Re: decrypting query string back into $_GET['var'] [resend]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Is this the safest way to send GET variables ?
Guess I am trying to improve my code :)


//----------------------------------
//  'Sending'  PHP script:

require_once("/home/includes/encryption.inc");
$str =encrypt(urlencode("movie=mymovie.mov&mask=mask.gif&drag=drag.gif")); 
$finalURLString = $pathtoReceivingScript.$str ;


//----------------------------------
//  'Receiving' PHP script:

require_once("/home/includes/encryption.inc");

$str =$_SERVER['QUERY_STRING'];
parse_str(urldecode(decrypt($str)),$getVarArray);
$movie = $getVarArray['movie'];
$mask = $getVarArray['mask'];
$drag = $getVarArray['drag'];
//echo "$movie,$mask,$drag";


//----------------------------------
//  Encryption.inc

// Encrypt
function encrypt($encrypt) {
 	$key = "6r9qEJg6";
   srand((double) microtime() * 1000000); //for sake of MCRYPT_RAND
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv); 
   $encode = base64_encode($passcrypt);
 return $encode;
 }

// Decrypt
 function decrypt($decrypt) {
   global $key;
   $key = "6r9qEJg6";
   $decoded = base64_decode($decrypt);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv); 
 return $decrypted;
}

On Sep 29, 2005, at 9:33 AM, Jochem Maas wrote:


Graham Anderson wrote:

What is the best way to decrypt a query string  back into  variables ?
$root = "http://www.myserver.com/script.php";;
$queryString = "?test=mytest&color=red";
myEncrypt($queryString);  //add mCrypt encryption
$finalURL = $root.$encryptedQueryString;
what is the proper what to decrypt the GET variables on the other side ? 


Do you need to decrypt the query string first ?


yes - if you have a query string like

4509134534068953534875104584437043134081743

or whatever then php won't turn it into a $_GET var.
although your query string could contain &'s and/or ?'s and/or ='s
in which case you might have cruft in the $_GET array which you would
want to clean out before extracting your decrypted string into
$_GET ..


decrypt($_SERVER['QUERY_STRING']);
Once you have decrypted it, can you pass it along to a $_GET as you would with an unencrypted query string ? 
$test = $_GET['test'];
Or, do you need to parse the string to extract variables?
yes you do, but this being php - there is a function that will do it for you :-) 

http://php.net/parse_str


many thanks
g


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux