Re: munge / obfuscate ?

[Casey <heavyccasey@xxxxxxxxx>]

On Mar 28, 2008, at 7:15 PM, "Jack Sasportas" <Jack@xxxxxxxxxxxxxxxxxxxxxx 
> wrote:

> > -----Original Message-----
> > From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx]
> > Sent: Thursday, March 27, 2008 10:02 PM
> > To: Joey
> > Cc: PHP
> > Subject: RE:  munge / obfuscate ?
> >
> > Hi Joey,
> >
> > Please keep responses on the list so others can also benefit from the
> > learning process.
> >
> > Comments below...
> >
> > On Thu, 2008-03-27 at 21:46 -0400, Joey wrote:
> > > > -----Original Message-----
> > > > From: Robert Cummings [mailto:robert@xxxxxxxxxxxxx]
> > > > Sent: Thursday, March 27, 2008 9:28 PM
> > > > To: Joey
> > > > Cc: PHP
> > > > Subject: Re:  munge / obfuscate ?
> > > >
> > > >
> > > > On Thu, 2008-03-27 at 21:10 -0400, Joey wrote:
> > > > > Hi All,
> > > > >
> > > > >
> > > > >
> > > > > I have written an app to allow a person to go online and see a
> picture
> > > we
> > > > > take of them.  When we link to the picture I don't want it to be
> obvious
> > > > > that the URL is
> > > > >
> > > > > Domain.Com/Pix/123.jpg because the next person we take a picture
> of may
> > > be
> > > > > 123.jpg, so I am trying to munge/obfuscate the URL to make it
> less
> > > obvious.
> > > > <?php
> > > >
> > > >    $sekret = 'the brown cow stomped on the wittle bug';
> > > >
> > > >    $id  = isset( $_GET['id'] ) ? (int)$_GET['id'] : 0;
> > > >    $key = isset( $_GET['key'] ) ? (string)$_GET['key'] : '';
> > > >
> > > >    if( $key == sha1( $key.':'.$sekret ) )
> >
> >
> > That should have been:
> >
> >        if( $key == sha1( $id.':'.$sekret ) )
> >
> > > >    {
> > > >        header( 'Content-Type: image/jpg' );
> > > >        readfile( "/images/not/in/web/path/$id.jpg" )
> > > >        exit();
> > > >    }
> > > >
> > > >    //
> > > >    // Failure... tell them to bugger off :)
> > > >    //
> > > >    header( 'Content-Type: image/jpg' );
> > > >    readfile( '/images/wherever/you/please/buggerOff.jpg' );
> > > >    exit();
> > > >
> > > > ?>
> > >
> > > Sorry to be such a newbie...
> > >
> > > I basically would call this function lets say like:
> > > munge( $url );
> > >
> > > end in the end be returned the munged url, however, I don't
> understand the
> > > values you have like the readfile with that url -vs- failure?
> >
> > I didn't munge... I provided code for a script that sends the
> requested
> > image if it was requested with the appropriate key (presumably set
> > wherever the image was linked). If the key doesn't validate then
> another
> > image is presented. It can say "bugger off", it can say "not found",
> it
> > can say whatever you please. By placing the images outside the web
> root
> > and using a script like this you are virtually guaranteed the visitor
> > can't just request images by making a lucky guess.
> >
> > Let's say the above script was called: getUserImage.php
> >
> > Then you might have the following in your HTML:
> >
> > <img
> src="getUserImage.php? 
> id=123&amp;key=4fad1fea72565105d84cb187d1a3ed3bfb9
> aba3b"
> > />
>
>
> I understand what is happening here, however I really want something
> simple like:
>
> $link ="http://www.whataver.com/whateverpath/";;
> $image = "123456";
>
> new_image = munge($image);
>
> new_link = $link . $new_image;
>
> or maybe
>
> new_link = munge($link . $image);
>
>
> Which would encode the whole link.
>
> Either way this is what would go into the email message we send out.
>
> Thanks!
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

You could use base64_encode/decode.

Or...
function bitshift_encode($i) {
 return $i << 3;
}

function bitshift_decode($i) {
 return $i >> 3;
}

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php