I am coding a script , where basically the user has to enter his name , choose file , file comments if required and upload.
The file comments , name , filename will be stored in the database with auto_increment id. The file gets uploaded to the server too. The problem is I want to generate a 10 digit unique code , which makes it simple for the user to download the file , he just has to enter the 10-digit code , and my script will deliver the file to him.
Everything is fine , but the problem is I am not able to generate the 10 digit unique code. Security is not focused much here , only the id has to be unique everytime WITHOUT FAIL. As the script depends on this unique id for delivering the file (searches the db for this unique id , gets the filename from there and delivers the file).
I have tried many ways , but cant assure the id will be unique everytime.
[PHP]<?
//set the random id length
$random_id_length = 10;
//generate a random id encrypt it and store it in $rnd_id
$rnd_id = crypt(uniqid(rand(),1));
//to remove any slashes that might have come
$rnd_id = strip_tags(stripslashes($rnd_id));
//Removing any . or / and reversing the string
$rnd_id = str_replace(".","",$rnd_id);
$rnd_id = strrev(str_replace("/","",$rnd_id));
//finally I take the first 10 characters from the $rnd_id
$rnd_id = substr($rnd_id,0,$random_id_length);
echo "Random Id: $rnd_id";
?>[/PHP]
The code above generates an id , but I am not able to assure its unique always.
What if it returns the same id ?
Is there a way to do this ? Or any function to convert the auto_increment id from the database to a unique id (encrypted) and result the same auto_increment id when decrypted ?
Any ways ? Please help me.
Thanks.
13 40332
Maybe you could pull out, of your db, all the rand IDs assigned and then evaluate them against the rand ID you're going to assign to the newly uploaded file, if the rand ID matches any; create a new one.
I'm not sure what the coding would be as i have no idea whether you can have a new rand ID generated.
Not sure..
Thats true ,am coding a file uploader-downloader , the user gets the unique id for his file , and whenever he wants , he enters it to download.
I'll try evaluation from the db , but was looking for a better way. I mean just like credit card numbers , every number is unique with them.
If you don't want the number to be easily guessable, but with moderate security, you have 2 choices as far as I can tell:
1) Run the database id with a secret seed code through a hash function. Problem here is that hashes are usually more than 10 characters.
2) Run the database id through a function which is one-to-one. Any ole function will work, but if you make it non-linear, then you'll be doing a bit better. If it's 10 digits that you're talking about though, you only have 10,000,000,000 possible results, so if you can get a function that will return numbers less than 10 billion for all reasonable values of your user id (and pad to the left with zeroes [e.g. 1 would be the code 0000000001]), then you should be good. Oh, and the function would have to return integer results.
Let's see if I can suggest one and sound less mathematical... I'll come back to this after I do the math (have to create the inverse function too, right?)
hmmm...Messing around with functions for awhile and testing inverses, I'd probably stick with a straight polynomial whose closed-form inverse is easy to find. The big pain here is that they all be integers :) Much easier if that restriction is removed.
OK. So that's in the dump, what about using letters too? You could then do the username concatenated with the download id with padding as necessary.
Why not just use the primary key (your auto-increment) field padded with zeros?
If you have to stick by the 10-char identifier: generate a 9 byte field and add a suffix (range 0-Z), that will make it so that you can have 36 more of the same generated id. -
1. generate 9-char unique number $num
-
2. check if that number $num is already in database, e.g.
-
SELECT id FROM table WHERE id LIKE '$num%' ORDER BY id DESC
-
3 if any result: get highest id and increment by '1' (you have range '0' to 'Z')
-
if no result : store record with id+'0'
-
Ronald
If you don't want the number to be easily guessable, but with moderate security, you have 2 choices as far as I can tell:
1) Run the database id with a secret seed code through a hash function. Problem here is that hashes are usually more than 10 characters.
2) Run the database id through a function which is one-to-one. Any ole function will work, but if you make it non-linear, then you'll be doing a bit better. If it's 10 digits that you're talking about though, you only have 10,000,000,000 possible results, so if you can get a function that will return numbers less than 10 billion for all reasonable values of your user id (and pad to the left with zeroes [e.g. 1 would be the code 0000000001]), then you should be good. Oh, and the function would have to return integer results.
