subject:"\[PHP\] decrypting query string back into $

Re: [PHP] decrypting query string back into $_GET['var'] [resend]

2005-10-03 Thread Graham Anderson


Is this the safest way to send GET variables ?
Guess I am trying to improve my code :)


//--
//  'Sending'  PHP script:

require_once(/home/includes/encryption.inc);

$str 
=encrypt(urlencode(movie=mymovie.movmask=mask.gifdrag=drag.gif));

$finalURLString = $pathtoReceivingScript.$str ;


//--
//  'Receiving' PHP script:

require_once(/home/includes/encryption.inc);

$str =$_SERVER['QUERY_STRING'];
parse_str(urldecode(decrypt($str)),$getVarArray);
$movie = $getVarArray['movie'];
$mask = $getVarArray['mask'];
$drag = $getVarArray['drag'];
//echo $movie,$mask,$drag;


//--
//  Encryption.inc

// Encrypt
function encrypt($encrypt) {
$key = 6r9qEJg6;
   srand((double) microtime() * 100); //for sake of MCRYPT_RAND
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, 
MCRYPT_MODE_ECB), MCRYPT_RAND);
   $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, 
MCRYPT_MODE_ECB, $iv);

   $encode = base64_encode($passcrypt);
 return $encode;
 }

// Decrypt
 function decrypt($decrypt) {
   global $key;
   $key = 6r9qEJg6;
   $decoded = base64_decode($decrypt);
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, 
MCRYPT_MODE_ECB), MCRYPT_RAND);
   $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, 
MCRYPT_MODE_ECB, $iv);

 return $decrypted;
}

On Sep 29, 2005, at 9:33 AM, Jochem Maas wrote:


Graham Anderson wrote:

What is the best way to decrypt a query string  back into  variables ?
$root = http://www.myserver.com/script.php;;
$queryString = ?test=mytestcolor=red;
myEncrypt($queryString);  //add mCrypt encryption
$finalURL = $root.$encryptedQueryString;
what is the proper what to decrypt the GET variables on the other 
side ?



Do you need to decrypt the query string first ?


yes - if you have a query string like

4509134534068953534875104584437043134081743

or whatever then php won't turn it into a $_GET var.
although your query string could contain 's and/or ?'s and/or ='s
in which case you might have cruft in the $_GET array which you would
want to clean out before extracting your decrypted string into
$_GET ..


decrypt($_SERVER['QUERY_STRING']);
Once you have decrypted it, can you pass it along to a $_GET as you 
would with an unencrypted query string ?

$test = $_GET['test'];
Or, do you need to parse the string to extract variables?


yes you do, but this being php - there is a function that will do it 
for you :-)


http://php.net/parse_str


many thanks
g


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] decrypting query string back into $_GET['var']

2005-09-30 Thread Graham Anderson


So is this the best/safest  way within reason ?


//--
//  'Sending'  PHP script:

require_once(/home/includes/encryption.inc);

$str 
=encrypt(urlencode(movie=mymovie.movmask=mask.gifdrag=drag.gif));

$urlString = $pathtoReceivingScript.$str ;


//--
//  'Receiving' PHP script:

require_once(/home/includes/encryption.inc);

$str =$_SERVER['QUERY_STRING'];
parse_str(urldecode(decrypt($str)),$getVarArray);
$movie = $getVarArray['movie'];
$mask = $getVarArray['mask'];
$drag = $getVarArray['drag'];
//echo $movie,$mask,$drag;


//--
//  Encryption.inc

// Encrypt
function encrypt($encrypt) {
$key = 6r9qEJg6;
   srand((double) microtime() * 100); //for sake of MCRYPT_RAND
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, 
MCRYPT_MODE_ECB), MCRYPT_RAND);
   $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, 
MCRYPT_MODE_ECB, $iv);

   $encode = base64_encode($passcrypt);
 return $encode;
 }

// Decrypt
 function decrypt($decrypt) {
   global $key;
   $key = 6r9qEJg6;
   $decoded = base64_decode($decrypt);
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, 
MCRYPT_MODE_ECB), MCRYPT_RAND);
   $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, 
MCRYPT_MODE_ECB, $iv);

 return $decrypted;
}

On Sep 29, 2005, at 9:33 AM, Jochem Maas wrote:


Graham Anderson wrote:

What is the best way to decrypt a query string  back into  variables ?
$root = http://www.myserver.com/script.php;;
$queryString = ?test=mytestcolor=red;
myEncrypt($queryString);  //add mCrypt encryption
$finalURL = $root.$encryptedQueryString;
what is the proper what to decrypt the GET variables on the other 
side ?



