RocketGeek

Home of WP-Members, The Original WordPress Membership Plugin

Home » Code Snippets » Use a random hash value to obfuscate a user file upload directory

Use a random hash value to obfuscate a user file upload directory

· ·

/**
 * Add a random hash to the user upload directory.
 * 
 * Change the default name of the user upload directory.
 * This example completely removes the user ID value from the
 * directory name, leaving it as a completely random string.
 * 
 * Change $hash_len to set the length. Example creates a random
 * string 36 characters long.
 */
add_filter( 'wpmem_user_upload_dir', function( $args ) {
    
    // How long of a hash?
    $hash_len = 36;
    
    // Check if user already has a directory hash.
    $hash = get_user_meta( $args['user_id'], 'wpmem_file_dir_hash', true );
    if ( ! $hash ) {        
        /*
         * If there is no existing hash, we need to create one.
         * 
         * To make sure it is unique without having to do a for/while loop
         * while checking the db, we can use the user ID in the string.
         * Since the random hash is already long, inserting the user ID
         * does not degrade the randomness.  Theoretically, one could just
         * add the user ID without this step, but I like to have everything
         * being the same length so that a one digit user ID results in the 
         * same directory name length as a four digit user ID.
         *
         * This example makes it user ID + hash.  For example, where the 
         * user ID is "234", the resulting direcotry would be like this:
         * 
         *     234LXd2B8SE31u19TAS0SnwQW6ji
         * 
         * For ultimate randomness in this example, consider switching to
         * add the user ID to the end rather than the beginning.  I did it
         * at the beginning to allow a user with file system access to be
         * able to browse the directory by user ID if they understood the
         * directory name construction being done here.
         */
        $uid_len = strlen( $args['user_id'] );
        $hash = $args['user_id'] . wp_generate_password( ($hash_len-$uid_len), false, false );
        
        update_user_meta( $args['user_id'], 'wpmem_file_dir_hash', $hash );
    }
    
    $args['user_dir'] = $hash;
    
    return $args;
});

Not sure what to do with this code?

You're not a "coder" and don't know what to do? Don't worry! Code Snippets are the basic building blocks of WordPress customization, and once you know the basics, they are simple to use.

Here are some free articles to get you started:

For "hands on" help, consider a plugin support subscription or the Pro Bundle.

Ready to get started?

Join Today!