From: paulr <me@pjr.cc>
Date: Mon, 15 Nov 2010 04:03:30 +0000 (+1100)
Subject: warning about offsiting the qrcode generation...
X-Git-Url: http://git.pjr.cc/?p=ga4php.git;a=commitdiff_plain;h=3d4474b6139a576914e18033ccbcbee432889ebd

warning about offsiting the qrcode generation...
---

diff --git a/doco/readme.txt b/doco/readme.txt
index 75bd4ac..54c6912 100644
--- a/doco/readme.txt
+++ b/doco/readme.txt
@@ -21,6 +21,18 @@ codes. But looking at the App's available for smartphones
 that fullfilled some realistic criteria - easy to use, easy to
 provision.
 
+READ THIS BIT
+=============
+
+in the example page, i send a url off to google charts to create
+the QRCode. NEVER EVER EVER EVER EVER do this. I do it cause for
+the example it doesnt matter, and if i find a better way of doing
+it i'll do it. BUT creating a qrcode on a page aint terribly easy.
+The point is, that QR code is a URL containing the tokens SECRET
+KEY and should remain secret. You can generate qrcodes anyway you
+like, BUT MAKE SURE ITS SECURE (i.e. never save them on the FS,
+and send them all over ssl).
+
 
 How?
 ====
diff --git a/example/index.php b/example/index.php
index ca69203..54d50a5 100644
--- a/example/index.php
+++ b/example/index.php
@@ -20,7 +20,7 @@ if(isset($_REQUEST["action"])) {
 				echo "<font color=\"red\">Sorry, username can only contain a-z, A-Z, 0-9 @ and .</font>";
 			} else {
 				$url = $ga->setupUser($username);
-				echo "QRCode for user \"$username\" is <img src=\"http://chart.apis.google.com/chart?cht=qr&chl=$url&chs=120x120\">";
+				echo "QRCode for user \"$username\" is <img src=\"http://chart.apis.google.com/chart?cht=qr&chl=$url&chs=120x120\"> or type in $url (actually its just the code on the end of the url)";
 			}
 			echo "<hr>";
 			break;