On Thu, 2008-03-27 at 22:48 -0700, robert wrote: > I like this and never would have thought to do this. > > What kind performance hit does this have, if there were 100 images, > for example? Well... it would be like requesting 101 PHP pages :/ It would be heavy. It's not something I'd generally use to load 100 images. The original poster wanted it for what I presumed was a single image. If I were to use it for 100 images I would use a different (but similar) technique that would incurr the heavy lifting on first request and afterwards would be as fast as a direct request to the webserver. Cheers, Rob. > On Mar 27, 2008, at 7:02 PM, Robert Cummings wrote: > > Hi Joey, > > > > Please keep responses on the list so others can also benefit from > the > > learning process. > > > > Comments below... > > > > On Thu, 2008-03-27 at 21:46 -0400, Joey wrote: > >>> -----Original Message----- > >>> From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx] > >>> Sent: Thursday, March 27, 2008 9:28 PM > >>> To: Joey > >>> Cc: PHP > >>> Subject: Re: munge / obfuscate ? > >>> > >>> > >>> On Thu, 2008-03-27 at 21:10 -0400, Joey wrote: > >>>> Hi All, > >>>> > >>>> > >>>> > >>>> I have written an app to allow a person to go online and see a > >>>> picture > >> we > >>>> take of them. When we link to the picture I don't want it to > be > >>>> obvious > >>>> that the URL is > >>>> > >>>> Domain.Com/Pix/123.jpg because the next person we take a > picture > >>>> of may > >> be > >>>> 123.jpg, so I am trying to munge/obfuscate the URL to make it > less > >> obvious. > >>> > >>> <?php > >>> > >>> $sekret = 'the brown cow stomped on the wittle bug'; > >>> > >>> $id = isset( $_GET['id'] ) ? (int)$_GET['id'] : 0; > >>> $key = isset( $_GET['key'] ) ? (string)$_GET['key'] : ''; > >>> > >>> if( $key == sha1( $key.':'.$sekret ) ) > > > > > > That should have been: > > > > if( $key == sha1( $id.':'.$sekret ) ) > > > >>> { > >>> header( 'Content-Type: image/jpg' ); > >>> readfile( "/images/not/in/web/path/$id.jpg" ) > >>> exit(); > >>> } > >>> > >>> // > >>> // Failure... tell them to bugger off :) > >>> // > >>> header( 'Content-Type: image/jpg' ); > >>> readfile( '/images/wherever/you/please/buggerOff.jpg' ); > >>> exit(); > >>> > >>> ?> > >> > >> Sorry to be such a newbie... > >> > >> I basically would call this function lets say like: > >> munge( $url ); > >> > >> end in the end be returned the munged url, however, I don't > >> understand the > >> values you have like the readfile with that url -vs- failure? > > > > I didn't munge... I provided code for a script that sends the > > requested > > image if it was requested with the appropriate key (presumably set > > wherever the image was linked). If the key doesn't validate then > > another > > image is presented. It can say "bugger off", it can say "not > found", > > it > > can say whatever you please. By placing the images outside the web > > root > > and using a script like this you are virtually guaranteed the > visitor > > can't just request images by making a lucky guess. > > > > Let's say the above script was called: getUserImage.php > > > > Then you might have the following in your HTML: > > > > <img > > src="getUserImage.php? > > id=123&key=4fad1fea72565105d84cb187d1a3ed3bfb9aba3b" /> > > > > Cheers, > > Rob. > > -- > > http://www.interjinn.com > > Application and Templating Framework for PHP > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
