dongpi9494 2013-07-02 00:24
浏览 142

如何在网站URL中对内容ID号进行Imgur风格的混淆? (PHP和MySQL)

I'm trying to obfuscate the URLs to the pages where content is displayed. Content pages are displayed by getting the content id number as a GET variable in the URL. I want to obfuscate the URL (as is described by this SO post). I tried the methods in both answers but one method gave overly long codes, and the other gave overly predictable codes.

I'm working in PHP, and I'm using a MySQL table to store content; the content id is an automatically incrementing column. This means that if I didn't obfuscate my URLs users would be able to see in the URL exactly how many posts there are on the website, and could change the URL to see different posts. I want to avoid this.

I was hoping to have obfuscation similar to Imgur.com: their content ID codes are each a 5-character code containing letters, capital letters and lowercase letters.

  • 写回答

3条回答 默认 最新

  • drbouzlxb92333332 2013-07-02 01:06
    关注

    To avoid needing to do a bunch of "encrypting" and "decrypting" you can use a unique key-pair for each page. Add another field (VARCHAR 5) to your pages table called key and then randomly generate a key for each page.

    To generate the key you could crypt a random number

    function random_key(){
        $crypt = crypt(rand(0,9999999), 'Whatever you want to say here.');
        return substr($crypt, 0, 5);
    }
    

    Which would result in a URL like ?page=55-so3ph (?page={$id}-{$key})

    And then to use it you can do something like

    <?php
    
    if(empty($_GET['page']))
        die('missing ?page');
    
    $page = explode('-', $_GET['page']);
    
    if(count($page) != 2)
        die('invalid ?page');
    
    list($page_id, $page_key) = $page;
    
    if(!is_numeric($page_id))
        die('invalid page id');
    
    $Post = your_query_method('SELECT * FROM pages WHERE id = ' . $page_id . ' AND key = "' . your_escape_function($page_key) . '"');
    
    if(!$Post){
        header('Location: /invalid_page.html');
        exit;
    }
    
    //At this point we know that they ID key pair is correct
    
    评论

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题