Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 991
  • Last Modified:

ID Obfuscation

I've been trying to come up with a way to generate some fairly short identifiers for use in URL's.  Requirements:
  -- alphanumeric (a-z, A-Z, 0-9)
  -- 10 characters or less (preferably 6 or 8)
  -- always unique
  -- can always be reversed to original number
  -- usable in PHP

I found an equivalent to what I want, but it is in perl:

use Crypt::Skip32::Base32Crockford;
my $key    = pack( 'H20', "112233445566778899AA" ); # Always 10 bytes!
my $cipher = Crypt::Skip32::Base32Crockford->new($key);
my $b32    = $cipher->encrypt_number_b32_crockford(3493209676); # 1PT4W80
my $number = $cipher->decrypt_number_b32_crockford('1PT4W80'); # 3493209676

Open in new window

(from http://stackoverflow.com/questions/2565478/integer-id-obfuscation-techniques)

Pointers to the equivalent PHP libraries would be acceptable.
0
crazedsanity
Asked:
crazedsanity
  • 5
  • 4
  • 4
  • +2
4 Solutions
 
Olaf DoschkeSoftware DeveloperCommented:
Look out for encryption functions in php, eg:
http://www.php.net/manual/en/function.mcrypt-module-open.php

Like you can encrypt (and decrypt) text, you can do with integers, of course. Simply convert to string first.
The resulting encrypted value typically will be as long as the number/text encrypted, but what would be the problem with that? You could pack numbers a bit, by interpreting the digits as hex digits, for example, or take the binary integer/bigint value, which is 32 or 64 bit. = 4 or 8 bytes only.

Bye, Olaf.
0
 
crazedsanityAuthor Commented:
@Olaf: Thank you for the information.  I'd like some other suggestions as well.
0
 
parparovCommented:
You can use base64 encoding
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Olaf DoschkeSoftware DeveloperCommented:
Example #2 on the linked description of mcrypt perhaps?

base64 is not encrypting, but if you only need obfuscation it would be okay.

Before recommending or posting some code, that might be either too unsecure or too complicated for your demand: What do you want to prevent with the obfuscation? If you want to avoid users from changing the obfuscated ID you need a secure en/decryption or some other mechanism. Encrypting an ID alone will not prevent others to copy and reuse a link. Maybe you look for something like preventing session hijacking or other security means, then perhaps have a read on cross site scripting, xss and session management. Using all POST instead of GET requests is one way to prevent simpler attacks via url encoded parameters, which might be a good and easier start than to en/decrypt url-parameters.

Bye, Olaf.
0
 
Slick812Commented:
greetings crazedsanity, , I looked at the Skip32::Base32Crockford; that you mentioned, but did not have time to see anything in it. However your requirements did not seem to be very much, so I did my own way to change an integer to a string of 8 characters all in the alpha numeric set (62 different characters), it is in PHP and can always be reversed (decrypted) to the original integer, , BUT! I do not understand what you may mean by

always unique

as if you have the same integer and Key input, it will a ALWAYS have the same 8 character output string, in order to reverse it successfully. . . . If it was unique, there would have to be a somewhat complex method to make it unique and then reverse that method.

also in my code there is a fast and easy two step encryption, which should be enough for a lightweight obfuscation, , but make sure that you understand that this most likely will not HIDE your number from any experienced cryptographer.
you can try my code to see if it has any use for you, and maybe state more info about what you mean by your "always unique" requirement.

ask questions if you need more information.
<?php

class int2Obfus{
protected $encStr = 'qrst4uvwx5yzABC6DEF7GHIJKa1bcde2fghijklm3nopL8MNOPQR9STUVW0XYZ';
protected $off1 = array(14,33,5,44,27,20,19,39);
	
public function Obfus($int1, $key){
if(!isset($key{3})) $key .= '{$V?';
$aryBytes = array($int1&255, ($int1>>8)&255, ($int1>>16)&255,($int1>>24)&255);
$enc = '';
for ($i=0;$i<4;++$i) {
	$aryBytes[$i] = ($aryBytes[$i] + ord($key{$i})) % 256;
	$aryBytes[$i] ^= ord($key{$i});
	$enc .= chr($aryBytes[$i]);
	}
$enc = bin2hex($enc);
$enc = strtolower($enc);
$reHex = array('0'=>0,'1'=>1,'2'=>2,'3'=>3,'4'=>4,'5'=>5,'6'=>6,'7'=>7,'8'=>8,'9'=>9,'a'=>10,'b'=>11,'c'=>12,'d'=>13,'e'=>14,'f'=>15);
$out1 = '';
for ($i=0;$i<8;++$i) {
	$pos = $reHex[$enc{$i}];
	$pos += $this->off1[$i];
	$out1 .= $this->encStr{$pos};
	}
return $out1;
}


