Looking for encrypt/decrypt functions

Question

I have an array of IDs (e.g. array(1, 2, 10, 34, 100, 101)) that represents files ids of pictures in database.

I would like to send a link to customer by email such that when he press this link he will see the pictures, but I don't want customer to see these files ids!

Thus, I thought to encrypt the array of pictures ids with some key that customer doesn't know, and when customer clicks the link my PHP script will get the encrypted string, decrypt it back to the pictures ids, and send customer a page with the pictures.

Are there any PHP built in functions that can do the encryption/decryption with custom key for me ?

Thanks !!

Answer 1

PHP has the mcrypt extension. It can do this.

Note that in the method you describe, the customer will see the picture IDs when you send him the page.

Answer 2

If it were me implementing this I'd just give the customer a random hash, then relate that hash to particular IDs in a database table a bit like:

link_hash VARCHAR(40) NOT NULL,
link_id INT(11) NOT NULL

(one or more rows per link_hash to allow multiple IDs)

As Borealid mentioned in his answer, you'll also need to ensure that when they view the page they won't see the IDs in the picture URLs either. This will be a separate challenge.

Answer 3

How about giving a name to your pictures in the db that is not the same as the id?

When a user uploads a file you give the file a random name like the current timestamp and md5. The you store the name in your database and give it a id. That way you get your sequential ids and you get filenames that are very hard to guess. That and prevent visitors from displaying the content of the images folder and you are pretty set.