rugzo Posted April 26, 2009 Share Posted April 26, 2009 Hi All, i have a page which posts the value and another which gets it like the example below ---> first page--> href=xxx.com?name=blabla second page get[name] ------ my problem is that the link in explorer can be hacked by anyone because it looks like this--> xxx.com?name=michael someone could replace michael with the name of another one and could get access to that page. Is there a possibility to send and get the value michael encrypted so it cannot be recognized and faked in the adress bar of ie. I know there is but i couldn't find the solution on web, maybe i am searching for the wrong terms... thanks... Link to comment https://forums.phpfreaks.com/topic/155748-solved-how-to-pass-value-encrypted/ Share on other sites More sharing options...
premiso Posted April 26, 2009 Share Posted April 26, 2009 One way someone create: <?php function get_rnd_iv($iv_len) { $iv = ''; while ($iv_len-- > 0) { $iv .= chr(mt_rand() & 0xff); } return $iv; } function md5_encrypt($plain_text, $password, $iv_len = 16) { $plain_text .= "\x13"; $n = strlen($plain_text); if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16)); $i = 0; $enc_text = get_rnd_iv($iv_len); $iv = substr($password ^ $enc_text, 0, 512); while ($i < $n) { $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv)); $enc_text .= $block; $iv = substr($block . $iv, 0, 512) ^ $password; $i += 16; } return base64_encode($enc_text); } function md5_decrypt($enc_text, $password, $iv_len = 16) { $enc_text = base64_decode($enc_text); $n = strlen($enc_text); $i = $iv_len; $plain_text = ''; $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512); while ($i < $n) { $block = substr($enc_text, $i, 16); $plain_text .= $block ^ pack('H*', md5($iv)); $iv = substr($block . $iv, 0, 512) ^ $password; $i += 16; } return preg_replace('/\\x13\\x00*$/', '', $plain_text); } /******************************************/ $plain_text = 'very secret string'; $password = 'very secret password'; echo "plain text is: [${plain_text}]<br />\n"; echo "password is: [${password}]<br />\n"; $enc_text = md5_encrypt($plain_text, $password); echo "encrypted text is: [${enc_text}]<br />\n"; $plain_text2 = md5_decrypt($enc_text, $password); echo "decrypted text is: [${plain_text2}]<br />\n"; ?> From http://us.php.net/manual/en/function.md5.php#43696 Both sites would need to know the $password. Notice that md5 alone just hashes a value, not encrypts it. The above versions actually do an encryption using md5. Just so you do not get confused. Link to comment https://forums.phpfreaks.com/topic/155748-solved-how-to-pass-value-encrypted/#findComment-819824 Share on other sites More sharing options...
rugzo Posted April 26, 2009 Author Share Posted April 26, 2009 This is more complicate then i thought. I just want that the name should not be seen as itself but hashed as you said. Is there not a simplier way Link to comment https://forums.phpfreaks.com/topic/155748-solved-how-to-pass-value-encrypted/#findComment-819848 Share on other sites More sharing options...
premiso Posted April 26, 2009 Share Posted April 26, 2009 base64_encode and base64_decode Or hash it up, but you need to have what the hash represents on the other end for it to work. Link to comment https://forums.phpfreaks.com/topic/155748-solved-how-to-pass-value-encrypted/#findComment-819860 Share on other sites More sharing options...
rugzo Posted May 1, 2009 Author Share Posted May 1, 2009 Thanks very much Link to comment https://forums.phpfreaks.com/topic/155748-solved-how-to-pass-value-encrypted/#findComment-823411 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.