0

I have a file sharing website, and every file has a random id. Example for an id: G4t68MgW7

Every upload I create a random id, and check if it's exists (in a loop). There are some issues with that way.

  1. I have to check if this id does exists (Mysql query)
  2. It's a limited range

So how can I can create a unique id without limitation and without checking if it already exists?

Note: I don't use Auto Increment because I want to avoid from bots to reach every file in my website. example of how it looks in the browser: http://www.example.com/file/G4t68MgW7

HTMHell
  • 5,761
  • 5
  • 37
  • 79

4 Answers4

0

You can assign timestamp value ie, time() as id. It will be unique always

Jaisundar
  • 1
0

Well, you more or less gave the answer yourself.

Illustrated with the following pseudocode:

while (true) {
    hash = generate_hash();

    SQL -> Check if hash found

    if (!found) {
        break;
    }
}

It is pretty easy to implement this. The generate hash could be a simple md5 or it could be a function that builds a random string based on an array of letters. For example something as simple as:

function generate_hash() {
    return '$2y$' . substr(md5(time() . 'foo' . rand(0, 1000000) . 'bar'), 0, 15) . 'ydfdf';
}

In 99.999% of all cases, the hash would be unique, so performance should not be an issue here. This also creates more "randomness" than uniqid().

OptimusCrime
  • 14,662
  • 13
  • 58
  • 96
  • What about: `return substr(md5(time() . uniqid()), 0, 15);` ? And BTW, what `$2y$` and `ydfdf` for? – HTMHell Jul 03 '14 at 12:05
  • And why `foo` and `bar` ? – HTMHell Jul 03 '14 at 12:16
  • @ArielAharonson : Just to add some more randomness to the mix. I also pre- and end-fixed the hash. What you suggest will make too. I just like to add some static stuff to the mix to avoid the most obvious hash tables. Hash tables for only numeric values are pretty common. – OptimusCrime Jul 03 '14 at 12:22
  • Got it, thanks. so should I use a static words or `uniqid()` like my previous comment? – HTMHell Jul 03 '14 at 12:25
  • @ArielAharonson - I prefer a mix, like the one I posted over. Only using on of them is no good. Kind of depends how critial security is, but this takes like 2 seconds to implement anyways. – OptimusCrime Jul 03 '14 at 12:27
  • OK. and what about using `microtime(true)` instead of `time()`? Will it make it better? – HTMHell Jul 03 '14 at 12:29
  • @ArielAharonson - Nah, that will most likely make no difference. Do whatever you like. – OptimusCrime Jul 03 '14 at 12:32
0
echo substr(uniqid(rand(10,1000),false),rand(0,10),6)
Bishal Paudel
  • 1,896
  • 2
  • 21
  • 28
0

You can have a table of pre-defined identifiers, so you make sure that they are unique in creation time (you don't have to query if they exist; simply insert and don't do anything if the insert fails). When you want a file to be uploaded, get an unused code and mark it as used so it's not used again. You can also have a cron to check if you're running out of codes, and run the generation script again (increasing the number of characters makes the number of codes virtually unlimited). As this is asynchronous, it won't affect performance.

DMorillo
  • 86
  • 4