> -----Original Message----- > From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx] > Sent: Thursday, March 27, 2008 10:02 PM > To: Joey > Cc: PHP > Subject: RE: munge / obfuscate ? > > Hi Joey, > > Please keep responses on the list so others can also benefit from the > learning process. > > Comments below... > > On Thu, 2008-03-27 at 21:46 -0400, Joey wrote: > > > -----Original Message----- > > > From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx] > > > Sent: Thursday, March 27, 2008 9:28 PM > > > To: Joey > > > Cc: PHP > > > Subject: Re: munge / obfuscate ? > > > > > > > > > On Thu, 2008-03-27 at 21:10 -0400, Joey wrote: > > > > Hi All, > > > > > > > > > > > > > > > > I have written an app to allow a person to go online and see a picture > > we > > > > take of them. When we link to the picture I don't want it to be obvious > > > > that the URL is > > > > > > > > Domain.Com/Pix/123.jpg because the next person we take a picture of may > > be > > > > 123.jpg, so I am trying to munge/obfuscate the URL to make it less > > obvious. > > > > > > <?php > > > > > > $sekret = 'the brown cow stomped on the wittle bug'; > > > > > > $id = isset( $_GET['id'] ) ? (int)$_GET['id'] : 0; > > > $key = isset( $_GET['key'] ) ? (string)$_GET['key'] : ''; > > > > > > if( $key == sha1( $key.':'.$sekret ) ) > > > That should have been: > > if( $key == sha1( $id.':'.$sekret ) ) > > > > { > > > header( 'Content-Type: image/jpg' ); > > > readfile( "/images/not/in/web/path/$id.jpg" ) > > > exit(); > > > } > > > > > > // > > > // Failure... tell them to bugger off :) > > > // > > > header( 'Content-Type: image/jpg' ); > > > readfile( '/images/wherever/you/please/buggerOff.jpg' ); > > > exit(); > > > > > > ?> > > > > Sorry to be such a newbie... > > > > I basically would call this function lets say like: > > munge( $url ); > > > > end in the end be returned the munged url, however, I don't understand the > > values you have like the readfile with that url -vs- failure? > > I didn't munge... I provided code for a script that sends the requested > image if it was requested with the appropriate key (presumably set > wherever the image was linked). If the key doesn't validate then another > image is presented. It can say "bugger off", it can say "not found", it > can say whatever you please. By placing the images outside the web root > and using a script like this you are virtually guaranteed the visitor > can't just request images by making a lucky guess. > > Let's say the above script was called: getUserImage.php > > Then you might have the following in your HTML: > > <img > src="getUserImage.php?id=123&key=4fad1fea72565105d84cb187d1a3ed3bfb9 aba3b" > /> I understand what is happening here, however I really want something simple like: $link ="http://www.whataver.com/whateverpath/";; $image = "123456"; new_image = munge($image); new_link = $link . $new_image; or maybe new_link = munge($link . $image); Which would encode the whole link. Either way this is what would go into the email message we send out. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
