|
|
Posted by BearItAll on 06/06/05 13:48
On Mon, 06 Jun 2005 03:15:49 -0700, plittle1970 wrote:
> Hi there. My website passes information from one page to another via the
> URL. it DOESN'T use forms or post/get but rather I build up the url in
> page A as a string and use it to link to page B.
>
> My url looks (something)like this
> http://www.mysite.com/pageb.php?PassedUserName='Hester'&PassedUserOccupation='Tester'
>
> I don't want users to be able to type in what ever entries they like, but
> also I would like to hide the entire list of variables so that it appears
> something like
>
> http://www.mysite.com/pageb.php?PassedData=<random looking data here>
>
> Now, I found these functions
>
> function encrypt($string, $key) {
> $result = '';
> for($i=0; $i<strlen($string); $i++) {
> $char = substr($string, $i, 1);
> $keychar = substr($key, ($i % strlen($key))-1, 1); $char =
> chr(ord($char)+ord($keychar)); $result.=$char;
> }
> return base64_encode($result);
> }
> }
> function decrypt($string, $key) {
> $result = '';
> $string = base64_decode($string);
>
> for($i=0; $i<strlen($string); $i++) {
> $char = substr($string, $i, 1);
> $keychar = substr($key, ($i % strlen($key))-1, 1); $char =
> chr(ord($char)-ord($keychar)); $result.=$char;
> }
> return $result;
> }
> }
> which work nicely on parts of the url giving me PassedUserName='Hester'
> xLTf1NfYvtXG5MLHztixerTG5ejO1Ig=
>
> PassedUserOccupation='Tester'
> xLTf1NfYvtXG5MPJxOjktODK4eKmibXX59rG5Zs=
>
> but I cannot encrypt the whole string
> PassedUserName='Hester'&PassedUserOccupation='Tester' unless i replaced
> the & with another character for example but then I would have to somehow
> split the string into the two variables, and be able to use these values
> in my code.
>
> I guess appending a $ to the start of the decoded string isn't going to
> work? (I doubt my problem would be that easily solved!)
>
> Sorry, I'm a bit green when it comes to Php programming and I've looked
> through the PHP manual and tried many different ways of doing this before
> I had to ask.
>
> Thanks in advance for any/all assistance
Would it be enough to just use variables that are none descriptive at
that point and the variable values as keys to a data location that your
own software understands.
For example, I keep a MySQL table just for my own software's use, mainly
as a debug aid, but also as a way to pass data/control info. In fact I use
it it pretty much the way you would make use of services in UNIX/Linux
programming to talk across threads (not quite a useable as the services
system, but can get round some thread comms problems of php). Then a
variable reference as in your line is simply a reference to which table
item it is.
http://www.mysite.com/pageb.php?val1=0001
With your tables/connection settings outside of your browsable area then
you have already taken your security up a few levels from this one small
method.
[Back to original message]
|