On Mar 28, 2008, at 7:15 PM, "Jack Sasportas" <Jack@xxxxxxxxxxxxxxxxxxxxxx
> wrote:
-----Original Message-----
From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx]
Sent: Thursday, March 27, 2008 10:02 PM
To: Joey
Cc: PHP
Subject: RE: munge / obfuscate ?
Hi Joey,
Please keep responses on the list so others can also benefit from the
learning process.
Comments below...
On Thu, 2008-03-27 at 21:46 -0400, Joey wrote:
-----Original Message-----
From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx]
Sent: Thursday, March 27, 2008 9:28 PM
To: Joey
Cc: PHP
Subject: Re: munge / obfuscate ?
On Thu, 2008-03-27 at 21:10 -0400, Joey wrote:
Hi All,
I have written an app to allow a person to go online and see a
picture
we
take of them. When we link to the picture I don't want it to be
obvious
that the URL is
Domain.Com/Pix/123.jpg because the next person we take a picture
of may
be
123.jpg, so I am trying to munge/obfuscate the URL to make it
less
obvious.
<?php
$sekret = 'the brown cow stomped on the wittle bug';
$id = isset( $_GET['id'] ) ? (int)$_GET['id'] : 0;
$key = isset( $_GET['key'] ) ? (string)$_GET['key'] : '';
if( $key == sha1( $key.':'.$sekret ) )
That should have been:
if( $key == sha1( $id.':'.$sekret ) )
{
header( 'Content-Type: image/jpg' );
readfile( "/images/not/in/web/path/$id.jpg" )
exit();
}
//
// Failure... tell them to bugger off :)
//
header( 'Content-Type: image/jpg' );
readfile( '/images/wherever/you/please/buggerOff.jpg' );
exit();
?>
Sorry to be such a newbie...
I basically would call this function lets say like:
munge( $url );
end in the end be returned the munged url, however, I don't
understand the
values you have like the readfile with that url -vs- failure?
I didn't munge... I provided code for a script that sends the
requested
image if it was requested with the appropriate key (presumably set
wherever the image was linked). If the key doesn't validate then
another
image is presented. It can say "bugger off", it can say "not found",
it
can say whatever you please. By placing the images outside the web
root
and using a script like this you are virtually guaranteed the visitor
can't just request images by making a lucky guess.
Let's say the above script was called: getUserImage.php
Then you might have the following in your HTML:
<img
src="getUserImage.php?
id=123&key=4fad1fea72565105d84cb187d1a3ed3bfb9
aba3b"
/>
I understand what is happening here, however I really want something
simple like:
$link ="http://www.whataver.com/whateverpath/";
$image = "123456";
new_image = munge($image);
new_link = $link . $new_image;
or maybe
new_link = munge($link . $image);
Which would encode the whole link.
Either way this is what would go into the email message we send out.
Thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
You could use base64_encode/decode.
Or...
function bitshift_encode($i) {
return $i << 3;
}
function bitshift_decode($i) {
return $i >> 3;
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php