Re: munge / obfuscate ?

[robert <roadtested@xxxxxxxxx>]

I like this and never would have thought to do this.

What kind performance hit does this have, if there were 100 images,  
for example?




On Mar 27, 2008, at 7:02 PM, Robert Cummings wrote:
> Hi Joey,
>
> Please keep responses on the list so others can also benefit from the
> learning process.
>
> Comments below...
>
> On Thu, 2008-03-27 at 21:46 -0400, Joey wrote:
> > > -----Original Message-----
> > > From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx]
> > > Sent: Thursday, March 27, 2008 9:28 PM
> > > To: Joey
> > > Cc: PHP
> > > Subject: Re:  munge / obfuscate ?
> > >
> > >
> > > On Thu, 2008-03-27 at 21:10 -0400, Joey wrote:
> > > > Hi All,
> > > >
> > > >
> > > >
> > > > I have written an app to allow a person to go online and see a  
> > > > picture
> > we
> > > > take of them.  When we link to the picture I don't want it to be  
> > > > obvious
> > > > that the URL is
> > > >
> > > > Domain.Com/Pix/123.jpg because the next person we take a picture  
> > > > of may
> > be
> > > > 123.jpg, so I am trying to munge/obfuscate the URL to make it less
> > obvious.
> > > <?php
> > >
> > >    $sekret = 'the brown cow stomped on the wittle bug';
> > >
> > >    $id  = isset( $_GET['id'] ) ? (int)$_GET['id'] : 0;
> > >    $key = isset( $_GET['key'] ) ? (string)$_GET['key'] : '';
> > >
> > >    if( $key == sha1( $key.':'.$sekret ) )
>
>
> That should have been:
>
>        if( $key == sha1( $id.':'.$sekret ) )
>
> > >    {
> > >        header( 'Content-Type: image/jpg' );
> > >        readfile( "/images/not/in/web/path/$id.jpg" )
> > >        exit();
> > >    }
> > >
> > >    //
> > >    // Failure... tell them to bugger off :)
> > >    //
> > >    header( 'Content-Type: image/jpg' );
> > >    readfile( '/images/wherever/you/please/buggerOff.jpg' );
> > >    exit();
> > >
> > > ?>
> >
> > Sorry to be such a newbie...
> >
> > I basically would call this function lets say like:
> > munge( $url );
> >
> > end in the end be returned the munged url, however, I don't  
> > understand the
> > values you have like the readfile with that url -vs- failure?
>
> I didn't munge... I provided code for a script that sends the  
> requested
> image if it was requested with the appropriate key (presumably set
> wherever the image was linked). If the key doesn't validate then  
> another
> image is presented. It can say "bugger off", it can say "not found",  
> it
> can say whatever you please. By placing the images outside the web  
> root
> and using a script like this you are virtually guaranteed the visitor
> can't just request images by making a lucky guess.
>
> Let's say the above script was called: getUserImage.php
>
> Then you might have the following in your HTML:
>
> <img
> src="getUserImage.php? 
> id=123&amp;key=4fad1fea72565105d84cb187d1a3ed3bfb9aba3b" />
>
> Cheers,
> Rob.
> --
> http://www.interjinn.com
> Application and Templating Framework for PHP
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php