Recently, a public account needs to send a red envelope. a QR code is required to correspond to a red envelope and receive it by scanning the QR code. what is the problem about preventing red envelopes from being brushed?

Requirement: The program prepares several QR codes for the public account. The total amount is RMB. scan the QR codes to receive the QR codes. each QR code must receive a red envelope. you cannot receive the QR codes again after receiving the QR codes, this is different from the normal scanning code to send a red envelope advertisement. there is only one QR code, and anyone can scan and spread it. the problem persists until the mail is sent: there may be a url based... requirement: The program prepares several QR codes for the public account. The total amount is RMB. scan the QR codes to receive the QR codes. each QR code must receive a red envelope. you cannot receive the QR codes again after receiving the QR codes, this is different from the ordinary scanning code to send a red envelope advertisement. there is only one QR code, and anyone can scan and spread it until it is published.
Problem: there may be questions about how to guess other red envelope links based on the url. there is no QR code (here the QR code should be used to control who the red envelope will be sent and not who it will be sent.
The following methods have been created:
Write an encryption method and encrypt it with a timestamp, a random number, and a predefined token (or code). The link to the QR code also carries a random number with a timestamp, and a token, after scanning the QR code, verify the validity of the parameter encryption and the stored encrypted string. This may prevent the url owner from receiving the red packet.

Do you have any good ideas?

Reply content:

Requirement: The program prepares several QR codes for the public account. The total amount is RMB. scan the QR codes to receive the QR codes. each QR code must receive a red envelope. you cannot receive the QR codes again after receiving the QR codes, this is different from the ordinary scanning code to send a red envelope advertisement. there is only one QR code, and anyone can scan and spread it until it is published.
Problem: there may be questions about how to guess other red envelope links based on the url. there is no QR code (here the QR code should be used to control who the red envelope will be sent and not who it will be sent.
The following methods have been created:
Write an encryption method and encrypt it with a timestamp, a random number, and a predefined token (or code). The link to the QR code also carries a random number with a timestamp, and a token, after scanning the QR code, verify the validity of the parameter encryption and the stored encrypted string. This may prevent the url owner from receiving the red packet.

Do you have any good ideas?

1. how do you obtain the QR code first? This is important. You absolutely need a mechanism to control the user's access to the QR code. this is the key !!

2. for the uniqueness of the QR code url, you can write an asymmetric encryption algorithm and put the encrypted string in the url. each request is sent and checked by an algorithm.

3. you can add browser features to determine what? Browser judgment ?? This means that the target attacker will always scan your page directly. after scanning, there will be no other features in the browser, loading page resources, such as img, script, css ..., a lot. you can decide how to judge it.

4. do not trust openid, ip address, or mobile phone number.

5. if you implement the above Strictly, you can eliminate 80% million customers.

6. there is a anti-brush mechanism in itself, and you can rest assured.

7. More importantly, there is still a live stream.

8 ,...