Jump to content

[SOLVED] how to pass value encrypted


rugzo

Recommended Posts

Hi All,

 

i have a page which posts the value and another which gets it like the example below --->

first page-->

 

href=xxx.com?name=blabla

 

second page

get[name]

------

my problem is that the link in explorer can be hacked by anyone because it looks like this--> xxx.com?name=michael

 

someone could replace michael with the name of another one and could get access to that page. Is there a possibility to send and get the value michael encrypted so it cannot be recognized and faked in the adress bar of ie.

I know there is but i couldn't find the solution on web, maybe i am searching for the wrong terms...

 

thanks...

Link to comment
https://forums.phpfreaks.com/topic/155748-solved-how-to-pass-value-encrypted/
Share on other sites

One way someone create:

 

<?php

function get_rnd_iv($iv_len)
{
    $iv = '';
    while ($iv_len-- > 0) {
        $iv .= chr(mt_rand() & 0xff);
    }
    return $iv;
}

function md5_encrypt($plain_text, $password, $iv_len = 16)
{
    $plain_text .= "\x13";
    $n = strlen($plain_text);
    if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
    $i = 0;
    $enc_text = get_rnd_iv($iv_len);
    $iv = substr($password ^ $enc_text, 0, 512);
    while ($i < $n) {
        $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
        $enc_text .= $block;
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    return base64_encode($enc_text);
}

function md5_decrypt($enc_text, $password, $iv_len = 16)
{
    $enc_text = base64_decode($enc_text);
    $n = strlen($enc_text);
    $i = $iv_len;
    $plain_text = '';
    $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
    while ($i < $n) {
        $block = substr($enc_text, $i, 16);
        $plain_text .= $block ^ pack('H*', md5($iv));
        $iv = substr($block . $iv, 0, 512) ^ $password;
        $i += 16;
    }
    return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}

/******************************************/
$plain_text = 'very secret string';
$password = 'very secret password';
echo "plain text is: [${plain_text}]<br />\n";
echo "password is: [${password}]<br />\n";

$enc_text = md5_encrypt($plain_text, $password);
echo "encrypted text is: [${enc_text}]<br />\n";

$plain_text2 = md5_decrypt($enc_text, $password);
echo "decrypted text is: [${plain_text2}]<br />\n";

?>

 

From http://us.php.net/manual/en/function.md5.php#43696

 

Both sites would need to know the $password. Notice that md5 alone just hashes a value, not encrypts it. The above versions actually do an encryption using md5. Just so you do not get confused.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.