Coldfusion - encryption

Hello experts.
I need help to understand how the ebay encryption for bidders is working.
f.e on this page : http://offer.ebay.com/ws/eBayISAPI.dll?ViewBids&_trksid=p4340.l2565&rt=nc&item=140667065570
the bidder is :  z***d

I use encryption on my page like:
<cfset request.encryptkey = 'mykey' />
<cfset hiddenuser = Encrypt(emailaddress, request.encryptkey,'AES','BASE64') />
<cfoutput>#hiddenuser#</cfoutput>
but this way i get a very large string.I also cannot imagine how i can get unique hiddenusers showing only the first and the last letter.
Any help?
LVL 2
PanosAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott CraigWebmasterCommented:
Ebay doesn't use unique values for these usernames - they are simply putting asterisks in place of the actual values for everything but the first and last characters.  I don't think there is any way you can get a unique value with two letters and blank spaces if you have any larger number of users.
0
PanosAuthor Commented:
Hi sgroppenbecker.
There must be a trick.
Look on this page:
http://offer.ebay.com/ws/eBayISAPI.dll?ViewBids&_trksid=p4340.l2565&rt=nc&item=200691834564

some bidder have number instead of letters.
0
_agx_Commented:
(no points ...)

panosms - I'm not sure what  you're asking.  Are you trying to interface with ebay's api or just emulate how it masks usernames?
0
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

PanosAuthor Commented:
Hi agx.
I want to emulate how it masks usernames.
0
SidFishesCommented:
If you look at the URL, I'm guessing that the e***s in the following is for display only. The real bidder id is probably the eu value (KaU%2BmkhKINVpiqmtaQ5zvzuquJhbhSrQ)

eu = ebay user? maybe

"http://offer.ebay.com/ws/eBayISAPI.dll?ViewBidderProfile&mode=1&item=200691834564&aid=e***s&eu=KaU%2BmkhKINVpiqmtaQ5zvzuquJhbhSrQ&view=NONE&ssPageName=PageBidderProfileViewBids_None_ViewLink">

this way the "encrypted" which is more accurately called a masked id e***s is of little meaning in this context

they probably do something like (not that they are using CF but...)


<cfset session.login.userid='KaU%2BmkhKINVpiqmtaQ5zvzuquJhbhSrQ'>
<cfset session.login.username="ebayuser12321s">
<cfset username = session.login.username>
<cfset eu = session.login.userid>
<cfset aid = left(username, 1) & "***" & right(username,1)>

then output as

<cfoutput>http://offer.ebay.com/ws/eBayISAPI.dll?ViewBidderProfile&mode=1&item=200691834564&aid=#aid#&eu=#eu#</cfoutput>


which is http://offer.ebay.com/ws/eBayISAPI.dll?ViewBidderProfile&mode=1&item=200691834564&aid=e***s&eu=KaU%2BmkhKINVpiqmtaQ5zvzuquJhbhSrQ 

of course this is a guess but I'm pretty sure it's something like this

0
PanosAuthor Commented:
Hi SidFishes.
You are guessing that it could be f.e the first and the last letter of username or email or......
I was wondering what i'm going to do if i have bidders with the same first and last letter?
I must somehow show that they are different user
Any idea?
0
SidFishesCommented:
well it's up to you to decide how to handle that but this is a way. For 3 usernames that start and end with e & s  it produces the output

aid=e***s
aid=e***s_1
aid=e***s_2



<cfoutput><cfset TempQry= querynew("")>
 
<cfset queryaddcolumn  (TempQry, "id", "CF_SQL_integer", ListToArray("1,2,3"))>
<cfset queryaddcolumn  (TempQry, "uname", "cf_sql_varchar", ListToArray("ebayuser12321s,elephants,ebaymees"))>
<cfset queryaddcolumn  (TempQry, "userid", "cf_sql_varchar", ListToArray("2BmkhKINVpiqmtaQ5zvzuquJhbhSrQ, al0023nlnjcnnnclsa, 9234kjhaklslljalsdh"))>

<cfdump var=#tempqry#>
<!--- above are runtime queries just to show example data.  --->

<!--- create an empty variable to hold our list --->
<cfparam name="aidList" default="">

<cfloop query="tempqry">
<cfset username = tempqry.uname>
<cfset eu = tempqry.userid>
<cfset aid = left(username, 1) & "***" & right(username,1)>
<!--- check to see if the list has this aid --->
<cfif listfindnocase(aidlist,aid)>
      <!--- if yes then we need to modify for display --->
      <cfif not isdefined("aidSuffix")>
      <!--- we'll create a numerical suffix to handle multiple matches  --->
            <cfset aidSuffix = 1>
      <cfelse>
            <!--- increment if list already exists --->
            <cfset aidSuffix = aidsuffix + 1>
      </cfif>
<cfset aid = aid & "_" & aidsuffix>
<cfset aidList = listappend(aidList,  aid)>
<cfelse>
<cfset aidList = listappend(aidList, aid)>
</cfif>
aid=#aid#<br>
eu="#eu#
<hr>
</cfloop>



</cfoutput>
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PanosAuthor Commented:
Thank you SidFishes.
I have to handle this in a different way but the idea is exactly what i need.
0
PanosAuthor Commented:
Thank you very much
regards panos
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ColdFusion Language

From novice to tech pro — start learning today.