I'm trying to obfuscate and ID (Ex: 1) with different value.
So if I obfuscate 1 it may give me different values as ADHU6767asD or hiuy76FY and when I will un-obfuscate it, it will give 1.
Any idea on how to do this?
Thanks!
** EDIT :
When I access to a page of my php application (page.php?id=1) where 1 load specific information from the database, I want to obfuscate this is, to an alphanumeric string.
Neither I want the obfuscated string to always have the same value (ex : 1 is ALWAYS ABC543)
I'm also not interested to keep the obfuscated value into a database.
There's a nice example by Ray Morgan of creating a tamper-proof user-id obfuscation scheme that does not require database storage of the id's encoded form :
http://raymorgan.net/web-development/how-to-obfuscate-integer-ids/
Another approach would be to use symmetric (bi-directional) encryption (concat'ing id with a salt) with AES...
The obfuscation protocol could use filename and/or function name as a salt for the obfuscation that will happen. That way you would only see the same IDs in the same file or function and you can have a repeatable process. Otherwise you would have to have many different ways for keeping track of how you obfuscated each file or function.
Related
I'm learning about the function urlencode. Is it possible to use this on a file name? So - when you upload a file to your server and then use that file name later, you would be able to use it in a url?
$promotionpicture=$_FILES["promotionpicture"]["name"];
$promotionpicture=rawurlencode($promotionpicture);
Then later...
$imagesource="http://mysite.com/".$userID."/".$promotionpicture;
I'm trying to do this, but every time I navigate to the picture, i get a "Bad request" from my server. Is there a specific php encode function I should use? Or is this wrong all together? Thanks in advance for you help.
urlencode and similar functions are for making an HTTP friendly URL. You would want to keep the normal filename and then when printing the img src, use urlencode.
Note that this is not really the preferred way to do it as you can run into duplicate filenames and misc security issues. It's better to generate a filename for it using a uuid or timestamp or something, that way you can bypass those types of issues.
Pictures are really just raw data, like any other file. It is possible to do something like what you're doing, but not necessarily advisable.
If you want to do something like that, I recommend instead doing something to strip special characters.
$newfilename=preg_replace('/[^a-zA-Z0-9.]/','',$filename);
(from Regex to match all characters except letters and numbers)
That said, keep in mind what others have said. How will you handle file name collisions? Where will the images be stored and how?
One easy way to do this much more robustly is to store in a database the original file name and the MD5 hash. Save the file by its hash instead of by name, and write a script that retrieves the file by matching the original name to the MD5 using the database. If you store the file type, you can issue correct headers and when the user downloads the file or uses it to embed in a web page, it will retain its original name, or display as expected respectively.
I have a lot of records in the database, and each record will have an image, I'm pretty confused about how to store the images.
I want the access route to be something like /img/record-id.jpg (i.e. /img/15178.jpg).
Alright, storing all images inside /img/ isn't a good thing, because there will be many.
In this question it is suggested to reverse the name of the image, so the example above would be stored under /img/78/51/15178.jpg. The suggestion won't give further info (and for me it's not obvious) about other scenarios. What will happen (this is asked in the last comment for the answer) if the id is a low number like 5, 15, 128, 1517?
Leaving that aside, let's remember I want the path to be /img/15178.jpg. I'd redirect the request using Apache, but for that I'd have to type at least 3 or more rules for different id numbers:
^/img/(\d)(\.jpg)$ /img/$1$2
^/img/(\d\d)(\.jpg)$ /img/$1/$1$2
^/img/(\d\d)(\d\d)(\.jpg)$ /img/$1/$2/$3
And so on?
This doesn't seem to be a nice solution, although it would work just fine.
I could think of other option which is: take the MD5 of the image, store it in its respective record, redirect the request to a PHP script and let it take care of the output.
The script will look the MD5 for the id in the database, build the actual route out of the hash and output the image. This solution is neater, but it involves database and PHP to output an image, sounds like a little too much.
I really don't know what to do here. Mind giving me some advice?
You already have written the perfect answer ! Professionals use it exactly like you (or the guy in the linked question) says: Building a deep directory structure that fits your needs. I have done this with 16 million pictures, and it worked perfectly.
I did it like this:
/firstCharacter/secondCharacter/...