Let's see if I can suggest one and sound less mathematical... I'll come back to this after I do the math (have to create the inverse function too, right?)
Wow that sounds great...
ronverdonk and JeremyMiller , looking forward for your replies.
Before going into all these methods, some simple, some rather complicated, the question is: is there any reason to have this limitation of 10 digits?
Using alpha's or extending the number of digits would make all a lot easier and you would extend your range of possible unique's significantly.
Ronald
ronverdonk and JeremyMiller , looking forward for your replies.
I did reply -- creating a one-to-one function over the integers whose inverse was also able to be expressed as a function was more work than I wanted to do. Of course, you could do something simple like y=x^2+3, but that's fairly easy to crack (the inverse for the non-mathematical is y=sqrt(x-3) and is valid as the domain is integers greater than 0. You could then pad the number with leading zeroes. I was looking for a function that's a bit more fun, though.
Before going into all these methods, some simple, some rather complicated, the question is: is there any reason to have this limitation of 10 digits?
Using alpha's or extending the number of digits would make all a lot easier and you would extend your range of possible unique's significantly.
Ronald
I second that. If you remove the 10 digits limit, you could just return a sha1 hash of the record id joined with a secret seed code and be set to go. That's what I usually do (and sometimes I bind it to the username as well).
I second that. If you remove the 10 digits limit, you could just return a sha1 hash of the record id joined with a secret seed code and be set to go. That's what I usually do (and sometimes I bind it to the username as well).
Problem with SHA1 is collisions, though with a reduced character set for input, you can all but count that out.
Have you thought about using a random number, and keeping the column in your MySQL table UNIQUE? If you follow this route, and the INSERT fails, you can just create another one.
I never have had any trouble with collisions using sha1 or md5. I've started to use the better hash functions available in PHP 5. Also, binding to the username helps reduce the likelihood of a problem there.
I like the idea of a random number, though! For my own code, I'll stick with hashes, though. :)
The problem is I want to generate a 10 digit unique code , which makes it simple for the user to download the file , he just has to enter the 10-digit code , and my script will deliver the file to him.
Just had a thought: Why not provide a login and link(s) to download the file? No funky codes for your end user to remember, just username and password.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Mamuninfo |
last post by:
Hello,
Have any function in the DB2 database that can generate unique id
for each string like oracle, mysql,sybase,sqlserver database.
In mysql:-
select md5(concat_ws("Row name")) from...
|
by: hikums |
last post by:
I am posting this here, just in case anyone may need this.
Step 1:
CREATE SEQUENCE ID_SEQ
START WITH 1050000
INCREMENT BY 1
MAXVALUE 9999999
NO CYCLE
NO CACHE
ORDER
|
by: Sebastien |
last post by:
Hi,
I am building a products database, linking sales and production. Each
part has a unique sales Stock Code and Production Number.
The sales stock code is a combination of letters and numbers...
|
by: Lauren Wilson |
last post by:
Does anyone know how the following info is extracted from the user's
computer by a Front Page form?
HTTP User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.7.5) Gecko/20041107...
|
by: Drebin |
last post by:
It's a long story really, but the bottom line is we need to encrypt or
obfuscate a clear-text 9-digit SSN/taxpayer ID into something less than 21
characters. It doesn't need to be super-secure,...
|
by: mortb |
last post by:
Hi,
How do I write a GenerateHashcode function that will generate guaranteed
unique hashcodes for my classes?
cheers,
mortb
|
by: D |
last post by:
Hello everyone -
I'm trying to compile an application to generate all possible 3
digit combinations using 0-9 and a-z, I've looked everywhere for a
solution and I found Combinations! v 2.0 for...
|
by: Marc |
last post by:
Hi all,
I have to generate and send to a printer many 6 digit
alphanumeric strings. they have to be unique but I cannot check in a
database or something like that if it have already been printed....
|
by: sotirac |
last post by:
Wondering if there is a better way to generate string of numbers with
a length of 5 which also can have a 0 in the front of the number.
<pre>
random_number = random.sample(, 5) # choose 5...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |