[英]Verify user is owner of an NFT via MetaMask connection? Make sure connected users public eth address is the same as of the NFT?
I need to verify on my own domain/server the user which has connected his MetaMask wallet is the owner of a specific NFT in order to allow him special functions?我需要在我自己的域/服务器上验证连接了他的 MetaMask 钱包的用户是特定 NFT 的所有者,以便允许他使用特殊功能? Basically, I want to give the user access to an area that only the owner of this NFS would have.
基本上,我想让用户访问只有这个 NFS 的所有者才能拥有的区域。
My original NFT is sold in opensea but I can't use the opensea hidden-area option to just give the user a hidden password since the next owner (after reselling) and the old owner would have the same password and old owners could still access like this.我原来的 NFT 在 opensea 出售,但我不能使用 opensea 隐藏区域选项给用户一个隐藏密码,因为下一个所有者(转售后)和旧所有者将拥有相同的密码并且旧所有者仍然可以访问像这样。 But I need that only the current owner has access.
但我需要只有当前所有者才能访问。
My user/visiter can already connect with MetaMask at my own domain and I get the public ETH address of the active account but since this is only javascript and my backend is PHP I can't just post the MetaMask info to my PHP backend since this would be easy to trick/hack.我的用户/访问者已经可以在我自己的域中与 MetaMask 连接,并且我获得了活动帐户的公共 ETH 地址,但由于这只是 javascript 而我的后端是 PHP,我不能只将 MetaMask 信息发布到我的 PHP 后端,因为这很容易被欺骗/破解。
How can I make sure the current connected MetaMask Account is the same as the NFT owner (which I know) and allow to access a URL only for this user?如何确保当前连接的 MetaMask 帐户与 NFT 所有者(我知道)相同,并只允许该用户访问 URL?
My current state is that the user connects his MetaMask and I use opensea API to check who is currently the owner of the NFT.我目前的状态是用户连接了他的 MetaMask,我使用 opensea API 检查当前谁是 NFT 的所有者。 I can compare both eth addresses but the flaw in this is obviously that I use ajax to send the MetaMask public address to my backend which is only for testing since this is of course zero save!
我可以比较两个 eth 地址,但其中的缺陷显然是我使用 ajax 将 MetaMask 公共地址发送到我的后端,这仅用于测试,因为这当然是零保存!
Thank you in advance for any idea, help, tip I can get.提前感谢您的任何想法,帮助,我能得到的小费。
PS: My backend is PHP PS:我的后端是 PHP
After hours and days of researching, I found a solution that works for me.经过数小时和数天的研究,我找到了一个适合我的解决方案。
Here are the needed steps.这是所需的步骤。
I believe this is safe to use but I am not an expert on that.我相信这可以安全使用,但我不是这方面的专家。 In my case, this only authorize an NFT owner for a certain closed area in my community page and there are not really high risks involved but maybe somebody raises some security thoughts on that.
就我而言,这仅授权 NFT 所有者对我的社区页面中的某个封闭区域进行授权,并没有涉及到真正的高风险,但也许有人对此提出了一些安全想法。 However, I found that other NFT pages and even Opensea work similarly.
但是,我发现其他 NFT 页面甚至 Opensea 的工作方式类似。
I hope this points someone in the right direction, I lost quite some time figuring this out because most solutions are Node.js etc. but not with PHP backends.我希望这为某人指明了正确的方向,因为大多数解决方案都是 Node.js 等,但不是 PHP 后端,所以我花了很多时间弄清楚这一点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.