Help me remove url encoding on this script

V4NT0M

V4NT0M

V4NT0M

Soldato
Joined
18 Jan 2007
Posts
19,845
Location
Land of the Scots
I've been using the following script for a while and annoyingly it uses url encoding on the internal links so it makes for very long links, I contacted the author previously but he was too busy to really tell me how to fix it.

The website for the script is here and the particular version I'm using is this one, using this version for more customisation.

Can anyone help me?
 
I think the long url is gotten from this function

PHP: 
  function sfpg_url($dir = "", $img = "", $page = "", $cmd ="", $opt = "", $full_link = FALSE)
  {
    $res = $dir . "*" . $img . "*" . $page . "*" . $cmd . "*" . $opt . "*";
    return ($full_link ? $_SERVER["HTTP_HOST"] : $_SERVER["PHP_SELF"]) . "?sfpg=" . sfpg_base64url_encode($res . md5($res . SECURITY_PHRASE));
  }

starting on line 245.

I'm not sure how altering this would affect the usability of everything. Try removing the md5() and see if the gallery still works
 
Ok, I've looked into this a bit more. A bit of late night hackery and I have a possible solution. Basically, an array (url_array) is used to store the long urls that are usually created. Then the the key of each long url stored in the array is used as the actually url.

I have no idea if this will work but it's a start...

I changed these two functions.
PHP: 
  function sfpg_base64url_encode($plain)
  {
	global $url_array;
    $base64 = base64_encode($plain);
    $base64url = strtr($base64, "+/", "-_");
    $ans = rtrim($base64url, "=");
	$url_array[] = $ans;
	return array_search($ans, $url_array);
  }


  function sfpg_base64url_decode($url)
  {
	global $url_array;
	$base64url = $url_array[$url];
    $base64 = strtr($base64url, "-_", "+/");
    $plain = base64_decode($base64);
    return ($plain);
  }

and somewhere near the configuration area at the top I declared the array initially.

PHP: 
$url_array = array();
 
Ha I got beat but I got bored too.

Here's a quick go. The reason the URL is long is because it packs in a few things, such as the name of the image and folder of the chosen image and a few other various options and also a security check. The security check MD5s the various options with a salt (SECURITY_PHRASE) and stores this as another additional parameter in your URL. This is then all BASE64 encoded to make it URL safe and you have a long url :p.

When coming to view an image if the MD5 of the passed options (together with the salt) match up to the MD5 calculated beforehand then you know the URL hasn't been tampered with.

So.. to save a bit of URL space one option is to live life on the edge and disable the security check and save a bit of URL space. I can't see what benefit the security check really gives you to be honest so I doubt it's going to let people hack your site.

Anyway.. here you go: http://pastebin.com/Pgh7YnTw - it just modifies lines 20, 249 and 1089.

You can choose to enable/disable encryption by setting ENABLE_ENCRYPTION to true/false (this is a feature not a hack :o).

And on my machine here's the difference before/after in the URLs:
index.php?sfpg=KjU3ODY4MjQ4LmpwZyoqaW1hZ2Vmb3JtKiowOTQ0ZGExOGJhZGI3OGM3NzMxOWFlMzU4MWRkZjY5NA
index.php?sfpg=KjU3ODY4MjQ4LmpwZyoqaW1hZ2Vmb3JtKio




marc_howarth said:
..
Click to expand...


Marc are you in Matlock Derbyshire? If so where abouts are you, I work there :o.
 
Thanks pho, you helped me figure this out, I made your adjustments and then because that had been fixed I went and took it a little further so now the links have gone from:

index.php?sfpg=c2NyZWVuc2hvdHMvaGFsbyByZWFjaC8qcmVhY2hfMzYxNjMzOV9GdWxsLmpwZyoxKmltYWdlZm9ybSoqNGY2NzQ0ZDhjYzZlNDFjZGQ4NTBlYTQ5OTZjYzhjOTg

to

index.php?sfpg=screenshots/halo%20reach/*reach_3616339_Full.jpg*1*imageform**

woot, made my day :)

Also made some style changes today:

http://chaoticsignal.com/image/default.php?sfpg=screenshots/halo reach/**1***
 
Last edited:
Nice, glad you got it working in the end :). You could probably strip more of it out unless you really needed them; like imageform** etc, but I can't remember off hand what they relate to.


marc_howarth said:
I'm up at Edinburgh Uni most of the time but home is Matlock, haven't really spent much time there as I only moved up there the same time that I was moving to uni.
Click to expand...

Ah ok. I don't know it hugely well as my main reason for being there is work but I roughly know which areas to avoid heh. There's a pretty nice bar called Rendezvous which has acoustic music on every so often if you're into that.

Derbyshire to Edinburgh is quite a trek!
 
You must log in or register to reply here.
Back
Top Bottom