// Code below shows how to use this
$obf1 = new int2Obfus;
$int1 = mt_rand(-2116777215,2116777215);
$key = '0ff#';  // change key and it will change all of $obStr
$obStr = $obf1->Obfus($int1, $key);
echo 'this is the OBFUSED= ',$obStr,'<br />';
//$obStr = 'abcT4$l:';
$outInt = $obf1->unObfus($obStr, $key);
// be dure and TEST for errors with if ($outInt === '1')
if ($outInt === '1') echo 'ERROR - in unObfus the string length was NOT EIGHT<br />';
if ($outInt === '2') echo 'ERROR - in unObfus the string has INCORECT characters for OBFUS string<br />';
echo $int1,' =int1 | outInt= ',$outInt,'<br />';

?>

Open in new window

0
 
Slick812Commented:
sorry I did an incorrect copy and paste of the  class int2Obfus{

below is the full class
class int2Obfus{
protected $encStr = 'qrst4uvwx5yzABC6DEF7GHIJKa1bcde2fghijklm3nopL8MNOPQR9STUVW0XYZ';
protected $off1 = array(14,33,5,44,27,20,19,39);
	
public function Obfus($int1, $key){
if(!isset($key{3})) $key .= '{$V?';
$aryBytes = array($int1&255, ($int1>>8)&255, ($int1>>16)&255,($int1>>24)&255);
$enc = '';
for ($i=0;$i<4;++$i) {
	$aryBytes[$i] = ($aryBytes[$i] + ord($key{$i})) % 256;
	$aryBytes[$i] ^= ord($key{$i});
	$enc .= chr($aryBytes[$i]);
	}
$enc = bin2hex($enc);
$enc = strtolower($enc);
$reHex = array('0'=>0,'1'=>1,'2'=>2,'3'=>3,'4'=>4,'5'=>5,'6'=>6,'7'=>7,'8'=>8,'9'=>9,'a'=>10,'b'=>11,'c'=>12,'d'=>13,'e'=>14,'f'=>15);
$out1 = '';
for ($i=0;$i<8;++$i) {
	$pos = $reHex[$enc{$i}];
	$pos += $this->off1[$i];
	$out1 .= $this->encStr{$pos};
	}
return $out1;
}

public function unObfus($obfused, $key){
if (strlen($obfused) != 8) return '1';
if(preg_match('/[^a-zA-Z0-9]/',$obfused) != 0) return '2';
if(!isset($key{3})) $key .= '{$V?';
$reHex = array('0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f');
$dec = '';
for ($i=0;$i<8;++$i) {
	$mod1 = strpos($this->encStr, $obfused{$i});
	$mod1 -= $this->off1[$i];
	$dec .= $reHex[$mod1];
	}
$dec = pack('H*', $dec);
$aryBytes = array(ord($dec{0}), ord($dec{1}), ord($dec{2}), ord($dec{3}));
for ($i=0;$i<4;++$i) {
	$aryBytes[$i] ^= ord($key{$i});
	$aryBytes[$i] = (($aryBytes[$i]+256) - ord($key{$i})) % 256;
	}
$deInt = $aryBytes[0] | ($aryBytes[1]<<8) | ($aryBytes[2]<<16) | ($aryBytes[3]<<24);
return $deInt;
}
	
} // class int2Obfus

Open in new window

0
 
Ray PaseurCommented:
Here is how you can encrypt and decrypt a string.  If the input is unique, the output is going to be unique, too.

