I NEED HELP with a website project for work

[CptSaveAHose]

 

 

Thanks to everyone who takes the time to help btw. What i am trying to get done for my boss is create a sheet of qr code stickers that if scanned will take a user to my website and provide some sort of verification page for them, letting them know their product is authentic. Here's the twist. In order to prevent our authentic qr stickers from being scanned and bootlegged i have to make it so that when the qr code is scanned after the first time it won't verify or take them to a page that lets them know they may have a fake. Here's a YouTube video of exactly what i need to do.

The printing side of things is completely taken care of. Making qr codes i can do no problem. I can easily make the verification and denial web pages. what i need help with is making the link/qr code/something behave differently after the first time. i have no coding or web development knowledge. not even basic html or anything.  i can set up a basic wix/shopify type website. is there a software or service that i can pay for that accomplishes this(prefer the free way of course)?. If there is no easy way to do this then what would i have to learn in order to do it myself? im kinda freaking out about this at work rn because i have no idea how im going to go about this lol.

 

EDIT: also forgot to mention that the products that these stickers will go on will have different flavors. so for example, i will need a unique verification page for strawberry and another for chocolate and another for vanilla ect ect. the denial pages can all have the same link.

 

 

 

Muchas Gracias.

[eeeee1]

if you are seeking a freelancer, why dont you take this to a site like upworks? upworks has many talented freelancers who are willing to help for some pay

[skimmilk5]

The easiest way to do this would be with some sort of database that contains a master list of URLs (if you're using a RDBS, this would be your PK) and some sort of variable in a different field that indicates when the code has been used. Include some Node or PHP code in the page that alters the database variable so that the URL is marked as "used" and if the code is scanned again, it informs the user that the verification code has already been used.

[LogicalDrm]

-> Moved to Programming (after moderators review)

[mariushm]

This is quite easy, but it does require a database of some sort.

 

First of all, you'll want to generate unique codes for each products, but with some smarts about it, so that a person won't just be able to type a random code and have your website accept it.

 

I would start by setting up a domain or subdomain that will forever be used for this. For example:

check.yourdomain.com

validate.yourdomain.com

genuine.yourdomain.com

whatever ... something small.

 

You'll want yourdomain.com to be smaller, because there's a limit to how long the URLs can be.

 

Next, have a unique code generated, for example follow the way youtube gives a unique id to every video ... an example id is htYR2GdA7OE  - let's say each character can have 64 possibilities which means you can encode 6 bits in each character (because 2⁶  = 63 + 0 = 64) ... with 20 characters, you have 160 bits to play with.

In some of those bits, you can encode the year, the week of manufacture, batch number

Some bits you'll want to always be 0, or some you'll always want to be 1

some islands of bits you'll want random (to make it hard to reverse engineer)

some bits will be checksum so that you won't even have to access the database because you'll know right away the code is invalid due to bad checksum

for example a checksum could be: count number of 1 bits between ranges 3..10 + 12..20 + 30..50 , divide by 8.. the remainder will be a number between 0 and 7 which can be encoded in 3 bits in the code somewhere.

 

Your url now becomes check.yourdomain.com/htYR2GdA7OE 

 

When user types this or the qr code is scanned, the server receives the request and passes it to a php script (or whatever, perl, ruby on rails, golang, doesn't matter) which reads the code... checks the checksums, reject if checksums bad but log in database somewhere, if you'll get this code again in the near future that's a fake product. 

you can also check the manufacturing date (year, semester, week of manufacture etc ) - obviously if the code says made 2020 week 50 (dec) and we're now in august, the product was not even made yet so it's fake .. if it's week 60, it's fake because there's only 52 weeks in a year.

if all matches, it's valid ... log ip address, log that this code was checked ...  maybe offer to register his product (but this gets messy with gdpr and handling of personal data and subscribe/unsubscribe, maybe leave it be)

you don't have to log ip address, but you can use a ip to country database to log in database code was scanned in country . region , town (france, paris, town in paris) ... if the same code is scanned next day from us, there's a high probability the code is fake (but user may have taken a plane to us and check qr just to mess with you, so don't be too eager to call it fake, leave some room)

 

and so on and so forth...

[CptSaveAHose]

3 hours ago, mariushm said:

This is quite easy, but it does require a database of some sort.

 

First of all, you'll want to generate unique codes for each products, but with some smarts about it, so that a person won't just be able to type a random code and have your website accept it.

 

I would start by setting up a domain or subdomain that will forever be used for this. For example:

check.yourdomain.com

validate.yourdomain.com

genuine.yourdomain.com

whatever ... something small.

 

You'll want yourdomain.com to be smaller, because there's a limit to how long the URLs can be.

 

Next, have a unique code generated, for example follow the way youtube gives a unique id to every video ... an example id is htYR2GdA7OE  - let's say each character can have 64 possibilities which means you can encode 6 bits in each character (because 2⁶  = 63 + 0 = 64) ... with 20 characters, you have 160 bits to play with.

In some of those bits, you can encode the year, the week of manufacture, batch number

Some bits you'll want to always be 0, or some you'll always want to be 1

some islands of bits you'll want random (to make it hard to reverse engineer)

some bits will be checksum so that you won't even have to access the database because you'll know right away the code is invalid due to bad checksum

for example a checksum could be: count number of 1 bits between ranges 3..10 + 12..20 + 30..50 , divide by 8.. the remainder will be a number between 0 and 7 which can be encoded in 3 bits in the code somewhere.

