Yet another request for a URL variables hiding suggestion

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • plittle1970@hotmail.com
    #1

    Yet another request for a URL variables hiding suggestion

    Hi there. My website passes information from one page to another via
    the URL. it DOESN'T use forms or post/get but rather I build up the url
    in page A as a string and use it to link to page B.

    My url looks (something)like this
    http://www.mysite.com/pageb.php?Passe dUserName='Hest er'&PassedUserO ccupation='Test er'

    I don't want users to be able to type in what ever entries they like,
    but also I would like to hide the entire list of variables so that it
    appears something like

    http://www.mysite.com/pageb.php?Passe dData=<random looking data here>

    Now, I found these functions

    function encrypt($string , $key) {
    $result = '';
    for($i=0; $i<strlen($stri ng); $i++) {
    $char = substr($string, $i, 1);
    $keychar = substr($key, ($i % strlen($key))-1, 1);
    $char = chr(ord($char)+ ord($keychar));
    $result.=$char;
    }
    return base64_encode($ result);
    }

    function decrypt($string , $key) {
    $result = '';
    $string = base64_decode($ string);

    for($i=0; $i<strlen($stri ng); $i++) {
    $char = substr($string, $i, 1);
    $keychar = substr($key, ($i % strlen($key))-1, 1);
    $char = chr(ord($char)-ord($keychar));
    $result.=$char;
    }
    return $result;
    }

    which work nicely on parts of the url giving me
    PassedUserName= 'Hester'
    xLTf1NfYvtXG5ML HztixerTG5ejO1I g=

    PassedUserOccup ation='Tester'
    xLTf1NfYvtXG5MP JxOjktODK4eKmib XX59rG5Zs=

    but I cannot encrypt the whole string
    PassedUserName= 'Hester'&Passed UserOccupation= 'Tester' unless i replaced
    the & with another character for example but then I would have to
    somehow split the string into the two variables, and be able to use
    these values in my code.

    I guess appending a $ to the start of the decoded string isn't going to
    work? (I doubt my problem would be that easily solved!)

    Sorry, I'm a bit green when it comes to Php programming and I've looked
    through the PHP manual and tried many different ways of doing this
    before I had to ask.

    Thanks in advance for any/all assistance

    Tags: None
    • Jacob Atzen
      #2
      Re: Yet another request for a URL variables hiding suggestion

      On 2005-06-06, plittle1970@hot mail.com <plittle1970@ho tmail.com> wrote:[color=blue]
      > Hi there. My website passes information from one page to another via
      > the URL. it DOESN'T use forms or post/get but rather I build up the url
      > in page A as a string and use it to link to page B.[/color]
      [...]

      I believe you would be better off using sessions.

      PHP: Sessions - Manual
      http://www.php.net/session
      Sessions


      --
      Cheers,
      - Jacob Atzen

        Comment

        • BearItAll
          #3
          Re: Yet another request for a URL variables hiding suggestion

          On Mon, 06 Jun 2005 03:15:49 -0700, plittle1970 wrote:
          [color=blue]
          > Hi there. My website passes information from one page to another via the
          > URL. it DOESN'T use forms or post/get but rather I build up the url in
          > page A as a string and use it to link to page B.
          >
          > My url looks (something)like this
          > http://www.mysite.com/pageb.php?Passe dUserName='Hest er'&PassedUserO ccupation='Test er'
          >
          > I don't want users to be able to type in what ever entries they like, but
          > also I would like to hide the entire list of variables so that it appears
          > something like
          >
          > http://www.mysite.com/pageb.php?Passe dData=<random looking data here>
          >
          > Now, I found these functions
          >
          > function encrypt($string , $key) {
          > $result = '';
          > for($i=0; $i<strlen($stri ng); $i++) {
          > $char = substr($string, $i, 1);
          > $keychar = substr($key, ($i % strlen($key))-1, 1); $char =
          > chr(ord($char)+ ord($keychar)); $result.=$char;
          > }
          > return base64_encode($ result);
          > }
          > }
          > function decrypt($string , $key) {
          > $result = '';
          > $string = base64_decode($ string);
          >
          > for($i=0; $i<strlen($stri ng); $i++) {
          > $char = substr($string, $i, 1);
          > $keychar = substr($key, ($i % strlen($key))-1, 1); $char =
          > chr(ord($char)-ord($keychar)); $result.=$char;
          > }
          > return $result;
          > }
          > }
          > which work nicely on parts of the url giving me PassedUserName= 'Hester'
          > xLTf1NfYvtXG5ML HztixerTG5ejO1I g=
          >
          > PassedUserOccup ation='Tester'
          > xLTf1NfYvtXG5MP JxOjktODK4eKmib XX59rG5Zs=
          >
          > but I cannot encrypt the whole string
          > PassedUserName= 'Hester'&Passed UserOccupation= 'Tester' unless i replaced
          > the & with another character for example but then I would have to somehow
          > split the string into the two variables, and be able to use these values
          > in my code.
          >
          > I guess appending a $ to the start of the decoded string isn't going to
          > work? (I doubt my problem would be that easily solved!)
          >
          > Sorry, I'm a bit green when it comes to Php programming and I've looked
          > through the PHP manual and tried many different ways of doing this before
          > I had to ask.
          >
          > Thanks in advance for any/all assistance[/color]

