RE: munge / obfuscate ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Joey,

Please keep responses on the list so others can also benefit from the
learning process.

Comments below...

On Thu, 2008-03-27 at 21:46 -0400, Joey wrote:
> > -----Original Message-----
> > From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx]
> > Sent: Thursday, March 27, 2008 9:28 PM
> > To: Joey
> > Cc: PHP
> > Subject: Re:  munge / obfuscate ?
> > 
> > 
> > On Thu, 2008-03-27 at 21:10 -0400, Joey wrote:
> > > Hi All,
> > >
> > >
> > >
> > > I have written an app to allow a person to go online and see a picture
> we
> > > take of them.  When we link to the picture I don't want it to be obvious
> > > that the URL is
> > >
> > > Domain.Com/Pix/123.jpg because the next person we take a picture of may
> be
> > > 123.jpg, so I am trying to munge/obfuscate the URL to make it less
> obvious.
> > 
> > <?php
> > 
> >     $sekret = 'the brown cow stomped on the wittle bug';
> > 
> >     $id  = isset( $_GET['id'] ) ? (int)$_GET['id'] : 0;
> >     $key = isset( $_GET['key'] ) ? (string)$_GET['key'] : '';
> > 
> >     if( $key == sha1( $key.':'.$sekret ) )


That should have been:

        if( $key == sha1( $id.':'.$sekret ) )

> >     {
> >         header( 'Content-Type: image/jpg' );
> >         readfile( "/images/not/in/web/path/$id.jpg" )
> >         exit();
> >     }
> > 
> >     //
> >     // Failure... tell them to bugger off :)
> >     //
> >     header( 'Content-Type: image/jpg' );
> >     readfile( '/images/wherever/you/please/buggerOff.jpg' );
> >     exit();
> > 
> > ?>
> 
> Sorry to be such a newbie...
> 
> I basically would call this function lets say like:
> munge( $url );
> 
> end in the end be returned the munged url, however, I don't understand the
> values you have like the readfile with that url -vs- failure?

I didn't munge... I provided code for a script that sends the requested
image if it was requested with the appropriate key (presumably set
wherever the image was linked). If the key doesn't validate then another
image is presented. It can say "bugger off", it can say "not found", it
can say whatever you please. By placing the images outside the web root
and using a script like this you are virtually guaranteed the visitor
can't just request images by making a lucky guess.

Let's say the above script was called: getUserImage.php

Then you might have the following in your HTML:

<img
src="getUserImage.php?id=123&amp;key=4fad1fea72565105d84cb187d1a3ed3bfb9aba3b" />

Cheers,
Rob.
-- 
http://www.interjinn.com
Application and Templating Framework for PHP


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux