. Anything like this would work, as again these are not registration codes, are unique, and would be linked to a particular user. 1 Quote Link to comment Share on other sites More sharing options...
SaranacLake Posted May 17, 2020 Author Share Posted May 17, 2020 (edited) 8 hours ago, gizmola said: As these are not registration keys AND they still have to be validated, you can simply generate a string of random numbers and characters, perhaps with some dashes between them. What do you mean by "registration keys"? The goal is to generate random, non-guessable codes that a member can share with friends or family. When the recipient enters the code into the form, I check that the code matches against available member gift codes, and if there is a match, I add a "redeemed_on" date, adjust the shopping_cart price, and then allow the recipient to check out. Quote Here is a simple routine that will spit out strings in the format of xxxx-xxxx-xxxx, with 256^6 combinations (281 trillion+) combinations. function generateRandomCode() { return substr(chunk_split(bin2hex(random_bytes(6)), 4, '-'), 0, -1); } Very low chance you will generate duplicate codes, but you still want your DB to have a unique index on gift_code, and recover should you try and insert a duplicate. Anything like this would work, as again these are not registration codes, are unique, and would be linked to a particular user. Now that is very cool!! Thanks!!! Edited May 17, 2020 by SaranacLake Quote Link to comment Share on other sites More sharing options...
gizmola Posted May 18, 2020 Share Posted May 18, 2020 17 hours ago, SaranacLake said: What do you mean by "registration keys"? These look a lot like registration keys for commercial software. The problem with registration schemes for many commercial products is that the scheme gets reverse engineered and then people are able to generate their own "legitimate" keys that register and unlock software. I was just pointing out that these might look like a registration key, but they aren't. 1 Quote Link to comment Share on other sites More sharing options...
SaranacLake Posted May 19, 2020 Author Share Posted May 19, 2020 18 hours ago, gizmola said: These look a lot like registration keys for commercial software. The problem with registration schemes for many commercial products is that the scheme gets reverse engineered and then people are able to generate their own "legitimate" keys that register and unlock software. I was just pointing out that these might look like a registration key, but they aren't. Yes, they do look like registration keys, and if anything, I think that makes things look more professional. But to be clear, there is no risk of reverse engineering, right? I mean I generate a code, store it in my database, and then when a gift receiver enters in the "gift code", IF it matches what is in my database, then i reduce the price to $0. I suppose a person could guess a code and get lucky, but it seems to me that is mathematically impossible consdering the "gift code' length, right? Quote Link to comment Share on other sites More sharing options...
gizmola Posted May 19, 2020 Share Posted May 19, 2020 3 minutes ago, SaranacLake said: Yes, they do look like registration keys, and if anything, I think that makes things look more professional. But to be clear, there is no risk of reverse engineering, right? I mean I generate a code, store it in my database, and then when a gift receiver enters in the "gift code", IF it matches what is in my database, then i reduce the price to $0. I suppose a person could guess a code and get lucky, but it seems to me that is mathematically impossible consdering the "gift code' length, right? Very unlikely, given the number of possible permutations. Furthermore, I would assume your system would track redemptions and limit them to a single use. Quote Link to comment Share on other sites More sharing options...
SaranacLake Posted May 19, 2020 Author Share Posted May 19, 2020 17 minutes ago, gizmola said: Very unlikely, given the number of possible permutations. Furthermore, I would assume your system would track redemptions and limit them to a single use. Yes, one code, one use, plus in my usual paranoid way, i will likely tie the code to some PII so that Suzy Q cannot buy a "Platinum" plan and give herself 12 gift code, nor can she give all 12 to one friend. Probably tie the gift code to a name, email, etc to try and limit abuse... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.