To ensure that your string is UNIQUE among your population of strings, you can keep a data base table with a UNIQUE column.  An attempt to insert a duplicate key will result in MySQL_ErrNo() = 1062.  You can trap this error and thereby know that you have a non-UNIQUE string, so you can choose a different string.
<?php // RAY_encrypt_decrypt.php
error_reporting(E_ALL);

// MAN PAGE: http://us.php.net/manual/en/ref.mcrypt.php

class Encryption
{
    protected $key;
    protected $eot;
    protected $ivs;
    protected $iv;

    public function __construct()
    {
        // SET KEY, DELIMITER, INITIALIZATION VECTOR - MUST BE KNOWN TO BOTH PARTS OF THE ALGORITHM
        $this->key = 'quay';
        $this->eot = '___EOT';
        $this->ivs = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
        $this->iv  = mcrypt_create_iv($this->ivs);
    }

    public function encrypt($text)
    {
        // APPEND END OF TEXT DELIMITER
        $text .= $this->eot;

        // ENCRYPT THE DATA
        $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // MAKE IT base64() STRING SAFE FOR STORAGE AND TRANSMISSION
        return base64_encode($data);
    }

    public function decrypt($text)
    {
        // DECODE THE DATA INTO THE BINARY ENCRYPTED STRING
        $text = base64_decode($text);

        // DECRYPT THE STRING
        $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // REMOVE END OF TEXT DELIMITER
        $data = explode($this->eot, $data);
        return $data[0];
    }
}

// INSTANTIATE THE CLASS
$c = new Encryption();

// INITIALIZE VARS FOR LATER USE IN THE HTML FORM
$encoded = '';
$decoded = '';

// IF ANYTHING WAS POSTED
if (!empty($_POST["clearstring"]))
{
    $encoded = $c->encrypt($_POST["clearstring"]);
    echo "<br/>{$_POST["clearstring"]} YIELDS ";
    var_dump($encoded);
}

if (!empty($_POST["cryptstring"]))
{
    $decoded = $c->decrypt($_POST["cryptstring"]);
    echo "<br/>{$_POST["cryptstring"]} YIELDS ";
    var_dump($decoded);
}

// END OF PHP - PUT UP THE FORM
?>
<form method="post">
<input name="clearstring" value="<?php echo $decoded; ?>" />
<input type="submit" value="ENCRYPT" />
<br/>
<input name="cryptstring" value="<?php echo $encoded; ?>" />
<input type="submit" value="DECRYPT" />
</form>

Open in new window

0
 
Ray PaseurCommented:
This may help, too.
http://www.laprbass.com/RAY_random_unique_string.php
<?php // RAY_random_unique_string.php
error_reporting(E_ALL);
echo "<pre>\n";

// GENERATE A SHORT UNIQUE RANDOM STRING FOR USE AS SOME KIND OF KEY
// NOTE THAT THE DATA BASE MUST HAVE THE rand_key FIELD DEFINED AS "UNIQUE"
// NOTE THAT THE LENGTH ARGUMENT MUST MATCH THROUGHOUT
define('ARG_LENGTH', 6);

// IMPORTANT PAGES FROM THE MANUALS
// MAN PAGE: http://us2.php.net/manual/en/ref.mysql.php
// MAN PAGE: http://us2.php.net/manual/en/mysql.installation.php



// CONNECTION AND SELECTION VARIABLES FOR THE DATABASE
$db_host = "??"; // PROBABLY 'localhost' IS OK
$db_user = "??";
$db_word = "??";

// LIVE DATABASE CREDENTIALS
require_once('RAY_live_data.php');



// OPEN A CONNECTION TO THE DATA BASE SERVER
// MAN PAGE: http://us2.php.net/manual/en/function.mysql-connect.php
if (!$db_connection = mysql_connect("$db_host", "$db_user", "$db_word"))
{
   $errmsg = mysql_errno() . ' ' . mysql_error();
   echo "<br/>NO DB CONNECTION: ";
   echo "<br/> $errmsg <br/>";
}

// SELECT THE MYSQL DATA BASE
// MAN PAGE: http://us2.php.net/manual/en/function.mysql-select-db.php
if (!$db_sel = mysql_select_db($db_name, $db_connection))
{
   $errmsg = mysql_errno() . ' ' . mysql_error();
   echo "<br/>NO DB SELECTION: ";
   echo "<br/> $errmsg <br/>";
   die('NO DATA BASE');
}
// IF WE GOT THIS FAR WE CAN DO QUERIES





