Solved

How to hide/encrypt http arguments in php?

Posted on 2008-06-17
6
273 Views
Last Modified: 2008-06-17
Hi

lets consider we are passing one argument like below

http://thegurbani.com/audio/index.php?file=http://www.thegurbani.com/audio/audio/kirtan/4.mp3

argument : "file=http://www.thegurbani.com/audio/audio/kirtan/4.mp3"

I want you to encrypt this argument and then at target location decrypt it.

Plz note I need this argument in normal form becoz I am catching it at target location into a php_variable.
0
Comment
Question by:theredcode
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 49

Expert Comment

by:Roonaan
ID: 21804633
Do you have access to a database? Then you could just use file=123 or file=456 based on an primairy auto increment key.
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 21804636
Use the AES encrypt function, which is part of the mcrypt library.
0
 

Author Comment

by:theredcode
ID: 21804775
well no database, simple argument passing

can u provide code for encrypting and decrypting.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 29

Expert Comment

by:rdivilbiss
ID: 21804805
Yes, a moment please.
0
 
LVL 29

Accepted Solution

by:
rdivilbiss earned 500 total points
ID: 21805440

<?PHP
 
$iv = mcrypt_create_iv(16, MCRYPT_RAND);
$key = substr($fieldHash,0,mcrypt_get_key_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB));
 
// need to use the same key and iv to decode so save to session	
$_SESSION['key']=$key;
$_SESSION['iv']=$iv;
 
//have to pad your string to be at least 64 chars.  Can be longer.
$text = str_pad("http://www.thegurbani.com/audio/audio/kirtan/4.mp3",64);
 
//Need to Base64 encode the encrypted string or it won't pass as a URL.
$param = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $text, MCRYPT_MODE_ECB, $iv));
 
//  how to decrypt...using saved values and base64 decrypt
$href = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $_SESSION['key'], base64_decode($param), MCRYPT_MODE_ECB, $_SESSION['iv']);
 
 
?>
<html>
 
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>The link</title>
</head>
 
<body>
<p>Link with encoded param: <a href="aeslink2.php?p=<?=$param?>">The link</a></p>
<p>Decoded Param: <?=$href?></p>
</body>
 
</html>

Open in new window

0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 21808637
That code isn't good for your purposes.  See below for better.
<?PHP
session_start();
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
// save these for decoding
$_SESSION["iv"] = $iv;
 
$key = "This is a very secret key";
$_SESSION["key"] = $key;
 
//$text = "Who framed Roger Rabbit";
$text = addcslashes("http://www.thegurbani.com/audio/4.mp3","\0..\37");
 
// we will pass the length...nothing given away with that.
$len = strlen($text);
 
$crypttext = urlencode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv));
?>
<html>
 
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Send Encrypted URL Parameter</title>
</head>
 
<body>
<p>Hover over the URL to see what is passed.</p>
<a href="page2.php?file=<?=$crypttext?>&len=<?=$len?>">Pass It</a>
</body>
 
</html>
 
 
 
<?PHP
// page2.php
session_start();
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
 
// We need the originals
$iv = $_SESSION["iv"];
$key = $_SESSION["key"];
 
// get the encrypted filename
$param=$_GET["file"];
 
// get its length
$len=$_GET["len"];
 
// decode, decrypt and perform substr to get the original file name
$filex = substr(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, urldecode($param), MCRYPT_MODE_ECB, $iv),0,$len);
?>
 
<html>
 
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Receive Encrypted File Name</title>
</head>
 
<body>
<?=$filex?>
</body>
 
</html>

Open in new window

0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
can i read my emails on lamp ftp 4 26
Wordpress Query 5 45
How Close unsubmited attempts 10 46
How to hide contact form only if no validation errors 4 28
Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question