3

During the signup process for my app, users will be asked if they have an invitation code. This is a way to recognize "VIP" users and instantly give them access, rather than sticking them on a waiting list.

I have everything (mostly) figured out, but am clueless as to how to create sets of unique codes, and what the best way to store them is. What is a generally accepted practice for something like this, and how should I store the values in SQL (as a string, or as a binary value, or what?)

Thanks!

Edit 1

  • Any random set of numbers/letters is fine. There doesn't need to be any particular format.
  • Each VIP user will have their own code
  • There will (probably/hopefully) be a few thousand codes handed out.
drewwyatt
  • 5,989
  • 15
  • 60
  • 106
  • 1
    Isn't some random string with only digits and letters enough? – Konrad Kokosa Jun 27 '14 at 18:26
  • How many codes are you looking to create? Will each VIP user have their own? Do they need to follow a form or any jumble of letters and/or numbers will do? – Dave.Gugg Jun 27 '14 at 18:27
  • Also, will the codes be paired with an user-end identifier, like an e-mail address, or be stand-alone, so they can be passed around between people? – bartover Jun 27 '14 at 18:29
  • @Dave.Gugg I just posted an update to my question. Does that help? – drewwyatt Jun 27 '14 at 18:32
  • @barthazar I was planning on storing the codes in their own table, then marking them as "used" once the code has been redeemed (at signup). – drewwyatt Jun 27 '14 at 18:33
  • It looks like flup's link gives you a good way to do this. – Dave.Gugg Jun 27 '14 at 18:33
  • @Dave.Gugg yes, I believe that is what I am looking for. If I use GUID, should I store the tokens as a string in my DB? – drewwyatt Jun 27 '14 at 18:34

1 Answers1

1

Assuming you have information about the user that is presumed to be unique, such as email you can create a hashcode based on that info.

userInfo.email.GetHashCode();

Now that is not horribly pretty. but it works.

Another method that I used is to create a dictionary of inspirational quotes. pull one from the dictionary at random, put that into their profile; My register link that I give them prefills in the quote field and hides it if it comes in via the URL and is a match. When they submit their data to create their account their email & quote have to match.

What you need to consider is how likely people would try to hack a VIP account. If security is a concern then you need to send an encrypted hash. But if this is not going to be protecting a 'high value' target, then consider the user experience, and advancing your brand. That is why I opted for a quote.

Don't use something that is difficult for the user to enter, if they can't cleanly copy & paste from the invitation.

James Fleming
  • 2,589
  • 2
  • 25
  • 41
  • I love the quote idea! Thanks a ton for the advice! – drewwyatt Jun 27 '14 at 19:00
  • In that case - "If you think you can do a thing, or believe you can, begin it! Boldness, has genius, power and magic in it." – James Fleming Jun 27 '14 at 22:47
  • -1 NB the actual `GetHashCode` should not be abused for this - it is not intended for this purpose, and exposes and/or makes things contingent on implementation details of how hash codes are generated for strings (or whatever `email` is) - the sole thing it's great for deciding buckets in dictionaries. – Ruben Bartelink May 22 '23 at 17:51