From 3d4474b6139a576914e18033ccbcbee432889ebd Mon Sep 17 00:00:00 2001 From: paulr Date: Mon, 15 Nov 2010 15:03:30 +1100 Subject: [PATCH] warning about offsiting the qrcode generation... --- doco/readme.txt | 12 ++++++++++++ example/index.php | 2 +- 2 files changed, 13 insertions(+), 1 deletions(-) diff --git a/doco/readme.txt b/doco/readme.txt index 75bd4ac..54c6912 100644 --- a/doco/readme.txt +++ b/doco/readme.txt @@ -21,6 +21,18 @@ codes. But looking at the App's available for smartphones that fullfilled some realistic criteria - easy to use, easy to provision. +READ THIS BIT +============= + +in the example page, i send a url off to google charts to create +the QRCode. NEVER EVER EVER EVER EVER do this. I do it cause for +the example it doesnt matter, and if i find a better way of doing +it i'll do it. BUT creating a qrcode on a page aint terribly easy. +The point is, that QR code is a URL containing the tokens SECRET +KEY and should remain secret. You can generate qrcodes anyway you +like, BUT MAKE SURE ITS SECURE (i.e. never save them on the FS, +and send them all over ssl). + How? ==== diff --git a/example/index.php b/example/index.php index ca69203..54d50a5 100644 --- a/example/index.php +++ b/example/index.php @@ -20,7 +20,7 @@ if(isset($_REQUEST["action"])) { echo "Sorry, username can only contain a-z, A-Z, 0-9 @ and ."; } else { $url = $ga->setupUser($username); - echo "QRCode for user \"$username\" is "; + echo "QRCode for user \"$username\" is or type in $url (actually its just the code on the end of the url)"; } echo "
"; break; -- 1.7.0.4