You are here

8 posts / 0 new
Last post
Random File Name on Export.. Can it be done? #1
Chris Hoch's picture
by Chris Hoch
October 11, 2012 - 1:03am

I would like to generate my export files (jpg's) to have a GUID or a UUID filename.

for example it to spit out something along the lines of:
e361f6d0-12f2-11e2-892e-0800200c9a66.jpg
f43adc60-12f2-11e2-892e-0800200c9a66.jpg
00990f40-12f3-11e2-892e-0800200c9a66.jpg
etc. etc.

The idea behind this is that I have been trying to secure my client access area on my website, however without much luck. I was thinking GUID's or UUID's might be the way forward for people to find it harder to guess what the filenames are and to stumble across them by guessing the filenames.

I understand that this is not the best way to “secure” the files but it is the only way I can think of to make it a bit harder for someone to stumble across the filenames of them.

I have been looking and thinking, the best solution for these filenames is to use a random bunch of characters and then use the date & time stamp somehow in the filename.

Cheers,

Chris

gfsymon's picture
by gfsymon
October 11, 2012 - 1:34am

Sounds like a nightmare.

There’s a strong chance that your website is hosted on a unix server, in which case, you can do amazing things with htaccess.

Take a look and if you want some simple info on how to block a directory (2 min job) I can walk you through it.

Chris Hoch's picture
by Chris Hoch
October 11, 2012 - 5:33am

Thanks, I was looking at htaccess as well but I needed it to work in conjunction with the wordpress users list. That was my stumbling block, which then lead me to tho about using guid’s

Chris Hoch's picture
by Chris Hoch
October 11, 2012 - 7:48am

I have been playing around with htaccess and managed to get this:

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www.)?mysite.co.uk/ [NC]
RewriteCond %{REQUEST_URI} !hotlink.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov) [NC]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
RewriteRule .*.(gif|png|jpg|doc|xls|pdf|html|htm|xlsx|docx|mp4|mov)$ http://mysite.co.uk/ [NC]

This will at least protect files unless the user is logged in, However if any user logs in then there is a possibility if they know the url of another clients image (highly unlikely) then they can see it… it does however protect the images from people who are not logged in to the site.

Still would be nice to have some sort of GUID export though.

Thomas Emmerich's picture
by Thomas Emmerich
October 11, 2012 - 11:17am

Someone posted a script for seemingly doing what you want in an Apple Forum. Check it out to see if it will help.

Thomas

gfsymon's picture
by gfsymon
October 11, 2012 - 5:11pm

I don’t know how many clients you have, but I handle this manually with htaccess. I make a folder/directory in my website for each client and place an htaccess file inside each folder.

The code in this htaccess file is similar along these lines :

________________________________________________________________

AuthUserFile /home/user(your webhost account)/website/client/client directory (the name of the directory you made)/.htpasswd
AuthType Basic
AuthName “client name”
Require valid-user
________________________________________________________________

AuthName “client name” is the login you want your client to use.

You now make a second file in this client directory called : .htpasswd (with the dot .. be careful in the Finder. A leading dot makes a file invisible)

The code in this file is one line, similar to this :

________________________________________________________________

password :$apr1$Tw65BY0H$cO32OQRnajXprJtIZ4V730
________________________________________________________________

‘password’ is whatever password you want to make.

You generate the code for this password on any number of websites. It’s a free service. Here’s one that I use.
. As you will see, you can generate lots of passwords at once if you want to give individual users their own passwords, but for a client website/directory, that seems a bit pointless to me.

What all this means is that no one can gain access to the client directory or any sub-directories without knowing the login and password. No way. It’s extremely secure.

It usually takes me just 2 or 3 minutes to create a new directory on my website and copy/alter the .htaccess and .htpasswd files.

I use this pretty much exclusively as a file delivery system. I give the client the URL of the files for download, located in their client directory and when they try to open it in a browser, they are presented with the login/pass dialog. When they enter those, the download starts automatically. You could of course, use it to password protect client web pages too.

Chris Hoch's picture
by Chris Hoch
October 11, 2012 - 10:00pm

Thanks Thomas, I am going to check that out and see if I can adapt that somehow to benefit me.

Thanks for the info Grant. I am using wordpress with each client having a dedicated login, this way it makes life easier for if I have shot multiple events for them they just have to log in with the same credentials… added benfit is also if they forget their password they can have it automated to be resent to them.

There is also a client email form on each of their own specific pages. This way their email comes through without them having to fill in all the relevant data, wordpress hands their name and email address through to the form. So to them they just fill in the message box then press send and it attached the other details automatically to the email.

I am just trying to figure out how I can use the .htaccess file now to lock it down to the specific username. I was hoping for an automated way of doing this, however it looks like I will need to upload the file to each client folder.

At the moment anyone logged in can potentially go an look at someone elses photos, if they know the path and filename… at least I am 50% of the way there in protecting client images.

Thanks for all your help with this guys, your input has been invaluable.

Chris

PhotoJoseph's picture
by PhotoJoseph
October 12, 2012 - 3:01am

If you still need a random name generator, please post the question in the AppleScript forum. I’d wager something could be done through scripting.

@PhotoJoseph
— Have you signed up for the mailing list?

You may login with either your assigned username or your e-mail address.
Passwords are case-sensitive - Forgot your password?