Do you need to decrypt the query string first ?


yes - if you have a query string like

4509134534068953534875104584437043134081743

or whatever then php won't turn it into a $_GET var.
although your query string could contain 's and/or ?'s and/or ='s
in which case you might have cruft in the $_GET array which you would
want to clean out before extracting your decrypted string into
$_GET ..


decrypt($_SERVER['QUERY_STRING']);
Once you have decrypted it, can you pass it along to a $_GET as you 
would with an unencrypted query string ?

$test = $_GET['test'];
Or, do you need to parse the string to extract variables?


yes you do, but this being php - there is a function that will do it 
for you :-)


http://php.net/parse_str


many thanks
g


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] decrypting query string back into $_GET['var']

2005-09-29 Thread Graham Anderson



What is the best way to decrypt a query string  back into  variables ?


$root = http://www.myserver.com/script.php;;
$queryString = ?test=mytestcolor=red;
myEncrypt($queryString);  //add mCrypt encryption
$finalURL = $root.$encryptedQueryString;

what is the proper what to decrypt the GET variables on the other side ?


Do you need to decrypt the query string first ?
decrypt($_SERVER['QUERY_STRING']);

Once you have decrypted it, can you pass it along to a $_GET as you 
would with an unencrypted query string ?

$test = $_GET['test'];

Or, do you need to parse the string to extract variables?

many thanks

g

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] decrypting query string back into $_GET['var']

2005-09-29 Thread Jochem Maas


Graham Anderson wrote:


What is the best way to decrypt a query string  back into  variables ?


$root = http://www.myserver.com/script.php;;
$queryString = ?test=mytestcolor=red;
myEncrypt($queryString);  //add mCrypt encryption
$finalURL = $root.$encryptedQueryString;

what is the proper what to decrypt the GET variables on the other side ?





Do you need to decrypt the query string first ?


yes - if you have a query string like

4509134534068953534875104584437043134081743

or whatever then php won't turn it into a $_GET var.
although your query string could contain 's and/or ?'s and/or ='s
in which case you might have cruft in the $_GET array which you would
want to clean out before extracting your decrypted string into
$_GET ..


decrypt($_SERVER['QUERY_STRING']);

Once you have decrypted it, can you pass it along to a $_GET as you 
would with an unencrypted query string ?

$test = $_GET['test'];

Or, do you need to parse the string to extract variables?


yes you do, but this being php - there is a function that will do it for you :-)

http://php.net/parse_str



many thanks

g



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] decrypting query string back into $_GET['var']

2005-09-29 Thread Graham Anderson


thanks :)

that was exactly what I needed

g
On Sep 29, 2005, at 9:33 AM, Jochem Maas wrote:


Graham Anderson wrote:

What is the best way to decrypt a query string  back into  variables ?
$root = http://www.myserver.com/script.php;;
$queryString = ?test=mytestcolor=red;
myEncrypt($queryString);  //add mCrypt encryption
$finalURL = $root.$encryptedQueryString;
what is the proper what to decrypt the GET variables on the other 
side ?



Do you need to decrypt the query string first ?


yes - if you have a query string like

4509134534068953534875104584437043134081743

or whatever then php won't turn it into a $_GET var.
although your query string could contain 's and/or ?'s and/or ='s
in which case you might have cruft in the $_GET array which you would
want to clean out before extracting your decrypted string into
$_GET ..


decrypt($_SERVER['QUERY_STRING']);
Once you have decrypted it, can you pass it along to a $_GET as you 
would with an unencrypted query string ?

$test = $_GET['test'];
Or, do you need to parse the string to extract variables?


yes you do, but this being php - there is a function that will do it 
for you :-)


http://php.net/parse_str


many thanks
g


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] decrypting query string back into $_GET['var'] [resend]

Re: [PHP] decrypting query string back into $_GET['var']

[PHP] decrypting query string back into $_GET['var']

Re: [PHP] decrypting query string back into $_GET['var']

Re: [PHP] decrypting query string back into $_GET['var']

5 matches

Site Navigation

Mail list logo

Footer information