What I would do is encode their email in the URL. Then check to make sure they are logged in. If they are not, give them a small login form on this page that will redirect back to this page upon successfully logging in. Next, I would take the email and compare it with the current user’s email. If they are not the same, then give them a message or page stating that they are not permitted to use this deal. The encoded email should also be coming from a separate table. I would have something like the below as a table.
id = int(11) NOT NULL PRIMARY AUTO_INC email = varchar(255) DEFAULT NULL offer_id = int(11) DEFAULT NULL timestamp = datetime DEFAULT NULL status = enum('0','1') DEFAULT 0
Next, I would use the
offer_id in there as well. Next, I would compare the encoded email with the current user’s email. If all is good, then use the
offer_id in the URL and grab the actual offer. This should be from a different table. The
offer_id should only be used to reference the full offer’s ID. Once the 2 IDs match, you can then display the full offer like title or description. This should now come from the actual offer’s table. If the 2 IDs don’t match, either redirect or give them an error page saying they aren’t eligible to take this offer.
Next thing would be to check the status of the offer for the second table. If the user already took the offer, I would set the value of the status to 0. Then in your code where the 2 IDs matched, I would check to see if the status is a 0. If it is, then give them an error message saying they already took the offer and that you can only take an offer once.
That is how I would of done it. I wouldn’t rely solely on cookies.