Recently there is a public number of the demand for red envelopes, asked for a QR code corresponding to a red envelope, sweep code to collect, about the problem of preventing the red envelopes to be brushed?

Requirements: The program for the public to prepare a number of two-dimensional code, the total * million, requires sweeping code to collect, each two-dimensional code to a red envelope, after the collection can not be repeated, this and ordinary scan code to send red envelope ads, the kind of only a two-dimensional code, who can sweep and spread, so far
Problem: There may be a URL to guess the other red envelope link problem, there is no two-dimensional code (here the QR code should be to control the red envelopes to whom do not send to whom), can also receive.
Already thought of the method:
Write an encryption method, with a timestamp, random number and a predefined token (or code) to encrypt, QR code link is also followed by a timestamp random number, and token, after scanning code based on the parameter encryption and stored encryption string comparison to verify whether it is legal, so may be able to avoid guessing the URL of the person to collect red envelopes

I wonder if you guys have any good ways.

Reply content:

Requirements: The program for the public to prepare a number of two-dimensional code, the total * million, requires sweeping code to collect, each two-dimensional code to a red envelope, after the collection can not be repeated, this and ordinary scan code to send red envelope ads, the kind of only a two-dimensional code, who can sweep and spread, so far
Problem: There may be a URL to guess the other red envelope link problem, there is no two-dimensional code (here the QR code should be to control the red envelopes to whom do not send to whom), can also receive.
Already thought of the method:
Write an encryption method, with a timestamp, random number and a predefined token (or code) to encrypt, QR code link is also followed by a timestamp random number, and token, after scanning code based on the parameter encryption and stored encryption string comparison to verify whether it is legal, so may be able to avoid guessing the URL of the person to collect red envelopes

I wonder if you guys have any good ways.

1, first you have to QR code user how to obtain? That's the point, OH. You absolutely need a set of mechanisms to control user access to QR code, which is the focus!!

2, about the uniqueness of two-dimensional code URL this good, you write a set of asymmetric encryption algorithm, put the encrypted string in the URL, each request came over the algorithm check.

3, you can add browser features to judge, what? Browser judge?? It means that people who intentionally attack will always scan your page directly, and after scanning it won't have the features of the browser, load the page resources, such as img,script,css ..., a lot of, how to judge, you think.

4, do not believe OPENID,IP, mobile phone number, useless.

5, speaking of this if you are rigorous implementation of the above, the basic can eliminate 80% brush guests.

6, there is a set of anti-brush mechanism, you can rest assured that the next.

7, the more absolute point also, or flow bar to survive.

8, ...