// FUNCTION TO CREATE A DATABASE TABLE
function create_myTable()
{
    $length = ARG_LENGTH;

    mysql_query("DROP TABLE IF EXISTS myTable");
    $psql  = "CREATE TEMPORARY TABLE myTable ( ";
    $psql .= "_key        int(8)            NOT NULL AUTO_INCREMENT, ";
    $psql .= "rand_key    varchar($length)  UNIQUE NOT NULL DEFAULT '?', ";
    $psql .= "other_data  varchar(128)      NOT NULL, "; // AS NEEDED BY YOUR APPLICATION
    $psql .= "PRIMARY KEY(`_key`) ";
    $psql .= " ) ENGINE=INNODB DEFAULT CHARSET=ascii";
    if (!$p = mysql_query($psql)) { die( mysql_error() ); }
}





// FUNCTION TO MAKE A RANDOM STRING
function random_string()
{
    // POSSIBLE COMBINATIONS = pow($length,strlen($chr)); = 4.6E18 IF LENGTH IS 4
    //     1...5...10...15...20...25...30......
   $chr = "ABCDEFGHJKMNPQRSTUVWXYZ23456789";
   $str    = "";
   while(strlen($str) < ARG_LENGTH)
   {
      $str .= substr($chr, mt_rand(0,(strlen($chr))), 1);
   }
   return($str);
}





// FUNCTION TO ENSURE THE RANDOM STRING IS UNIQUE
function make_random_key()
{
    $length = ARG_LENGTH;
    $rand_key = '';
    while ($rand_key == '') // GENERATE A UNIQUE AND RANDOM TOKEN
    {
        $rand_key = random_string($length);
        $isql     = "INSERT INTO myTable ( rand_key ) VALUES ( \"$rand_key\")";
        if (!$i   = mysql_query("$isql")) // IF QUERY ERROR
        {
            $err   = mysql_errno();
            if ($err == 1062) // DUPLICATE UNIQUE FIELD ON rand_key
            {
                $rand_key = '';
            } else
            {
                /* HANDLE FATAL QUERY ERROR ($isql) */
            }
        }
    }
    return $rand_key;
}




// SHOW HOW TO MAKE LOTS OF UNIQUE AND RANDOM STRINGS
create_myTable();

$kount = 0;
$array = array();
while ($kount < 100)
{
    $array[] = make_random_key();
    $kount++;
}

print_r($array);

Open in new window

0
 
crazedsanityAuthor Commented:
@Olaf: thanks for the input.  I'm not worried about session hijacking or XSS; I've got enough experience to avoid (or at least mitigate) those problems.  Posting the code is fine: I'm intending on having all parts of the associated application be open source anyway.

@parparov: base 64 encoding is too obvious.  The obfuscation (encryption) has to be to a level that would be impossible to decipher without more than the URL to go on.

@Slick812: I'll do some testing on your class.  Thank you.

@Ray: Thanks for the two examples.  I'll be testing those as well.
0
 
crazedsanityAuthor Commented:
My basic idea is to provide a service where users can upload files anonymously and link to them using a unique URL.  Putting the data into the database (and/or filesystem) is pretty elementary.

I'm looking for a way to avoid people just incrementing or decrementing an ID in the URL to see what else is there.  Exposing the ID also has the side-effect of indicating how quickly (or slowly) new items are being added.
0
 
Ray PaseurCommented:
avoid people just incrementing or decrementing an ID in the URL - Go with the random_unique_string algorithm.

You call the make_random_key() function once for each upload.  It will return the key you would use in your data base.  That is the same key you would use in the URL.

I have used this design pattern to create a carpool data base.  The organizing entity (church, school, camp) creates the "poolpass" which is a nine-character string that is distributed to the constituents.  The constituents use the poolpass to enter their location and travel information.  Without a valid poolpass key, nobody can get into the data base.  Since each poolpass is associated with the organizing entity, the constituents can be fairly certain that anyone else who might become part of their carpool shares the common interest of the organizing entity.  In other words, there are no complete strangers or lurkers among the members of the suggested carpools.

Given a string length of 9 and alphabet of 31 characters, you get 3.8^29 combinations.  The chances of guessing a poolpass are about the same as the chances of meeting someone else with your exact DNA combination.  I hold this to be an acceptably low level of risk.  

In the production version, I used this alphabet, designed to reduce the visual ambiguity of things like O (oh) and 0 (zero).  Depending on the font you use to style the site, you might consider dumping Z2 and S5 as well.

ABCDEFGHJKMNPQRSTUVWXYZ23456789

HTH, Over-and-out ~Ray
0
 
Olaf DoschkeSoftware DeveloperCommented:
Why then generate an integer to en-/decrypt it?

