3

During the signup process for my app, users will be asked if they have an invitation code. This is a way to recognize "VIP" users and instantly give them access, rather than sticking them on a waiting list.

I have everything (mostly) figured out, but am clueless as to how to create sets of unique codes, and what the best way to store them is. What is a generally accepted practice for something like this, and how should I store the values in SQL (as a string, or as a binary value, or what?)

Thanks!

Edit 1

  • Any random set of numbers/letters is fine. There doesn't need to be any particular format.
  • Each VIP user will have their own code
  • There will (probably/hopefully) be a few thousand codes handed out.
drewwyatt
  • 5,889
  • 15
  • 56
  • 103
  • 1
    Isn't some random string with only digits and letters enough? – Konrad Kokosa Jun 27 '14 at 18:26
  • How many codes are you looking to create? Will each VIP user have their own? Do they need to follow a form or any jumble of letters and/or numbers will do? – Dave.Gugg Jun 27 '14 at 18:27
  • Also, will the codes be paired with an user-end identifier, like an e-mail address, or be stand-alone, so they can be passed around between people? – bartover Jun 27 '14 at 18:29
  • @Dave.Gugg I just posted an update to my question. Does that help? – drewwyatt Jun 27 '14 at 18:32
  • @barthazar I was planning on storing the codes in their own table, then marking them as "used" once the code has been redeemed (at signup). – drewwyatt Jun 27 '14 at 18:33
  • It looks like flup's link gives you a good way to do this. – Dave.Gugg Jun 27 '14 at 18:33
  • @Dave.Gugg yes, I believe that is what I am looking for. If I use GUID, should I store the tokens as a string in my DB? – drewwyatt Jun 27 '14 at 18:34

1 Answers1

2

Assuming you have information about the user that is presumed to be unique, such as email you can create a hashcode based on that info.

userInfo.email.GetHashCode();

Now that is not horribly pretty. but it works.

Another method that I used is to create a dictionary of inspirational quotes. pull one from the dictionary at random, put that into their profile; My register link that I give them prefills in the quote field and hides it if it comes in via the URL and is a match. When they submit their data to create their account their email & quote have to match.

What you need to consider is how likely people would try to hack a VIP account. If security is a concern then you need to send an encrypted hash. But if this is not going to be protecting a 'high value' target, then consider the user experience, and advancing your brand. That is why I opted for a quote.

Don't use something that is difficult for the user to enter, if they can't cleanly copy & paste from the invitation.

James Fleming
  • 2,541
  • 2
  • 25
  • 40