Hello all im developing a record label managment system and i would like to be able to upload an mp3 file, make it so it links to an artists account encode its name with a md5 hashed track name with the uploaders ip address also hashed into it then after upload grab as much id3 information as possible and put it into the tracks reference in the mysql database. I think it would be best to use the script by BMR777 on thread id http://forums.digitalpoint.com/showthread.php?t=1174500 which is a link to another post in this forum. It would need to be secure. I have no idea really how i would do it but maybe have it first upload the file using one page then invoke a process to rename it using md5 hashes then write a record for it in the database and the id data for added references. Please Help im only a novice.
First, hashing isn't used to make something you have to retrieve later secure. Once you hash data, all you have is the hash. There's no way to get from the hash back to the original data. A hash isn't encoding, it's hashing. (All data hashed with a particular hash algorithm is converted to the same length. A blank string [no characters] hashed with MD5 is 32 bytes long. So is a 2GB file hashed with MD5.) Second, MD5 isn't secure - it's been broken. So has SHA1. If you want security (for now), use SHA512. (That will eventually be broken too, but I haven't seen any references - yet - to its having been broken.) Third, exactly what do you want, as far as security goes? If your users are downloading files, MD5 is probably secure enough to ensure that what they downloaded is what's on the server (that's one way hashes are used). If the hash they get from their downloaded file is the hash you post for it, they can be pretty sure that they got a good download. But as far as making stealing your database useless? That works for passwords. When a user creates an account, you hash (and preferably salt also) the password and store that in the database. Next time they log in, you do the same thing to the password they enter, then compare it to what's stored. If you want to hash something, then read it from the database and "unhash" it, it can't be done. There's no method to convert the hash to the original data. That's not what hashing is for, so no consideration is given to that possibility when the hash is designed. In fact, the ability to "unhash" a hash would result in that algorithm being scrapped - no one will use a hash that can be deconverted back to the original data. If you want to retrieve the data from the database, and get it back into its original form, you need to encrypt it. And encryption is inherently less secure than hashing (by many orders of magnitude). With a smartphone, the German Enigma Code can be broken in minutes. And that's a pretty good encryption method. (Encoding and encrypting are totally different. Calling Enigma a code is a misnomer, it's an encryption method.)
I was thinking of only using hashed values to form unique file names not for encryption methods. By secure i mean to only be able to upload mp3 files aswell as the script to check it is a valid mp3 and not something hostile with an mp3 extension. I want it to be able to store the uploaded files final resting place in the database so that it can be referenced by php when a client requests to be able to listen to the file and not manually search througth a multitude of mp3's.
Easiest way off-hand: Store the songs by artists and then song titles. and then a random generated codethrough PHP function of random characters ABCDEFGHI 1234567 (example) have it generate a random code and upload it to the database as that song/artists unique (random generated) id. When a user listens to the music, assuming they will log in to use your site, have it store their user_name, _user_id and have the user_id either pull from another database for that user alltheir listening history. and the songs will be stored as those random codes and the time/date function they listened to it. That way if it shows them a list of what they had listened to in past, it doesnt have to recompile artists/bands and the song titles etc.. it only takes a code that looks like "AFG342DWD" and searches database of artists /song titles for that code ..and pulls out all the info from there GET * (all data ,* is wildcard for all) TABLE ='artists' WHERE 'id_code' = "$unique_code"; (not written in exact SQL code just to show you the obvious flow) when uploading new artists have a function check the database and IF that NEW random generated code doesn't exist, create the table fields,if it does, regenerate a new code and recheck, and then create the fields. This would give you user history,and also store the artists,song titles, etc youcould also make different databases for different genres/styles, example: Country,Rock,Hard Rock, Classical, Instrumental.