Jump to content

Virtual Product Download - Hashed Filename

Vedro
 Share

Recommended Posts

Vedro Newbie

Vedro

Posted
Posted

Hi,

Prestashop evidently uses an encryption algorithm to create a hashed filename in the downloads directory when a product is selected as downloadable product.

What is the filename hash algorithm used?

I have a ton of downloadable products in my store and it would take forever to do all of them manually one at a time.
I'm looking to automate this process and possibly create a new backend tool in the process...who knows?

Or, is there something already in existence that I can use?

Thanks,

Ben

Link to comment
Share on other sites
Vedro Newbie

Vedro

Posted
  • Author
Posted
I think the hash is build during upload by PS and cannot be manualy manipulated.


Since I wrote this, I decided to pop the hood and take a look at the engine in the beaut. A PHP Class that is being used to create the hash, looks like standard fare...MD50 hash function but I don't think it is the one builtin to PHP. At either rate, I'm looking into developing a backend tool module to aid in such a case.

If anyone knows of one that exists, let me know.

Thanks,
Ben
Link to comment
Share on other sites
codegrunt Newbie

codegrunt

Posted
Posted

The filename is random and could really be anything:

ProductUpload line 248:

function getNewFilename()
       {
               $ret = sha1(microtime());
               if (file_exists(_PS_DOWNLOAD_DIR_.$ret))
                       $ret = $this->getNewFilename();
               return $ret;
       }



So the filename is irrelevant if you are inserting these into the database yourself, just keep in mind that it will appear in generated URLs.

The same goes for the key hash since it just uses the time and tags on the current ProductDownload->id to add to the string length.

It should be noted that the download directory absolutely MUST HAVE a .htaccess file like "deny from all" in it or anyone can download the files directly if they know the hash value.

Cheers

Link to comment
Share on other sites
codegrunt Newbie

codegrunt

Posted
Posted

Hey Vedro. This just came up in another thread so I thought I should note that the current codebase expects the filename to look like an sha1 hash or it will fail the validation stage. To fix that you need to change the validate array in the class declaration. Details are in this post:
http://www.prestashop.com/forums/viewthread/29538/help_installation___upgrade/downloadable_products_dot__dot_mass_import_migration/

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...