Clicky

Need to know how to mask or hide records displaying in the url. i.e. http://somewhere.net/page/info.php?prod=123.  Is there a way to mask that so users can't change the "123" to another number and pull data from another record?

asked 04/01/2011 03:42

HITmen07's gravatar image

HITmen07 ♦♦


7 Answers:
I have come up with an accorythm in the past to fix this issue such as embed the number in a random string and have a way to un encode it when you pull it... so for the most part the user won;t be able to figure it out thus getting an error when they change it.


For example

index.php?rm=Un2992nN445shhw

And then on the recieving page you can pull then number out of that such as 245 is the id aand would be harder to figure out.. I have made some complicated ones in the past to better deal with it, but you get the idea... I hope
link

answered

galexander07's gravatar image

galexander07

algorithm* not accorythm! sorry
link

answered 2011-04-01 at 11:53:37

galexander07's gravatar image

galexander07

This teaches how to generate a random unique string.  You can use the string for the keys.  It is quite unlikely that a client can guess the other keys.  You can see the script in action here:
http://www.laprbass.com/RAY_random_unique_string.php

You might also consider keeping the keys in the $_SESSION array.  Just a thought, ~Ray
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
<?php // RAY_random_unique_string.php
error_reporting(E_ALL);
echo "<pre>
";

// GENERATE A SHORT UNIQUE RANDOM STRING FOR USE AS SOME KIND OF KEY
// NOTE THAT THE DATA BASE MUST HAVE THE rand_key FIELD DEFINED AS "UNIQUE"
// NOTE THAT THE LENGTH ARGUMENT MUST MATCH THROUGHOUT
define('ARG_LENGTH', 6);

// IMPORTANT PAGES FROM THE MANUALS
// MAN PAGE: http://us2.php.net/manual/en/ref.mysql.php
// MAN PAGE: http://us2.php.net/manual/en/mysql.installation.php



// CONNECTION AND SELECTION VARIABLES FOR THE DATABASE
$db_host = "??"; // PROBABLY 'localhost' IS OK
$db_user = "??";
$db_word = "??";


// OPEN A CONNECTION TO THE DATA BASE SERVER
// MAN PAGE: http://us2.php.net/manual/en/function.mysql-connect.php
if (!$db_connection = mysql_connect("$db_host", "$db_user", "$db_word"))
{
   $errmsg = mysql_errno() . ' ' . mysql_error();
   echo "<br/>NO DB CONNECTION: ";
   echo "<br/> $errmsg <br/>";
}

// SELECT THE MYSQL DATA BASE
// MAN PAGE: http://us2.php.net/manual/en/function.mysql-select-db.php
if (!$db_sel = mysql_select_db($db_name, $db_connection))
{
   $errmsg = mysql_errno() . ' ' . mysql_error();
   echo "<br/>NO DB SELECTION: ";
   echo "<br/> $errmsg <br/>";
   die('NO DATA BASE');
}
// IF WE GOT THIS FAR WE CAN DO QUERIES





// FUNCTION TO CREATE A DATABASE TABLE
function create_myTable()
{
    $length = ARG_LENGTH;

    mysql_query("DROP TABLE IF EXISTS myTable");
    $psql  = "CREATE TEMPORARY TABLE myTable ( ";
    $psql .= "_key        int(8)            NOT NULL AUTO_INCREMENT, ";
    $psql .= "rand_key    varchar($length)  UNIQUE NOT NULL DEFAULT '?', ";
    $psql .= "other_data  varchar(128)      NOT NULL, "; // AS NEEDED BY YOUR APPLICATION
    $psql .= "PRIMARY KEY(`_key`) ";
    $psql .= " ) ENGINE=INNODB DEFAULT CHARSET=ascii";
    if (!$p = mysql_query($psql)) { die( mysql_error() ); }
}





// FUNCTION TO MAKE A RANDOM STRING
function random_string()
{
// POSSIBLE COMBINATIONS = pow($length,strlen($chr)); = 4.6E18 IF LENGTH IS 4
//         1...5...10...15...20...25...30......
   $chr = "ABCDEFGHJKMNPQRSTUVWXYZ23456789";
   $str    = "";
   while(strlen($str) < ARG_LENGTH)
   {
      $str .= substr($chr, mt_rand(0,(strlen($chr))), 1);
   }
   return($str);
}





// FUNCTION TO ENSURE THE RANDOM STRING IS UNIQUE
function make_random_key()
{
    $length = ARG_LENGTH;
    $rand_key = '';
    while ($rand_key == '') // GENERATE A UNIQUE AND RANDOM TOKEN
    {
        $rand_key = random_string($length);
        $isql     = "INSERT INTO myTable ( rand_key ) VALUES ( "$rand_key")";
        if (!$i   = mysql_query("$isql")) // IF QUERY ERROR
        {
            $err   = mysql_errno();
            if ($err == 1062) // DUPLICATE UNIQUE FIELD ON rand_key
            {
                $rand_key = '';
            } else
            {
                /* HANDLE FATAL QUERY ERROR ($isql) */
            }
        }
    }
    return $rand_key;
}




// SHOW HOW TO MAKE LOTS OF UNIQUE AND RANDOM STRINGS
create_myTable();

$kount = 0;
$array = array();
while ($kount < 25)
{
    $array[] = make_random_key();
    $kount++;
}

print_r($array);
link

answered 2011-04-01 at 12:06:57

Ray_Paseur's gravatar image

Ray_Paseur

Not sure how to implement your solution into my database Ray.
link

answered 2011-04-01 at 16:12:11

HITmen07's gravatar image

HITmen07

Generate the random keys and use them for your keys to the rows of your data base.  Did you read the code and check the output from the link posted above?  I am not sure how I could explain it more clearly but if you have a specific question, please post back and I will try to help.
link

answered 2011-05-06 at 05:32:07

Ray_Paseur's gravatar image

Ray_Paseur

I've requested that this question be deleted for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

link

answered 2011-05-06 at 06:22:45

angelIII's gravatar image

angelIII

I think galexander07 and I both offered good solutions.  No big deal if you want to delete it, but since I use the random key algorithm in practice, I know it works. ;-)
link

answered 2011-12-16 at 05:50:19

Ray_Paseur's gravatar image

Ray_Paseur

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×81
×191

Asked: 04/01/2011 03:42

Seen: 366 times

Last updated: 12/17/2011 06:54