warning about offsiting the qrcode generation...

diff --git a/doco/readme.txt b/doco/readme.txt
index 75bd4ac..54c6912 100644 (file)
--- a/doco/readme.txt
+++ b/doco/readme.txt
@@ -21,6 +21,18 @@ codes. But looking at the App's available for smartphones
 that fullfilled some realistic criteria - easy to use, easy to
 provision.
 
+READ THIS BIT
+=============
+
+in the example page, i send a url off to google charts to create
+the QRCode. NEVER EVER EVER EVER EVER do this. I do it cause for
+the example it doesnt matter, and if i find a better way of doing
+it i'll do it. BUT creating a qrcode on a page aint terribly easy.
+The point is, that QR code is a URL containing the tokens SECRET
+KEY and should remain secret. You can generate qrcodes anyway you
+like, BUT MAKE SURE ITS SECURE (i.e. never save them on the FS,
+and send them all over ssl).
+
 
 How?
 ====

diff --git a/example/index.php b/example/index.php
index ca69203..54d50a5 100644 (file)
--- a/example/index.php
+++ b/example/index.php
@@ -20,7 +20,7 @@ if(isset($_REQUEST["action"])) {
                                echo "<font color=\"red\">Sorry, username can only contain a-z, A-Z, 0-9 @ and .</font>";
                        } else {
                                $url = $ga->setupUser($username);
-                               echo "QRCode for user \"$username\" is <img src=\"http://chart.apis.google.com/chart?cht=qr&chl=$url&chs=120x120\">";
+                               echo "QRCode for user \"$username\" is <img src=\"http://chart.apis.google.com/chart?cht=qr&chl=$url&chs=120x120\"> or type in $url (actually its just the code on the end of the url)";
                        }
                        echo "<hr>";
                        break;