Page 1 of 1

Protect URL With Script

Posted: Sun Aug 23, 2009 12:28 pm
by Angie1
Hello there,

I am a newbie (dummy) in php programming. Currently, I hosted my website in Cpanel running wordpress with my file system in unix/linux system.

I need to implement a security to protect my url for download so that the download path can change each time and that after my users or customers downloaded the files, they will not be able to pass around the link.
Currently, I have implemented a login page after which users logged in, they will be auto-redirected to a download link. However this is not enough. As I am not an expert in programming, I changed this link frequently so that it will remain protected and only paid subscribers will be able to access for a limited time.

I would like to implement something to automate this - to protect my url. I have read on the internet but still confused on the use of the security like MD5 or SHA.

- Does SHA create a different session key each time the URL is called upon?
- Can base64 achieve this?

I read about mod-rewrite in the unix system but I don't want to touch it and I think it's kind of hard for me. As I don't want to touch on the config or htaccess file because it will become my hosting provider responsibility if anything breaks.

So, here I'd would to inquire if any kind soul or experts would show me some sample script in php or etc... (can run Unix/ Apache server) to implement the above.

Or any technique that can achieve my objective.

e.g my website download link is now http://abc.com/oeurruorwdnndn
Now I would like the oeurruorwdnndn to change each time the browser gets the link.

Thanks Much. :D

PHP newbie

Re: Protect URL With Script

Posted: Mon Aug 24, 2009 1:43 pm
by tr0gd0rr
you'll have to use mod_rewrite or use a question mark like "http: //example.com/?oeurruorwdnndn" and then run array_keys($_GET) to get that value

Re: Protect URL With Script

Posted: Mon Aug 24, 2009 3:49 pm
by Darhazer
sha1 and md5 produce the same output if the same string is given
In other words if there is no unique part in the url / the string you are encoding, that is changed every time, the hash/encoded string will be the same every time

In my opinion, the most easier way is to use the session_id() in the url and to check for a valid session. That you can add more security by using hmac-md5 hash, storing hash/fileid map in the database and so on.

Re: Protect URL With Script

Posted: Thu Aug 27, 2009 3:25 am
by Angie1
yes, I read about session id or session generate id, however, I am still novice to use it... I need freelance php programmer on this. Can discuss on the pricing, if the price is ok, I will give the assignment.

:!: