On Tue, 14 May 2002, Alvin Tan wrote:
> This is not really a PHP question, but seeing that the final application
> will be in PHP, I figured this'll be the best place to start.
>
> I have a client who wants to release a unique PIN for each product they
> sell which works as a key to get more goodies on the website. How/where
> can I get a large number of PINs, much like a software key (e.g.
> 3HH5R-E59VB-7SX99 or similar)?
The easiest is probably something like this...
Generating PINs:
$randnum = strval(rand(10000000, 99999999));
$secretword = 'purple%chicken^';
$hash = md5($randnum . $secretword);
$PIN = substr($randnum, 0, 4)
. substr($hash, 0, 2) . '-'
. substr($hash, 2, 6) . '-'
. substr($hash, 8, 2)
. substr($randnum, 4);
This will generate PINs in a format like 8087a5-6b09eb-a65859.
Verifying PINs:
$PIN = str_replace('-', '', $PIN);
$secretword = 'purple%chicken^';
$randnum = substr($PIN, 0, 4) . substr($PIN, 14, 4);
$hash = substr($PIN, 4, 10);
if (substr(md5($randnum . $secretword), 0, 10) == $hash)
print "PIN is valid";
else
print "PIN invalid";
As long as you can keep the secret word ($secretword) confidential, this
will let you generate an infinite supply (okay, several million anyway) of
PINs that can be validated with the simple code above, yet which are
very difficult to fake.
Obviously, if you need to locate the validation code on someone else's
machine, this is not a good approach. And, like most things, it is
susceptible to brute-force attacks unless you put in something to throttle
repeated attempts at guessing PINs.
miguel
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
