I am building an education website where:
- A student (I will call him/her a user) goes to an “educational center” then pay money for a “Attempt code” (From 5 to 8 digits “Unique”)
- User opens the website and then enter the “Attempt code” to get a “Code” Generating Attempt
- User is then able to generate a “Code” (From 13 to 15 digits “Unique”) to view a certain session materials (Mostly Videos) for a week
Till now everything works fine but after he enters the “Code” to view a material and it is correct, User is redirected to a link as follows : { example.com/student/viewmaterial/12 }
which I want to change because if he shared such a link or even he opened it after the week it should not open.
So I thought of using GUIDs as follows:
First, I created a table in my database with the following columns
- student_id (unique for each student)
- material_id (the 12 that was shown in the link and it is unique for each material)
- GUID (which is going to replace the (12) in the link
- valid_till (A date till which the GUID will be valid)
Second, every time a User Enters a code and it is correct I insert (or update) a record in the table with a new GUID using Guid.new() as follows
string Newguid = Guid.NewGuid().ToString('N');
sql.AddMaterialGUID(studentid , materialid , Newguid , DateTime.UtcNow.AddDays(1));
return RedirectToAction("ViewMaterial", new { id = Newguid });
which will redirect him to a link : { example.com/student/viewmaterial/guidhere }
Third, every time someone opens the link above I check that
- The Guid Is Still Valid (I ask him to retype the code if not)
- The student_id is the same for this user (I ask him to type his code if not)
This way I am able to fully control the access to this material BUT is this the way of using GUIDs ? Is there another way of doing ? Am I missing something here ?
Sorry For the long question I just want to describe the full situation as much as I can