How to hide/encrypt http arguments in php?

Hi

lets consider we are passing one argument like below

http://thegurbani.com/audio/index.php?file=http://www.thegurbani.com/audio/audio/kirtan/4.mp3

argument : "file=http://www.thegurbani.com/audio/audio/kirtan/4.mp3"

I want you to encrypt this argument and then at target location decrypt it.

Plz note I need this argument in normal form becoz I am catching it at target location into a php_variable.
theredcodeAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
rdivilbissConnect With a Mentor Commented:

<?PHP
 
$iv = mcrypt_create_iv(16, MCRYPT_RAND);
$key = substr($fieldHash,0,mcrypt_get_key_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB));
 
// need to use the same key and iv to decode so save to session	
$_SESSION['key']=$key;
$_SESSION['iv']=$iv;
 
//have to pad your string to be at least 64 chars.  Can be longer.
$text = str_pad("http://www.thegurbani.com/audio/audio/kirtan/4.mp3",64);
 
//Need to Base64 encode the encrypted string or it won't pass as a URL.
$param = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $text, MCRYPT_MODE_ECB, $iv));
 
//  how to decrypt...using saved values and base64 decrypt
$href = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $_SESSION['key'], base64_decode($param), MCRYPT_MODE_ECB, $_SESSION['iv']);
 
 
?>
<html>
 
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>The link</title>
</head>
 
<body>
<p>Link with encoded param: <a href="aeslink2.php?p=<?=$param?>">The link</a></p>
<p>Decoded Param: <?=$href?></p>
</body>
 
</html>

Open in new window

0
 
RoonaanCommented:
Do you have access to a database? Then you could just use file=123 or file=456 based on an primairy auto increment key.
0
 
rdivilbissCommented:
Use the AES encrypt function, which is part of the mcrypt library.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
theredcodeAuthor Commented:
well no database, simple argument passing

can u provide code for encrypting and decrypting.
0
 
rdivilbissCommented:
Yes, a moment please.
0
 
rdivilbissCommented:
That code isn't good for your purposes.  See below for better.
<?PHP
session_start();
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
// save these for decoding
$_SESSION["iv"] = $iv;
 
$key = "This is a very secret key";
$_SESSION["key"] = $key;
 
//$text = "Who framed Roger Rabbit";
$text = addcslashes("http://www.thegurbani.com/audio/4.mp3","\0..\37");
 
// we will pass the length...nothing given away with that.
$len = strlen($text);
 
$crypttext = urlencode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $text, MCRYPT_MODE_ECB, $iv));
?>
<html>
 
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Send Encrypted URL Parameter</title>
</head>
 
<body>
<p>Hover over the URL to see what is passed.</p>
<a href="page2.php?file=<?=$crypttext?>&len=<?=$len?>">Pass It</a>
</body>
 
</html>
 
 
 
<?PHP
// page2.php
session_start();
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
 
// We need the originals
$iv = $_SESSION["iv"];
$key = $_SESSION["key"];
 
// get the encrypted filename
$param=$_GET["file"];
 
// get its length
$len=$_GET["len"];
 
// decode, decrypt and perform substr to get the original file name
$filex = substr(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, urldecode($param), MCRYPT_MODE_ECB, $iv),0,$len);
?>
 
<html>
 
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Receive Encrypted File Name</title>
</head>
 
<body>
<?=$filex?>
</body>
 
</html>

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.