发表新帖
发表新帖

Shortest possible encoded string with decode possibility (shorten url) using only PHP

前端 未结
关注
13 1686
甜味超标
甜味超标 2020-12-28 19:14

I\'m looking for a method that encodes an string to shortest possible length and lets it be decodable (pure PHP, no SQL). I have working sc

相关标签:
13条回答
  • 借酒劲吻你
    2020-12-28 20:06

    I don't think the resulting url can be shortened much more than on your own example. But I suggest a few steps to obfuscate your images better.

    First I would remove everything you can from the base url you are zipping and base64encoding, so instead of

    img=/dir/dir/hi-res-img.jpg&w=700&h=500

    I would use

    s=hi-res-img.jpg,700,500,062c02153d653119

    Were those last 16 chars are a hash to validate the url being opened is the same you offered in your code - and the user is not trying to trick the high res image out of the system.

    Your index.php that serves the images would start like this:

    function myHash($sRaw) { // returns 16 chars dual hash
    return hash('adler32', $sRaw) . strrev(hash('crc32', $sRaw));
} // These 2 hash algos are suggestions, there are more for you to chose.

// s=hi-res-img.jpg,700,500,062c02153d653119
$aParams = explode(',', $_GET['s']);
if (count($aParams) != 4) {
    die('Invalid call.');
}

list($sFileName, $iWidth, $iHeight, $sHash) = $aParams;

$sRaw = session_id() . $sFileName . $iWidth . $iHeight;
if ($sHash != myHash($sRaw)) {
    die('Invalid hash.');
}

    After this point you can send the image as the user opening it had access to a valid link.

    Note the use of session_id as part of the raw string that makes the hash is optional, but would make it impossible for users to share a valid url - as it would be session bind. If you want the urls to be shareable, then just remove session_id from that call.

    I would wrap the resulting url the same way you already do, zip + base64. The result would be even bigger than your version, but more difficult to see thru the obfuscation, and therefore protecting your images from unauthorised downloads.

    If you want only to make it shorter, I do not see a way of doing it without renaming the files (or their folders), or without the use of a database.

    The file database solution proposed will surely create problems of concurrency - unless you always have no or very few people using the system simultaneously.

    0 讨论(0)
 看不清?
提交回复
热议问题