Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Looking to obfuscate filename

Status
Not open for further replies.
rhyno2k

rhyno2k

IS-IT--Management
Jun 9, 2001
222
0
0
US
Hi,


I'm building an online quote viewing application and I want to be able to hide the file location, so that viewers of a particular quote can't easily figure out the location of another.

The files will be in a /quotes folder, and will be labeled according to their quote number: e.g. 001667.swf, 001674.swf, etc.

What I'm thinking of is something like this:
Code: 
[URL unfurl="true"]http://www.mycompany.com/quote001667[/URL]
redirects to a login page. Upon success, user is presented with a link to:
Code: 
[URL unfurl="true"]http://www.mycompany.com/quote_display.php?q=R8h799cK1[/URL]
...where q = a string that always corresponds with the actual quote number of the file (e.g. 001667). I'm guessing this can be done with some sort of hash?

Also, I want to obfuscate the HTML source. I don't want people to simply be able to pop into view source for the above page and see "<param value=/quotes/001667.swf", "embed src=/quotes/001667.swf", etc. and try to get at the files directly.

How can I accomplish this?


Thanks,
--RHYNO
 
Sort by date Sort by votes
First, don't obfuscate HTML. If you do, there's no way for a general browser to be able to view your site. I suppose there are browser plugins you could require your users to install, but in general that's a very bad idea.

What I have done in the past for online quotes is to record in a database the quote data and a unique identifier for the quote (see uniqid() for information on how to generate the ID). Users are given only the unique id, not any kind of quote number, and quotes are generated on-the-fly after fetching the quote data from the database, not streamed from existing files.



Want the best answers? Ask the best questions! TANSTAAFL!
 
Upvote 0 Downvote
Sleipnir, thanks for the prompt response.

I chose the wrong word... I don't want to literally obfuscate the entire HTML document. I just want to hide/encrypt the direct file references ("/quotes/001667.swf") in the code for <object> and <param> -- if it can be done at all.

I just want to prevent people from peeking at the source, and guessing:
Code: 
[URL unfurl="true"]http://www.mycompany.com/quotes/00166[/URL][COLOR=red]8[/color].swf
to view other's quotes.

And unfortunately, I can't generate quotes on-the-fly. Each one is a custom, lovingly-handcrafted document. -sigh-


--RHYNO
 
Upvote 0 Downvote
Okay. Then create each quote document, store it on the server's filesystem, and record the document in the database. In each document's record in the database, record the unique ID.

Your users get only the link with the unique ID, your script looks up the document's record in the database and streams the document to the user's browser.



Want the best answers? Ask the best questions! TANSTAAFL!
 
Upvote 0 Downvote
Like sleipnir says, do...

I have made this script before, maybe in 2002-2003..

1) Admin area with upload, uploads files to the file-dir, lets the admin add title and such of the file.
2) Browse-area, where the user must register and request a download url sent with email
3) The user gets his / her download url, maybe it's:
random number>

4) The system checks if the user requested this download (eg. SELECT `blah` FROM `tbl_foo` WHERE `user_id` = <the logged in user> AND `download_id` = '<the id in the querystring>' AND `is_downloaded` < 1;

If it exists, this means the user requested the download and did not yet download it. If so, you stream the file and upon stream completion, run an UPDATE on the table:

UPDATE the table and SET the field is_downloaded to 1.

This means:
Each download url only works once
Each download url is tied to the user requesting it

You could also make a simple check if the user has requested a download already, if so, do not make another (so one cannot spam the table).

Purpose?
Well, I made it so the administrator of the site could see who was interested in the products and could then contact the interested parties.

It's quite easy, will set you back a couple of hours if you are a "medium" programmer.

Olav Alexander Mjelde
Admin & Webmaster
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rogerte
  • Locked
  • Question
How to parse associative array
Replies
13
Views
238
Chris Miller
Chris Miller
PeDa
  • Locked
  • Question
Basic Authentication fails to authenicate
Replies
0
Views
57
PeDa
PeDa
EdLentz
  • Locked
  • Question
I need a simple example of how to send a table of info .
Replies
8
Views
146
EdLentz
EdLentz
ersatz
  • Locked
  • Question
How to send 2 select from mysql database in email like tables
Replies
5
Views
152
ersatz
ersatz
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
121
vishvajit
vishvajit

Part and Inventory Search

Sponsor

Back
Top