I have been pondering this security issue and not exactly sure how to go about this. On my site people will be able to print out flyers and post them somewhere (like a university) and take a picture of themselves next to it. In return they will receive a user upgrade.
These are some of the problems that I have thought of:
- Users can print one flyer and take pictures in all sorts of places
- User can take a picture, turn the corner and take another picture
- Person A posts a flyer, Person B comes up and claims it as their own
Some possible solutions:
- Write the person's username on the flyer when printing out
- Have the user hold a piece of paper with their username and date
- Limit to 1 photo per week
- Print a barcode, alphanumeric code, or something else on the flyer as well.
My main focus for this question is the last solution. I have been thinking of storing a random salt for each time a flyer is printed.
What are other ways to keep the flyers as secure? (I know it's not possible to fully secure it.)
Programming Question: How should I generate a random code for each flyer? And how do I later verify it versus my system?
Use the username plus the current timestamp, then do a sha1() to the result. That should give you a very unique code.
For example
$code = sha1($username. time());
- Generate a random ID with something like
base64_encode(uniqid("", TRUE)). - Save it in your DB associated with the user's flyer.
- Include the unique ID on the flyer.
- When somebody posts a picture, look up in your DB to make sure it was a valid ID.
- Mark the DB entry as "redeemed" so nobody uses it again.
- Realize that no matter how clever you are, people will come up with ways to cheat your system.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论