Jump to content

How to make custom urls for individual people?


hockey97

Recommended Posts

Hi, I have see websites like mega_upload. Where when you upload something they generate a URL customized for that individual.

 

For example : people that use paypal to sell digital products. They have a PHP script where once after payment their server generates a customized URL to the file. This URL expires in a given week. If you didn't download it by then. You would need to pay again. Which would generate another customized URL.  

 

I have a website that has images and I want more security around  images. I don't want the end user to clearly or easily know where the source is by looking the the webpages source code.

 

I currently have a php file that grabs the image and renders it. This can prevent hot linking to a image and other stuff like un-authorized access to the images. However,this image still gets shared to authorized people. I just want to give the user more control over how the image can be used.

 

I don't want people to easily download a copy of the image. If they know the source they can easily just download the image. I was told that I need to create a PHP script and uses apaches rewrite. 

 

The PHP file will grab all images and render them. I can then use this url as the images source. It gives me that 2 layer security where only authorized users can access them and the URL changes every time you load a page. So, you cannot know the original link.

 

I plan to have a feature where the user can permit another user to download certain photos. I just want to add more security on images to prevent people from getting cyber bullied or other nasty things from the internet. 

Link to comment
Share on other sites

First off: If the images can lead to cyber-bullying, they don't belong on a webserver at all. No matter how many PHP scripts you put in front of them, that doesn't change the fact that they can eventually be accessed and shared via a standard URL.

 

So don't put too much expectations into your access script (the same is true for your hotlinking check, by the way). At best, you can try to make the images a bit less public.

  • Set up a secure random number generator. For example, use bin2hex(openssl_random_pseudo_bytes(16)) to generate random tokens.
  • Create a table which maps tokens to images and stores additional information like the expiry date.
  • Hand out share links to the image owner. For example:
    https://images.yoursite.com/token=d4261fb9af53989d2c8d55caa4bd812c
    
  • In your access script, look up the token, check the expiry date, and if everything is OK, display the image (if performance is a concern, use the Sendfile mechanism rather than loading the file into PHP).

 

 

 

// I'll move your topic to the PHP section, because this doesn't really have anything to do with Apache.

  • Like 1
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.