Home/ Questions/Q 8889121
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T22:11:06+00:00

Ok, so I’ve written a script that will create a random number, check the

  • 0

Ok, so I’ve written a script that will create a random number, check the database and if number exists in a userid row, it will recreate a new number and continue until it finds an available number…I started thinking though, if my site gets HUGE, wouldn’t that be a terrible thing it trying to randomly find numbers and possibly having to continuously repeat itself…is there a better way of doing this or is this the route to go?

The user ID is not a private number as it can be used to get to user profiles…its being setup like Facebook where the long string of numbers OR a username can go to the persons profile.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I assume you are (for whatever reason) trying to stop someone from visiting a page like

    profile/<user_id>, and seeing that user_id = 100, then trying profile/101, profile/102, etc, etc.

    If that is the case, then you can use something like this (along with autoincrementing ids)

    class Crypt {

    public static function encrypt($data) {

        $config = LoadSomeConfig();

        // open the module to be used.  There are several listed at http://www.php.net/manual/en/mcrypt.ciphers.php     
        $mod = mcrypt_module_open($config->cipher, '', $config->mode, '');

        // use config set initialization vector.  We will use a constant here as we do not want to include this for decryption
        if (isset($config->vector)) {
            $iv = $config->vector;
        } else {
            die("NO IV SET!");
        }

        $key_size = mcrypt_enc_get_key_size($mod);
        $key = substr($config->key, 0, $key_size);
        mcrypt_generic_init($mod, $key, $iv);

        // Do the encryption using the cipher module defined
        $encrypted = mcrypt_generic($mod, $data);

        // cleanup
        mcrypt_generic_deinit($mod);
        mcrypt_module_close($mod);

        // Changed the output based on the config encoding value.  Currently supported values, base64 and hex.
        switch ($config->encoding) {
            case "base64":
                $encrypted = base64_encode($encrypted);
                break;
            case "hex":
                $encrypted = bin2hex($encrypted);
                break;
            default:
                break;
        }
        return $encrypted;
    }

    public static function decrypt($data){

        if (empty($data)) {
            return '';
        }

        // config options set include the cipher, mode and secret key
        $config = LoadSomeConfig(); 

        // Change encrypted data base to binary based on the encoding mechanism used to generate the data
        switch ($config->encoding) {
            case "base64":
                $data = base64_decode($data);
                break;
            case "hex":
                $data = pack("H*", $data);
                break;
            default:
                break;
        }


        if (isset($config->vector)) {
            $iv = $config->vector;
        } else {
            die("NO IV SET!");
        }

        $mod = mcrypt_module_open($config->cipher, '', $config->mode, '');
        $key_size = mcrypt_enc_get_key_size($mod);
        // max key size is 448 bits
        $key = substr($config->key, 0, $key_size);
        mcrypt_generic_init($mod, $key, $iv);

        // decrypt the data
        $decrypted = mdecrypt_generic($mod, $data);

        // cleanup
        mcrypt_generic_deinit($mod);
        mcrypt_module_close($mod);

        return trim($decrypted);
    }
}

    You would then have a route like profile/c2ffd340ea3b71ca065e6add4143f36d

    In your profile page, assuming the user_id was accessible in user_id, you could simple do:

    $user_id = Crypt::decrypt($user_id);

    And proceed like normal. When creating a link to someone’s profile page you would use something like profile/<?php echo Crypt::encrypt($user->user_id); ?>

    • 0