Files with short names, like 5.jpg, will be in /5/5.jpg
EDIT: to keep the performance on top, i'm totally against any further php actions, like salt, md5, etc. Keep it straight and simple.
I am creating a url link and one of the GET variables has a hash symbol in it. The webpage will not read any data after the hash mark. I cannot take it out for two reasons.
The website database (not designed by me in any way) has hash symbols for various items of data. I have no authorization to edit the database. And I'm sure if I did other things would break.
I cannot edit the webpage of the url. It was designed by someone else and again I don't have any authorization to edit it.
The url looks something like this
www.example.com?datapoint1=abc&datapoint2=#def
where the #def is necessary as the webpage will search the database for this exact string. If I could edit the webpage php I could put the hash in when necessary, but as I said, I don't.
To explain a little further. The user collects data (in a Java app) and the data is put into a long url (like the above example but more complicated)and is automatically emailed to a specific user with this link. The second user clicks on the link and does whatever he/she has to do.
I think the only way is to edit the php or javascript of the webpage. Any ideas would be appreciated.
You'll have to encode the # as %23, so your URL would look like this:
www.example.com?datapoint1=abc&datapoint2=%23def
To make it easier, you could use PHP's built-in urlencode function: http://php.net/urlencode
You need to escape the hash in the url if you don't want it to become the hash part. The urlencoded character for a # is %23.
You can use the urlencode() (php.net doc) in php to escape values in php.
You might also like to know about http_build_query_string() which can generate the url query and encode the values properly from a key value array. Check out the php.net examples for more information.
If you can't access the PHP but can use JS (which is sub-optimal) you could make a small script that rewrites the url when it sees a hash is present (will only work if a hash is never present otherwise)
if(window.location.hash) {
// Hash detected, lets rebuild the url
window.location.href = window.location.href + '%23' + window.location.hash.slice(1);
}
I have a webpage that the user inputs data into a textarea and then process and display it with some javascript. For example if the user types:
_Hello_ *World* it would do something like:
<underline>Hello</underline> <b>World</b>
Or something like that, the details aren't important. Now the user can "save" the page to make it something like site.com/page#_Hello_%20*World* and share that link with others.
My question is: Is this the best way to do this? Is there a limit on a url that I should be worried about? Should I do something like what jsfiddle does?
I would prefer not to as the site would work offline if the full text would be in the hash, and as the nature of the site is to be used offline, the user would have to first cache the jsfiddle-like hash before they could use it.
What's the best way to do this?
EDIT: Ok the example I gave is nothing similar to what I'm actually doing. I'm not cloning markdown or using underline or b tags, just wanted to illustrate what I wanted
Instead of trying to save stuff in the URL, you should use the same approach that is common in pastebins: you store the data , can provide use with url, containing an unique string to identify stored document. Something like http://foo.bar/g4jg64
From URL you get state or identifiers, not the data.
URLs are typically limited to 2KB total, but there is no officially designated limit. It is browser-dependent.
Other than that, make sure you properly URL encode what you're putting up there, and you're fine... although I certainly would not want to deal with obnoxiously long URLs. I might suggest you also avoid tags such as <underline> and <b>, as they have been deprecated for a very, very long time.
Use javascript function:
encodeURIComponent('_Hello_ *World*');
I was asked this before with slight different with current question. but did not got the answer I was looking into.
My question is do I need to store md5($url) in unique index in MySQL?? I have seen this in some code actually I don't remember..this is a large database with more than 5 million urls and the indexing is done by calling urls.
Any ideas?
I don't think you should hash your URLs. The only plausible reason would be to save space (if most of the URLs are larger than 32 chars) at the expense of increased risk of collisions.
What you should do is normalize the URLs.
Some sites uses hashing for urls in the database because they use hashes in urls say for user redirect to external url. I can't see any reason to do this if this is not the case.
are you saying that the url is called as such:
www.yourdomain.com?id=89ce9250e9f469c9d1816e1cc0fb47a1
and then the id (89ce9250e9f469c9d1816e1cc0fb47a1 which is an md5() of the real url querystring) is looked up from the database to resolve the actual url which could be:
www.yourdomain.com?user=23&location=5&eventtype=23&year=2010
Is this the kind of usage you're referring to??
jim