 

Your url now becomes check.yourdomain.com/htYR2GdA7OE 

 

When user reer types this or the qr code is scanned, the servceives the request and passes it to a php script (or whatever, perl, ruby on rails, golang, doesn't matter) which reads the code... checks the checksums, reject if checksums bad but log in database somewhere, if you'll get this code again in the near future that's a fake product. 

you can also check the manufacturing date (year, semester, week of manufacture etc ) - obviously if the code says made 2020 week 50 (dec) and we're now in august, the product was not even made yet so it's fake .. if it's week 60, it's fake because there's only 52 weeks in a year.

if all matches, it's valid ... log ip address, log that this code was checked ...  maybe offer to register his product (but this gets messy with gdpr and handling of personal data and subscribe/unsubscribe, maybe leave it be)

you don't have to log ip address, but you can use a ip to country database to log in database code was scanned in country . region , town (france, paris, town in paris) ... if the same code is scanned next day from us, there's a high probability the code is fake (but user may have taken a plane to us and check qr just to mess with you, so don't be too eager to call it fake, leave some room)

 

and so on and so forth...

wow thats a lot of good advice thank you. we dont really need to register products and we dont need to know their ip or country or anything like that. where is the best place for me to learn how to set up the appropriate database to get php script requests and log them and have that affect the page that the user sees?

 

again, thanks

[Franck]

14 hours ago, CptSaveAHose said:

wow thats a lot of good advice thank you. we dont really need to register products and we dont need to know their ip or country or anything like that. where is the best place for me to learn how to set up the appropriate database to get php script requests and log them and have that affect the page that the user sees?

 

again, thanks

If you are just starting and plan to use PHP just check MySQL as a database. The syntax is SQL which is very old, tested,  proven  and robust. Installing it is pretty much next,next,next,yes,yes,yes and you are ready to go. I suggest W3Schools to learn the SQL part https://www.w3schools.com/sql/default.asp

For table and database creation install the MySQL tool called Workbench. It's a visual interface that you can read the data and manage the databases.

You will need to learn these 4 basic SQL commands for this project.

 

SELECT : which select one or many rows from a table

INSERT : which inserts a new row in a table

DELETE : this delete one or many rows from a table

UPDATE : updates specific columns with specific values to one or many rows in a table

 

The big plus in all this is that PHP + MySQL is an extremely popular combinaison so you google search for anything you don't understand will be plentiful.

[JacobFW]

I 2nd what everyone is saying about the database.  Just want to also throw in, that you will have to allow some functionality allowing the code to be scanned multiple times, because you will have people whose phone battery dies, or who accidentally closes the app/browser, or who have a really slow internet connection so that even though they've scanned the qr code and you're system registers it as used, they're phone takes forever to load, so they close it down and then go somewhere with a better connection, and scan the code again, only to find out it's "used", even though it wasn't, or perhaps you have some sort of signup process that takes a few minutes to sign up, but they're interrupted halfway through, and try to resume it later.

 

I'm not sure which of the situations applies to you, but these need to be taken into account when designing your system.  The simplest way is if you require the qr code to be used with an account, you don't mark the code as used until after the user has logged in, or created the account.  If you don't require a login, then perhaps create a uuid and store it as a cookie to identify the user, and then associate that user uuid with the used code, so if it's rescanned (and they haven't cleared they're cookies) you can recognize it's the same person.

 

TL;DR Plan for things that can wrong.

 

 

 

[CptSaveAHose]

i just wanna say i havent been watching too much of linus lately but i used to watch him probably before most of you. since way back when the WAN show was called the LTT archive and he was doing it on a 360p square webcam in his freaking den and he had to whisper the whole show because his family was asleep lmao. 30k, 50k linus. his YouTube success is no secret to anyone but im really more impressed by the community of smart a$$ people he built on his forum. this place is official like a ref with a whistle. you guys are all super duper ridiculously helpful. thank you

[watzon]

I feel the need to echo what @JacobFW said, more or less. On the surface, what you want to do is very simple. As mentioned, all it really requires is a database that stores the unique codes, sets a flag if one has been scanned, and then checks when someone visits that URL if the flag is set or not before deciding how to route the user. Might be confusing for a non-developer, but I would venture to guess that for most devs the code itself is a non issue. Where you do have a problem is in assumptions that are being made about customers, devices, and reliability. Take the following scenario for example:

 

A customer buys a product that has this QR code, they scan it and get taken to the website. Unfortunately, they have a crappy phone that just ran out of RAM and their browser crashes. They fix the RAM usage issue by restarting their phone, but upon trying to re-scan the QR code they get taken to a site that says that their legitimate product is a fake.

 

Another possibility is much simpler and even more likely, and that's that they may just want to scan the QR code a second time to be taken back to the website because they're forgotten the URL, or that they resell the product and someone else attempts to scan the item. Either way, they're going to end up with a different experience than that which is expected.

 

Hopefully you can see with these potential and likely scenarios that, while what you want to do is extremely easy and would probably take most developers a couple hours at best, it's not very practical from a logistics perspective. I'd try and come up with something else. Just adding a registration system which attaches the code in the given QR to an account would even be sufficient.

[Franck]

Honestly the best solution as you are scared of bootleg and things like that all you can do to prevent all this is to :

#1 scan the code, open the page

#2 show the user it's authentic or not

 

If it fails and page didn't trigger at all on the server side the switch will NOT have been set so once it pass you are fine.

If it fails but the page DID load partially the server already switched the flag. When the user rescan you can show it's not good.

 

But the trick is just store the timestamps it has been done and show the user that on a already scanned product.

 

Situation : If i am just after lunch starting to scan my products i got this morning and scan,scan,scan, and suddenly 1 fail.

I rescan and it say this product has be scanned today at 13:05 i will know it's my earlier scan from a minute ago before i had an issue.

I know since it got my order yesterday any date since yesterday are my scans. Your advantage is time. Since you have a physical time to process things

the likelihood that someone sneak in and swap the product while you are scanning them are near to none. Unless you are into conspiracy theories