zixp
asked on
Very simple encrypt/decrypt
I need to send a variable containing the direcory and filename of a file that the user will be able to download, with a GET variable. I would like to encrypt this variable, and then decrypt it on the other side, using a very simple encrypt/decrypt scheme. Something with a salt, but not so complicated as what I have seen. My initial reaction was to serialize it, but as far as I can tell I cant use a salt.
If you have some sort of access to a database or a temporary file, why pass the information through the user anyway? Just create a temporary storage for the filename, give it an ID, and then pass the ID through the user, "decoding" it to a filename on the other side.
If you are working on a *nix server, you have access to System V-type IPC functions as well. You could create a message queue or shared memory area (or even a pipe using system calls), and pass the "id" or the "name" of the IPC object through the user.
If you are working on a *nix server, you have access to System V-type IPC functions as well. You could create a message queue or shared memory area (or even a pipe using system calls), and pass the "id" or the "name" of the IPC object through the user.
ASKER
I would preffer to keep my database out of the equation, because the reason I have to pass the info in a GET var is because I have to create links on the fly for 3000+ files, so if I could encrypt and decrypt (with a secret salt) it would be the best.
a friend of mine has some JavaScript code that does some encrypt decrypt stuff that might be of help
http://howtocode.net/htc_encode.php
My idea is to feed the encrypted string into the url and pass it to your HTML page that would incrypt it and display a link to the decrypted file path/name.
http://howtocode.net/htc_encode.php
My idea is to feed the encrypted string into the url and pass it to your HTML page that would incrypt it and display a link to the decrypted file path/name.
ASKER
javascript opens some secuity holes that I dont want to deal with
You can use the mcrypt - functions of PHP if your PHP is compiled with the mcrypt -extension.
There are very good and easy to use crypt/decrypt functions. See: http://de.php.net/mcrypt and there the examples given.
There are very good and easy to use crypt/decrypt functions. See: http://de.php.net/mcrypt and there the examples given.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Wow, that was more than I was expecting. Thanks!
Glad i could help. Besides, I enjoyed the time I spent coding it :)
ASKER
I just realized that the code posted fails when there is a single quote in the file name. Any ideas on the culprit?
Umm, it really shouldn't do that. I just tried it myself and it works fine:
$crypted = my_crypt("file_the_'mean'" , "booga");
echo $crypted." - ".my_decrypt($crypted, "booga")."\n";
produces
c8d8dbccc0d6d7d4c688cfd4d0 d588 - file_the_'mean'
in what way does it fail?
maybe you mixed up double quotes and single quotes somewhere or something like that?
e.g.
$filename = 'file_the_'mean'';
anyway, if the problem persists, You can always do a str_replace($file, "'", "?");
and after decrypting do a str_replace($file, "?", "'");
hope this helps :)
$crypted = my_crypt("file_the_'mean'"
echo $crypted." - ".my_decrypt($crypted, "booga")."\n";
produces
c8d8dbccc0d6d7d4c688cfd4d0
in what way does it fail?
maybe you mixed up double quotes and single quotes somewhere or something like that?
e.g.
$filename = 'file_the_'mean'';
anyway, if the problem persists, You can always do a str_replace($file, "'", "?");
and after decrypting do a str_replace($file, "?", "'");
hope this helps :)
ASKER
if the file has an single quote (like if the file name is: "john doe's summer picture.jpg") it doesnt work right, I have gone through the code (you meant to have an open{ and close } after "if ($counter == $max)" right?) but I cant find what could be causing it.
Well the bracket thingies are not neccessary, since there's only one statement, but i guess it's more appropriate to use them, anyway :)
anyway, it should all work nicely, if no characters used ASCII value is less than 128, and ' ASCII value is 39. that's weird.
have you tried to replace the apostrophe with a question mark prior to encrypting and then replacing it back after decrypting? that should be a workaround good enough.
the weirdest thing is, it work's perfectly for me - using a salt "booga" i get
ccded7d581c6ded48ed482e2e4 d4cec7e18f d7cac5e3e4 d9c690d9df ce - john doe's summer picture.jpg
in what way it fails? does the PHP die with an error or does it decrpyt it wrong?
anyway, it should all work nicely, if no characters used ASCII value is less than 128, and ' ASCII value is 39. that's weird.
have you tried to replace the apostrophe with a question mark prior to encrypting and then replacing it back after decrypting? that should be a workaround good enough.
the weirdest thing is, it work's perfectly for me - using a salt "booga" i get
ccded7d581c6ded48ed482e2e4
in what way it fails? does the PHP die with an error or does it decrpyt it wrong?
ASKER
it just decrypts wrong and tells me that it cant find the file. It could be in my script (though I was using it before without the problem), but in the worst case Ill use the '?'. I shouldnt have to post here again, but thank you for coming back to it
no problem.
good luck in bug hunting :)
if there's a bug in my script, feel free to flame here :)
good luck in bug hunting :)
if there's a bug in my script, feel free to flame here :)
ASKER
sorry, I feel like such an idiot. I was passing the file name with a get variable to use as the salt, and that was the problem. I set it to use substr($file, -3) instead for the salt (But Ill still pass the whole filename so its not obvious ;) Thanks again
hey, at least you have one workaround now in case things go bad :))
Glad i could help :)
Glad i could help :)
MD5 String Directory/File
djd8sdfdsdfj2o3jf8 files/thisfile.jpg
fdj3jfr90fsld8sdfjk files/mydoc.doc
dsflkj3999f3kfjsl3 files/workbook.xls
Look up the MD5 that is passed in the url and you have the file they need to get.