For thast purpose I'd also suggest using a random key, eg global uniuque identifier. It doesn't fulfill the requirement to be short, max 10 chars, but otherwise will work out for the purpose very well.

That is, using com_create_guid()

There also is uniqid(), which is a little shorter.

Bye, Olaf.
0
 
crazedsanityAuthor Commented:
The integer key is what will be stored in the database, since integers are far easier + faster when doing lookups and primary/foreign keys.  Creating a random string doesn't fulfill the original spec, as I need to be able to reverse it.  

That said, I suppose I could create a table that stores the random string (regardless of how it was created) and link that to an ID.  That lookup table could be used to join other tables based on the integer... it probably wouldn't be as fast as using just a number/integer, but would protect existing URL's from getting broken if the hashing/random string generator scheme changed.

I'm not actually all that certain how important it would be to have a very short URL.  Any thoughts on the importance (or lack thereof) of keeping the URL short.
0
 
Slick812Commented:
As I understand your purpose, it's to have an integer used as an ID number stored in a database, to inset and later find (select) in that Table. And you want to have directories with a name from that ID , kinda like -
www.mysite.com/users/101/user_image.jpg

but instead of the  "101" number , you need to hide it as a string , so users (anyone) can not go to the next or previous directory simply by changing it to -
www.mysite.com/users/102/

but as a string for directory -
www.mysite.com/users/vH6nLq/user_image.jpg

you figure that no one will be able to go to other directories with out a lot of trouble, do I get it ?

I agree with you, and feel that this may be a good idea, but one point I do not get is why it has to always be able to be reversed ? ?
I would think that it is a one way thing, In your PHP code that deals with your user signing in, so you can get info from your table in database, so that you find that user's ID and make a string to point to a directory, but I do not see that your user will give you info (from a form post) about the directory name and you would have to reverse it to get their ID. Maybe you could give some more info about the steps you need to take that have the string reversal, , to let us know why you need it.

If you generate a random short string, you have no guarantees that it is always unique, but you will find out when you try to make a directory and PHP tells you in error message that directory already exists.

if you use my int2Obfus class, as long as the ID number is unique, the returned string will be unique (with the same KEY used all the time);
I'm not sure you need much encryption for what you describe, but just some mixed up string characters in a short string,

if you need a shorter string than 8 as in int2Obfus class, I can do it as a 6 character, however for mathematical reasons it will be limited to an integer from 0 to less than 1073741824 .
0
 
crazedsanityAuthor Commented:
Here's (hopefully) a bit better explanation, dealing only with URL's (how/if it is stored on the filesystem is a moot point).


Without obfuscation:
http://my.website.com/i/101.jpg
WITH obfuscation:    
http://my.website.com/i/35xy98a5.jpg

As stated, there are multiple reasons for making the URL difficult/impossible to guess:
 * avoids programmatic downloading of all available files by incrementing integer
 * avoids exposing how fast/slow files are getting added
 * etc

Thoughts on the need to keep the URL short would be appreciated.  Are there pros / cons to these (example) URLS?
 * http://my.website.com/i/847e03c1960dff596b064fef94095b34402b8e2a.jpg
 * http://my.website.com/i/35xy98a5.jpg
 * http://my.website.com/i/594a18d24d9188eb7d6dafd1e2368e5bdb19c01f6cbd1788788415a9fc21a4712fb250eb397d55681e53c4edfaaa9bce517aa488e61100a00449db39da70a17d.jpg
0
 
Slick812Commented:
as a general rule, you should have URLs be as short as practical to allow proper functioning, but I really doubt that many people will actually type in the url, but just click on a link on your site, so it may not be all that important, as long as it does not go over about 12 or 16 characters.
The only reason for increasing the string size that I can think of, is to add to the number of possible variations that a string can have, if you are limited to a 32 different text characters, then for each length, the amount of variations goes up by a power of 32
ab.jpg // 1024 possible different names
abcd.jpg // 1048576 possible different names

in your last example, you have JPG with the 101 as -
http://my.website.com/i/101.jpg

to me this is quite different than a directory name, not so much from a coding stand point, but there may be many more images than directories.