          Would it be enough to just use variables that are none descriptive at
          that point and the variable values as keys to a data location that your
          own software understands.

          For example, I keep a MySQL table just for my own software's use, mainly
          as a debug aid, but also as a way to pass data/control info. In fact I use
          it it pretty much the way you would make use of services in UNIX/Linux
          programming to talk across threads (not quite a useable as the services
          system, but can get round some thread comms problems of php). Then a
          variable reference as in your line is simply a reference to which table
          item it is.

          Page Not Found - 404 Error Page
          http://www.mysite.com/pageb.php?val1=0001


          With your tables/connection settings outside of your browsable area then
          you have already taken your security up a few levels from this one small
          method.

            Comment

            • Daedalus.OS
              #4
              Re: Yet another request for a URL variables hiding suggestion

              I don't see what you mean by " but I cannot encrypt the whole
              string...unless i replaced the & with another character" ? I tested your
              code by calling this:
              $enc =
              encrypt("Passed UserName='Heste r'&PassedUserOc cupation='Teste r'","volatile") ;
              $dec = decrypt($enc,"v olatile");
              echo "$enc<br>$d ec";

              Here is the output:
              icbQ39TZzcHY2+G 6wuHOqYy+1N/V2duTi5q/zdTnztC66dTesNf M4dXX49XQ4qaTud vi4MbmkA==Passe dUserName='Hest er'&PassedUserO ccupation='Test er'On some other page I would then get the result (after decrypting$_GET['PassedData']) with a simple $result = split('&', $dec)... urlencodeand urldecode may also be useful if you want to include & into someparameter.D ae<plittle1970@ hotmail.com> wrote in messagenews:111 8052949.490444. 204450@g47g2000 cwa.googlegroup s.com...> Hi there. My website passes information from one page to another via> the URL. it DOESN'T use forms or post/get but rather I build up the url> in page A as a string and use it to link to page B.>> My url looks (something)like this>http://www.mysite.com/pageb.php?Passe dUserName='Hest er'&PassedUserO ccupation='Test er'>> I don't want users to be able to type in what ever entries they like,> but also I would like to hide the entire list of variables so that it> appears something like>> http://www.mysite.com/pageb.php?Passe dData=<random looking data here>>> Now, I found these functions>> function encrypt($string , $key) {> $result = '';> for($i=0; $i<strlen($stri ng); $i++) {> $char = substr($string, $i, 1);> $keychar = substr($key, ($i % strlen($key))-1, 1);> $char = chr(ord($char)+ ord($keychar)); > $result.=$char; > }> return base64_encode($ result);> }>> function decrypt($string , $key) {> $result = '';> $string = base64_decode($ string);>> for($i=0; $i<strlen($stri ng); $i++) {> $char = substr($string, $i, 1);> $keychar = substr($key, ($i % strlen($key))-1, 1);> $char = chr(ord($char)-ord($keychar)); > $result.=$char; > }> return $result;> }>> which work nicely on parts of the url giving me> PassedUserName= 'Hester'> xLTf1NfYvtXG5ML HztixerTG5ejO1I g=>> PassedUserOccup ation='Tester'> xLTf1NfYvtXG5MP JxOjktODK4eKmib XX59rG5Zs=>> but I cannot encrypt the whole string> PassedUserName= 'Hester'&Passed UserOccupation= 'Tester' unless i replaced> the & with another character for example but then I would have to> somehow split the string into the two variables, and be able to use> these values in my code.>> I guess appending a $ to the start of the decoded string isn't going to> work? (I doubt my problem would be that easily solved!)>> Sorry, I'm a bit green when it comes to Php programming and I've looked> through the PHP manual and tried many different ways of doing this> before I had to ask.>> Thanks in advance for any/all assistance>

                Comment

                Previous template Next
                Working...