I just didn't like the way you can figure out the filenames of your cached images. If you have images called IMG_001.jpg you know the cache file name will be IMG_001_600.jpg so you can just go into www.example/zenphoto/cache/album01/IMG_001_600.jpg and you can view it.
So I've used an md5 hash to change the IMG_001_600.jpg into 7285fd649d71cc756d206baa38c67862.jpg. It's unique and can only be determined if you know the key.
Why does this bother me? Because you can always view the cache even though it's under the protected page. It doesn't protect against direct linking but at least unless you have access to the folder first to determine the file name.
What I've done is using the filename, I create a md5 hash of the filename along with a key. If anyone wants to really implement it, the key can be put into the database upon creation and called via the getOptions. That way it's unique to every install.
Here's the code for the function getImageCacheFilename in functions.php
function getImageCacheFilename($album, $image, $args) {
// Set default variable values.
$postfix = getImageCachePostfix($args);
$md5str = md5('a34fwxzz1'.$image.$postfix); // The key is a34fwxzz1 can be replaced to be unique
if (ini_get('safe_mode')) {
$albumsep = SAFE_MODE_ALBUM_SEP;
$album = str_replace(array('/',"\\"), $albumsep, $album);
} else {
$albumsep = '/';
}
// return '/' . $album . $albumsep . $image . $postfix . '.jpg';
return '/' . $album . $albumsep . $md5str . '.jpg';
}
Zenphoto