I have changed the functions and added two verification characters, not sure if they are needed, ALSO, since file allocation tables for directory and file names have the same for small letters and capital letters as  AB.jpg  is the same as  ab.jpg  , I changed the character set to all small letters and numbers so there will not be collisions between names that have small and large letters.
<?php

function mixInt($int1){
if ($int1 < 0) return '1';
if ($int1 > 1073741823) return '2';
$aryBytes = array(($int1>>16)&255, $int1&255, ($int1>>8)&255, ($int1>>24)&255);
$mixStr = 'na3xb2dylfq4eihsg7mvokzj5pr6tcuw';
$bit5 = $aryBytes[0] & 31;//lower 5 bits
$bit3 = ($aryBytes[0] & 224) >> 3;// upper 3 bits
$out1 = '';
$out1 .= $mixStr{$bit5};
$bit5 = $aryBytes[1] & 3;//lower 2 bits
$bit3 |= $bit5;
$out1 .= $mixStr{$bit3};
$bit5 = ($aryBytes[1] & 124)>>2;// mid 5 bits
$out1 .= $mixStr{$bit5};
$bit5 = ($aryBytes[1] & 128)>>3;// upper 1 bit
$bit3 = $aryBytes[2] & 15;//lower 4 bits
$out1 .= $mixStr{$bit5 | $bit3};
$bit3 = ($aryBytes[2] & 240)>>3;// upper 4 bits
$bit5 = $aryBytes[3] & 1;//lower 1 bits
$out1 .= $mixStr{$bit5 | $bit3};
$bit3 = ($aryBytes[3] & 62)>>1;
$out1 .= $mixStr{$bit3};
$bit3 = substr($out1,0,3);
$out1 = 'n'.$bit3.'w'.substr($out1,3,3);
$out1 = strrev($out1);
return $out1;
}


function unMixInt($mixed){
if (strlen($mixed) != 8) return '1';
if ($mixed{7} != 'n') return '2';
if ($mixed{3} != 'w') return '2';
$mixed = strrev($mixed);
$bit1 = substr($mixed,1,3);
$mixed = $bit1.substr($mixed,5,3);
$mixStr = 'na3xb2dylfq4eihsg7mvokzj5pr6tcuw';
$aryBytes = array(0,0,0,0);
$bit1 = strpos($mixStr, $mixed{0});
if ($bit1 === false) return '3';
$bit2 = strpos($mixStr, $mixed{1});
if ($bit2 === false) return '3';
$aryBytes[0] = $bit1 | (($bit2 & 28)<< 3);
$bit1 = strpos($mixStr, $mixed{2});
if ($bit1 === false) return '3';
$bit3 = strpos($mixStr, $mixed{3});
if ($bit3 === false) return '3';
$aryBytes[1] = ($bit1 << 2) | ($bit2 & 3) | (($bit3 & 16) << 3);
$bit1 = strpos($mixStr, $mixed{5});
if ($bit1 === false) return '3';
$bit2 = strpos($mixStr, $mixed{4});
if ($bit2 === false) return '3';
$bit1 <<= 1;
$aryBytes[3] = $bit1 | ($bit2 & 1);
$aryBytes[2] = ($bit3 &15) | (($bit2 & 30)<<3);
$deInt = $aryBytes[1] | ($aryBytes[2]<<8) | ($aryBytes[0]<<16) | ($aryBytes[3]<<24);
return $deInt;
}


$int1 = 73791323;
$obStr = mixInt($int1);
switch ($obStr){
	case '1':echo 'ERROR - in MixInt the integer is less than 0<br />';break;
	case '2':echo 'ERROR - in MixInt the integer is greater than 1073741823<br />';break;
}
echo 'this is the mixInt= ',$obStr,'<br />';
$outInt = unMixInt($obStr);
switch ($outInt){
	case '1':echo 'ERROR - in unMixInt the string length was NOT EIGHT<br />';break;
	case '2':echo 'ERROR - in unMixInt verification Failed<br />';break;
	case '3':echo 'ERROR - in unMixInt character in string is Invalid<br />';break;
}
echo $int1,' =int1 | outInt= ',$outInt,'<br />';

?>

Open in new window

0
 
Olaf DoschkeSoftware DeveloperCommented:
Creating a random string doesn't fulfill the original spec, as I need to be able to reverse it.

That problem has a simple solution: Create a table with an autoincrement id, in which you store the generated random key. Then use the random key for obfuscation and lookup the integer id with that obfuscated. So instead of decrypting some value to an integer ID you simply lookup the integer id.

No need to use the random key as primary or foreign key, it's sufficient to be a secondary key of that special lookup table and that's it.

Bye, Olaf.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 4
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now