nv39
nv39

Reputation: 535

generating random, single use URLs

I'm creating a pretty simple application which allows references (of potential employees) to upload their own reference letters. Here's how it works:

I'm stuck on how to generate a completely (okay, okay, quasi will do) random URL. What's more: how do I ensure that following the link will direct the references to the correct page? Do I have to create a new page containing the drop box every time I send out a random URL?

Thanks for any suggestions on how to go about this :)

Upvotes: 0

Views: 7263

Answers (4)

Masse
Masse

Reputation: 4344

You could also create a random permutation of numerals and characters so that

hash($previous) // is unique

The basic idea is that the 'hash'-function depends only on the previous value, creating a new unique value. For example so that '0' -> '1', '1' -> '2', '9' -> 'a', 'z' -> '10', 'z0' -> '11'. Such an algorithm is relatively easy to devise

Upvotes: 0

devrobf
devrobf

Reputation: 7213

I presume that when you say that you want to generate a random URL, you are essentially asking to generate a random string. This is potentially very simple; here's some pseudocode:

for i = 1 to stringLength
    randomString[i] = floor(random() * 26) + 'a'
end

In other words, generate a random number between 0 and 25, and add it to the ASCII value for the character 'a'. This would generate a random string of lowercase letters, which I think should be sufficient for your task. In PHP, you would use the rand function. It would be advisable to use the srand function to seed the random number generator with the current time, like the example at the end of the given link.

As for the second part; I recommend that you simplify things; rather than generating an actual page with a random URL, why not simply pass a random string into the query string such as:

www.mydomain.com/uploadReference.php?id=xxxxxxx

Where xxxxxxx is your random string. You can then verify the string and look it up in a database using PHP. This seems, for your purposes, by far the easiest way.

Upvotes: 1

SamYonnou
SamYonnou

Reputation: 2068

You can make a unique string based on some form of hash of the current time stamp or the reference's unique credentials (e.g. username or something). You could then create one page for the dropbox that would accept that unique string in the URL to be used for a script on the page which would retrieve the relevant data mapped by that string in a database.

Upvotes: 0

Whisperity
Whisperity

Reputation: 3042

You might try using a hash algorithm which generates the unique-esque checksum from the contents of the file. Usually (for example with md5()) one byte change in the original content results in a completely different hash. (Notice: md5 has some collision vulnerabilities.)

If you store the uploaded file with the filename of the hash, you will be able to retrieve it at a later date, but for more complex system, there should be a database set up which makes the relation between the random URL and the stored content.

If you don't want to hash, there code snippet below could help to generate random URLs (but make sure that if an URL is already used, you prevent accidental overwrites):

md5( sha1( time() + rand(0, time()) ) );

Upvotes: 1

Related Questions