Link to home
Start Free TrialLog in
Avatar of zixp
zixp

asked on

Very simple encrypt/decrypt

I need to send a variable containing the direcory and filename of a file that the user will be able to download, with a GET variable. I would like to encrypt this variable, and then decrypt it on the other side, using a very simple encrypt/decrypt scheme.  Something with a salt, but not so complicated as what I have seen. My initial reaction was to serialize it, but as far as I can tell I cant use a salt.
Avatar of f0rdmstang
f0rdmstang

You could use md5 to encrypt but no realy way you can decrypt it.  You could include the md5 in the url and then have a database of some type where you lookup the md5 string you gave them and reference the directory or file.

MD5 String                       Directory/File
djd8sdfdsdfj2o3jf8             files/thisfile.jpg
fdj3jfr90fsld8sdfjk              files/mydoc.doc
dsflkj3999f3kfjsl3               files/workbook.xls

Look up the MD5 that is passed in the url and you have the file they need to get.
If you have some sort of access to a database or a temporary file, why pass the information through the user anyway? Just create a temporary storage for the filename, give it an ID, and then pass the ID through the user, "decoding" it to a filename on the other side.

If you are working on a *nix server, you have access to System V-type IPC functions as well. You could create a message queue or shared memory area (or even a pipe using system calls), and pass the "id" or the "name" of the IPC object through the user.
Avatar of zixp

ASKER

I would preffer to keep my database out of the equation, because the reason I have to pass the info in a GET var is because I have to create links on the fly for 3000+ files, so if I could encrypt and decrypt (with a secret salt) it would be the best.
a friend of mine has some JavaScript code that does some encrypt decrypt stuff that might be of help

http://howtocode.net/htc_encode.php

My idea is to feed the encrypted string into the url and pass it to your HTML page that would incrypt it and display a link to the decrypted file path/name.
Avatar of zixp

ASKER

javascript opens some secuity holes that I dont want to deal with
You can use the mcrypt - functions of PHP if your PHP is compiled with the mcrypt -extension.
There are very good and easy to use crypt/decrypt functions. See: http://de.php.net/mcrypt and there the examples given.
ASKER CERTIFIED SOLUTION
Avatar of kroplis
kroplis

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of zixp

ASKER

Wow, that was more than I was expecting.  Thanks!
Glad i could help. Besides, I enjoyed the time I spent coding it :)
Avatar of zixp

ASKER

I just realized that the code posted fails when there is a single quote in the file name.  Any ideas on the culprit?
Umm, it really shouldn't do that. I just tried it myself and it works fine:
$crypted = my_crypt("file_the_'mean'", "booga");
echo $crypted." - ".my_decrypt($crypted, "booga")."\n";

produces

c8d8dbccc0d6d7d4c688cfd4d0d588 - file_the_'mean'

in what way does it fail?
maybe you mixed up double quotes and single quotes somewhere or something like that?
e.g.
$filename = 'file_the_'mean'';

anyway, if the problem persists, You can always do a str_replace($file, "'", "?");
and after decrypting do a str_replace($file, "?", "'");

hope this helps :)
Avatar of zixp

ASKER

if the file has an single quote (like if the file name is: "john doe's summer picture.jpg") it doesnt work right, I have gone through the code (you meant to have an open{ and close } after "if ($counter == $max)" right?) but I cant find what could be causing it.
Well the bracket thingies are not neccessary, since there's only one statement, but i guess it's more appropriate to use them, anyway :)

anyway, it should all work nicely, if no characters used ASCII value is less than 128, and ' ASCII value is 39. that's weird.

have you tried to replace the apostrophe with a question mark prior to encrypting and then replacing it back after decrypting? that should be a workaround good enough.

the weirdest thing is, it work's perfectly for me - using a salt "booga" i get
ccded7d581c6ded48ed482e2e4d4cec7e18fd7cac5e3e4d9c690d9dfce - john doe's summer picture.jpg

in what way it fails? does the PHP die with an error or does it decrpyt it wrong?
Avatar of zixp

ASKER

it just decrypts wrong and tells me that it cant find the file. It could be in my script  (though I was using it before without the problem), but in the worst case Ill use the '?'. I shouldnt have to post here again, but thank you for coming back to it
no problem.
good luck in bug hunting :)
if there's a bug in my script, feel free to flame here :)
Avatar of zixp

ASKER

sorry, I feel like such an idiot. I was passing the file name with a get variable to use as the salt, and that was the problem. I set it to use substr($file, -3) instead for the salt (But Ill still pass the whole filename so its not obvious ;)  Thanks again
hey, at least you have one workaround now in case things go bad :))

Glad i could help :)