popularanky
Posts: 53
|
Posted: 03/13/2012, 8:11 AM |
|
How do I encrypt my url from a link field and decrypt it on the next page.
below is my url
http://localhost/wimbid/pro_detail.php?pro_id=2
How do I hide or change the (pro_detail.php?pro_id=2)
_________________
EKERE UBONG UBONG
IT Officer
CognitiveDrive |
|
|
clahti2
Posts: 107
|
Posted: 03/13/2012, 10:39 AM |
|
Quote popularanky:
I am not sure what you want to do, but you can do something like this.
page1 = urlselector.php, your link control is called $mylink on record $myrecord
page2 = urlnavigator.php, a page that decrypts the next url and navigates there.
//before show event of link control
//encrypt the URL
$key = 'myprivatekey';
$url = $myrecord->$mylink->GetLink();
//above should return pro_detail.php?pro_id=2
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $url, MCRYPT_MODE_CBC, md5(md5($key))));
$myrecord->$mylink->SetLink("urlnavigator.php?destination=" . $encrypted);
now on your urlnavigator.php page you can decrypt the url in the page before initialize event:
$key = 'myprivatekey';
$destination = CCGetParam("destination","");
if ($destination) {
//decrypt and navigate
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($destination), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
//this would take you to the url, not what you want
header("Location: $decrypted");
} else {
echo "no destination specified";
}
This is only to get you started, the URL will still be visible when it ultimately hits the header directive, you will probably have to have your urlnavigator.php include the decrypted url to hide the values, but display the results. I am sure I could get this to work but would take some time.
|
|
|
popularanky
Posts: 53
|
Posted: 03/14/2012, 7:18 AM |
|
When you say
Quote :$key = 'myprivatekey';
what should be the privatekey?
_________________
EKERE UBONG UBONG
IT Officer
CognitiveDrive |
|
|
clahti2
Posts: 107
|
Posted: 03/14/2012, 10:54 AM |
|
whatever key you want to use to encrypt the string.
|
|
|
tonyk
Posts: 163
|
Posted: 03/23/2012, 3:55 AM |
|
If you are trying to encrypt a link to prevent tampering why not try a 'nonce'; or 'number used once'.
If you are using a database you can store the variables required on the next page with a unique random and time-limited key which is passed in the url. The next page looks up the values in the db pointed to by the nonce and applies them to the page. If no nonce is found that could indicate tampering and could be used to assist in applying security. Add the session_id into the database and you could delete all nonces created in the session at a stroke.
It takes a little work to get it running but once created you can use the function on any number of pages quite easily. Sites such as yahoo use nonces, they are the long random strings seen in the url.
Tony
example code shown below
This shows two methods, the first alters a link, the second redirects with altered url.
set_nonce($foo) adds the nonce and variables to the database and returns the value of the nonce for use in the url, the variables are in a comma separated list that can be exploded in the before initialize event of the next page once read in from the database. Use CCGetParam to read the value of the nonce and use that to query the database.
The target_id can be used to ensure that the data is applied to the correct page, target_id holds the identity of the intended page
Do not use the word 'nonce' in your own pages as it has unpleasant connotations.
>>>>>>>>>>>>>>>>>>>>>>>
$contact=$Container->DataSource->f(id_contacts');
$passed="target_id,new_contacts.php,contact,$contact";
$Component->SetValue("<a href='new_contacts.php?nonce=".set_nonce($passed);
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2nd example
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
global $Redirect, $FileName;
$qs = CCGetQueryString("QueryString","");
$qs = CCRemoveParam($qs, "ccsForm"); //Never want this hanging around!
/*set nonce variables */
$file_trans="new_information.php";
$passed="target_id,$file_trans,request_id,".CCGetSession("request_id","");
//Are there other query string params we want?
if ($qs) {
$goto = $file_trans . "?nonce=".set_nonce($passed);
}
else {
$goto = $file_trans . "?nonce=".set_nonce($passed);
}
$Redirect = $goto;
|
|
|
clahti2
Posts: 107
|
Posted: 03/26/2012, 8:51 AM |
|
Interesting approach! I think you should move this to the Tips and Solutions section
|
|
|
tonyk
Posts: 163
|
Posted: 04/02/2012, 9:10 AM |
|
Thanks. Put in tips and solutions.
Tony
|
|
|
|