I'm making a script where you can upload a sample picture, and download it.. But when I try to download a file it looks like; http://localhost/uploads/file/filename.png
Thats not really safe I guess for hackers.. They can just put in image.png image1.png etc.. So what I exactly need help for is, how can I make a link unreadable like; http://localhost/asdajh1728dsa871nsada87 or similar like that one, or anything unreadable.
I just use rawurlencode.
Im struggling for days, help is really appreciated.
If it is possible via a .htaccess file its also welcome :)
it is possible with fpassthru, this snippet converts requests for /images/$encoded_path into show_image.php?img=$encoded_path, and lets the php return the data and decode the path
php:
$decoded=some_decoding($_GET['img']);
// open the file in a binary mode
$name = './uploads/file/'.$decoded;
$fp = fopen($name, 'rb');
// send the right headers
header("Content-Type: image/png");
header("Content-Length: " . filesize($name));
// dump the picture and stop the script
fpassthru($fp);
exit;
and in .htaccess
RewriteRule ^images/([0-9a-z]+)/?$ show_image.php?img=$1 [NC,L]
If all you want is to "scramble" you file names, use md5 with file name and time stamp.
$filename = bin2hex(openssl_random_pseudo_bytes(16));
That will give you a random 16*2 long string. Simply save the file with the random filename. You can change 16 to 32 or 64 to create a longer names.