Re: decrypting query string back into $_GET['var']

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So is this the best/safest  way within reason ?


//----------------------------------
//  'Sending'  PHP script:

require_once("/home/includes/encryption.inc");
	
$str =encrypt(urlencode("movie=mymovie.mov&mask=mask.gif&drag=drag.gif"));
$urlString = $pathtoReceivingScript.$str ;


//----------------------------------
//  'Receiving' PHP script:

require_once("/home/includes/encryption.inc");

$str =$_SERVER['QUERY_STRING'];
parse_str(urldecode(decrypt($str)),$getVarArray);
$movie = $getVarArray['movie'];
$mask = $getVarArray['mask'];
$drag = $getVarArray['drag'];
//echo "$movie,$mask,$drag";


//----------------------------------
//  Encryption.inc

// Encrypt
function encrypt($encrypt) {
 	$key = "6r9qEJg6";
   srand((double) microtime() * 1000000); //for sake of MCRYPT_RAND
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv);
   $encode = base64_encode($passcrypt);
 return $encode;
 }

// Decrypt
 function decrypt($decrypt) {
   global $key;
   $key = "6r9qEJg6";
   $decoded = base64_decode($decrypt);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv);
 return $decrypted;
}

On Sep 29, 2005, at 9:33 AM, Jochem Maas wrote:

Graham Anderson wrote:
What is the best way to decrypt a query string  back into  variables ?
$root = "http://www.myserver.com/script.php";;
$queryString = "?test=mytest&color=red";
myEncrypt($queryString);  //add mCrypt encryption
$finalURL = $root.$encryptedQueryString;
what is the proper what to decrypt the GET variables on the other side ?

Do you need to decrypt the query string first ?

yes - if you have a query string like

4509134534068953534875104584437043134081743

or whatever then php won't turn it into a $_GET var.
although your query string could contain &'s and/or ?'s and/or ='s
in which case you might have cruft in the $_GET array which you would
want to clean out before extracting your decrypted string into
$_GET ..

decrypt($_SERVER['QUERY_STRING']);
Once you have decrypted it, can you pass it along to a $_GET as you would with an unencrypted query string ?
$test = $_GET['test'];
Or, do you need to parse the string to extract variables?

yes you do, but this being php - there is a function that will do it for you :-)

http://php.net/parse_str

many thanks
g

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux