Recently, there has been a demand for a public account to issue red envelopes. It requires a QR code to correspond to a red envelope. Scan the code to receive it. What is the issue about preventing red envelopes from being swiped?

Requirements: The program prepares a number of QR codes for the public account. The total amount is * 10,000 yuan. It is required to scan the code to receive it. Each QR code corresponds to a red envelope. It cannot be received repeatedly after receiving it. This is different from the ordinary scan code to send red envelope advertisements. Then There is only one QR code, which can be scanned and spread by anyone, while supplies last. Problem: There may be a problem of guessing other red envelope links based on the URL. There is no QR code (the QR code here should control the red envelope to be sent to) Whoever doesn’t send it to anyone) can also receive it.
The method that has been thought of:
Write an encryption method, use timestamp, random number and a predefined token (or code) to encrypt, and also include the QR code link after it The timestamp random number and token are scanned and compared with the parameters encrypted and the stored encrypted string to verify whether it is legal. This may prevent people who guess the URL from receiving red envelopes

I don’t know if you guys have any good methods

Reply content:

Requirements: The program prepares a number of QR codes for the public account. The total amount is * 10,000 yuan. It is required to scan the code to receive it. Each QR code corresponds to a red envelope. It cannot be received repeatedly after receiving it. This is different from the ordinary scan code to send red envelope advertisements. Then There is only one QR code, which can be scanned and spread by anyone, while supplies last. Problem: There may be a problem of guessing other red envelope links based on the URL. There is no QR code (the QR code here should control the red envelope to be sent to) Whoever doesn’t send it to anyone) can also receive it.

The method that has been thought of:
Write an encryption method, use timestamp, random number and a predefined token (or code) to encrypt, and also include the QR code link after it The timestamp random number and token are scanned and compared with the parameters encrypted and the stored encrypted string to verify whether it is legal. This may prevent people who guess the URL from receiving red envelopes

I don’t know if you guys have any good methods

1. First of all, how do you get the QR code? This is the point. You absolutely need a mechanism to control users’ acquisition of QR codes. This is the key point! !

2. Regarding the uniqueness of the QR code URL, it is easy to solve. You can write an asymmetric encryption algorithm, put the encrypted string in the URL, and check it with the algorithm every time it is requested.

3. You can add browser feature judgment, what? Browser judgment? ? This means that people who intend to attack will always scan your page directly. After scanning, there will be no features that browsers have, such as loading page resources, such as img, script, css..., there are many. How to judge specifically is up to you. think.

4. Don’t trust openid, IP, and mobile phone number, they are useless.

5. When it comes to this, if you strictly implement the above, you can basically eliminate 80% of fake customers.

6. WeChat itself has an anti-swipe mechanism, so you can rest assured.

7. What’s even more critical is that there is still a way to survive.

8,...