It's time to ditch Medium for good! 🌈⚡️

Introducing Devblog by Hashnode. Blog on your domain for FREE. Highly customizable and optimized for developers.

Learn more

My website allows guest/anonymous users to upload content. What is a way that I can allow them to edit this content without having to create a account?

Write your answer…

7 answers

Another idea, which may require too much effort on the part of the user, is to show a unique token or url for each uploaded piece of content. The user can choose to store this and use it to edit the content.

Advantages: it's more anonymous, since there are no cookies to track users, and you can't even track which pieces of content are uploaded by the same user. The tokens also persist after clearing cookies or even reinstalling the PC.

Disadvantages: it's clearly quite some effort for the user to keep track of all the tokens.

P.s. it sounds like may use your service to upload nsfw or copyrighted content.... But maybe that's the point.

Show all replies

Given the lengths mentioned in other answers, it might be worth adding that the token should be longer than 4 characters. It can just be 32 because people will just copy-paste or bookmark it anyway, nobody is going to remember even 6 random characters per upload, why make it short?

Reply to this…

Share your programming knowledge and learn from the best developers on Hashnode

Get started

Even though they're anonymous users, generate a unique id for each user from the client side itself and save it in cookies with a long expiry.

Whenever someone uploads a file save that unique id along with the file. Now you can allow users to edit the file if its owner is the same as in the cookies.

You can use uuidv4 or something for unique ids

Show all replies

"who uploaded which content" that is what the author of this question wants!

Reply to this…

I'd at least make them type in an e-mail address if they want to edit. Generate an authorization code for editing, and send it to them that way. OR just display the edit authorization code when they create the file, they lose that code, well... that's their fault.

Any other method -- sessions, cookies, localstorage -- isn't portable or permanent.

Show all replies

Gijo Varghese Basically what Mark said. He calls it a token... people also call them hashes, passwords, whatever. A unique randomly generated sequence of characters that you use to authorize the access.He and I said the same thing, we just used different terminology.

You could either have them enter a e-mail to have it sent to them, or simply display it on screen, or even put up two different URL's -- one for showing it, one for editing it.

I rarely suggest using JavaScript for "Add bookmark" methods, but this is a case where the technique would be a nice enhancement. Show the edit token as a URI with a button next to it for bookmarking.

You could even once it is uploaded go straight to the edit page for it, giving them the chance to bookmark the edit page URI.

Reply to this…

No need to collect anything from users instead, hash the things as discussed here. Let users upload the content no strings attached, now generate a very long id lets say its the private key to the user, now make sure you have your very own secret key with you that you will be using for all the requests. Now to store the file, ask them to give some name/generate something random yourself, using your secret key and the users private key, create a permanent hash and append it with the file name and store it.

Lets say, User's private key = DDA22E18DA54C1494E90324ADE71400C48DEC72AEE5C25B2A0A63CD497398052 ( this is SHA256 of "hashnode") Your private key = 2F183A4E64493AF3F377F745EDA502363CD3E7EF6E4D266D444758DE0A85FCC8 (SHA256 of "anonymous")

Now to store the file : SHA256(SHA256(user's private key) + SHA256(your private key)) 7433BACE002F1403E6AFCFF8A5FE8FBAE55192682992802E160C2A388E0FA1F4 + 2C9A303023DEF128C4FBC1FBF1C70BE6A1F9739A3D765DFC4F24DA9AD6D725A7

The final hash : E954EA3B3AE1B245C2B6C664D88582887ED986613F6CD18A5E1166AD9BFFBF85

Now create a directory with the final hash and store the files inside that directory with some random name/number/name given by user into that folder.

To retrieve the files. Just take in the user's private key SHA256 it, SHA256 your secret key and then SHA256 the whole appended hash, you have the directory name. Lookup the directory, if its present list the files else the user has no files yet. If looking up files/ reading a huge directory is not a good idea. Instead, you can use a database to verify if files are present or not.

You can modify this to give particular links to every file as per other discussions done here.

To make it user-friendly store the user's private key in local storage and then retrieve it next time automatically when the page loads.

Disadvantage: If the user loses his so-called private key, everything is gone.

Reply to this…

You can generate unique url for each file like snag.gy does

Reply to this…

Load more responses