rugzo Posted April 26, 2009 Share Posted April 26, 2009 Hi All, i have a page which posts the value and another which gets it like the example below ---> first page--> href=xxx.com?name=blabla second page get[name] ------ my problem is that the link in explorer can be hacked by anyone because it looks like this--> xxx.com?name=michael someone could replace michael with the name of another one and could get access to that page. Is there a possibility to send and get the value michael encrypted so it cannot be recognized and faked in the adress bar of ie. I know there is but i couldn't find the solution on web, maybe i am searching for the wrong terms... thanks... Quote Link to comment https://forums.phpfreaks.com/topic/155748-solved-how-to-pass-value-encrypted/ Share on other sites More sharing options...
premiso Posted April 26, 2009 Share Posted April 26, 2009 One way someone create: <?php function get_rnd_iv($iv_len) { $iv = ''; while ($iv_len-- > 0) { $iv .= chr(mt_rand() & 0xff); } return $iv; } function md5_encrypt($plain_text, $password, $iv_len = 16) { $plain_text .= "\x13"; $n = strlen($plain_text); if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16)); $i = 0; $enc_text = get_rnd_iv($iv_len); $iv = substr($password ^ $enc_text, 0, 512); while ($i < $n) { $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv)); $enc_text .= $block; $iv = substr($block . $iv, 0, 512) ^ $password; $i += 16; } return base64_encode($enc_text); } function md5_decrypt($enc_text, $password, $iv_len = 16) { $enc_text = base64_decode($enc_text); $n = strlen($enc_text); $i = $iv_len; $plain_text = ''; $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512); while ($i < $n) { $block = substr($enc_text, $i, 16); $plain_text .= $block ^ pack('H*', md5($iv)); $iv = substr($block . $iv, 0, 512) ^ $password; $i += 16; } return preg_replace('/\\x13\\x00*$/', '', $plain_text); } /******************************************/ $plain_text = 'very secret string'; $password = 'very secret password'; echo "plain text is: [${plain_text}]<br />\n"; echo "password is: [${password}]<br />\n"; $enc_text = md5_encrypt($plain_text, $password); echo "encrypted text is: [${enc_text}]<br />\n"; $plain_text2 = md5_decrypt($enc_text, $password); echo "decrypted text is: [${plain_text2}]<br />\n"; ?> From http://us.php.net/manual/en/function.md5.php#43696 Both sites would need to know the $password. Notice that md5 alone just hashes a value, not encrypts it. The above versions actually do an encryption using md5. Just so you do not get confused. Quote Link to comment https://forums.phpfreaks.com/topic/155748-solved-how-to-pass-value-encrypted/#findComment-819824 Share on other sites More sharing options...
rugzo Posted April 26, 2009 Author Share Posted April 26, 2009 This is more complicate then i thought. I just want that the name should not be seen as itself but hashed as you said. Is there not a simplier way Quote Link to comment https://forums.phpfreaks.com/topic/155748-solved-how-to-pass-value-encrypted/#findComment-819848 Share on other sites More sharing options...
premiso Posted April 26, 2009 Share Posted April 26, 2009 base64_encode and base64_decode Or hash it up, but you need to have what the hash represents on the other end for it to work. Quote Link to comment https://forums.phpfreaks.com/topic/155748-solved-how-to-pass-value-encrypted/#findComment-819860 Share on other sites More sharing options...
rugzo Posted May 1, 2009 Author Share Posted May 1, 2009 Thanks very much Quote Link to comment https://forums.phpfreaks.com/topic/155748-solved-how-to-pass-value-encrypted/#findComment-823411 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.