Re: [PHP] decrypting query string back into $_GET['var'] [resend]
Is this the safest way to send GET variables ? Guess I am trying to improve my code :) //-- // 'Sending' PHP script: require_once(/home/includes/encryption.inc); $str =encrypt(urlencode(movie=mymovie.movmask=mask.gifdrag=drag.gif)); $finalURLString = $pathtoReceivingScript.$str ; //-- // 'Receiving' PHP script: require_once(/home/includes/encryption.inc); $str =$_SERVER['QUERY_STRING']; parse_str(urldecode(decrypt($str)),$getVarArray); $movie = $getVarArray['movie']; $mask = $getVarArray['mask']; $drag = $getVarArray['drag']; //echo $movie,$mask,$drag; //-- // Encryption.inc // Encrypt function encrypt($encrypt) { $key = 6r9qEJg6; srand((double) microtime() * 100); //for sake of MCRYPT_RAND $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv); $encode = base64_encode($passcrypt); return $encode; } // Decrypt function decrypt($decrypt) { global $key; $key = 6r9qEJg6; $decoded = base64_decode($decrypt); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv); return $decrypted; } On Sep 29, 2005, at 9:33 AM, Jochem Maas wrote: Graham Anderson wrote: What is the best way to decrypt a query string back into variables ? $root = http://www.myserver.com/script.php;; $queryString = ?test=mytestcolor=red; myEncrypt($queryString); //add mCrypt encryption $finalURL = $root.$encryptedQueryString; what is the proper what to decrypt the GET variables on the other side ? Do you need to decrypt the query string first ? yes - if you have a query string like 4509134534068953534875104584437043134081743 or whatever then php won't turn it into a $_GET var. although your query string could contain 's and/or ?'s and/or ='s in which case you might have cruft in the $_GET array which you would want to clean out before extracting your decrypted string into $_GET .. decrypt($_SERVER['QUERY_STRING']); Once you have decrypted it, can you pass it along to a $_GET as you would with an unencrypted query string ? $test = $_GET['test']; Or, do you need to parse the string to extract variables? yes you do, but this being php - there is a function that will do it for you :-) http://php.net/parse_str many thanks g -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] decrypting query string back into $_GET['var']
So is this the best/safest way within reason ? //-- // 'Sending' PHP script: require_once(/home/includes/encryption.inc); $str =encrypt(urlencode(movie=mymovie.movmask=mask.gifdrag=drag.gif)); $urlString = $pathtoReceivingScript.$str ; //-- // 'Receiving' PHP script: require_once(/home/includes/encryption.inc); $str =$_SERVER['QUERY_STRING']; parse_str(urldecode(decrypt($str)),$getVarArray); $movie = $getVarArray['movie']; $mask = $getVarArray['mask']; $drag = $getVarArray['drag']; //echo $movie,$mask,$drag; //-- // Encryption.inc // Encrypt function encrypt($encrypt) { $key = 6r9qEJg6; srand((double) microtime() * 100); //for sake of MCRYPT_RAND $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv); $encode = base64_encode($passcrypt); return $encode; } // Decrypt function decrypt($decrypt) { global $key; $key = 6r9qEJg6; $decoded = base64_decode($decrypt); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv); return $decrypted; } On Sep 29, 2005, at 9:33 AM, Jochem Maas wrote: Graham Anderson wrote: What is the best way to decrypt a query string back into variables ? $root = http://www.myserver.com/script.php;; $queryString = ?test=mytestcolor=red; myEncrypt($queryString); //add mCrypt encryption $finalURL = $root.$encryptedQueryString; what is the proper what to decrypt the GET variables on the other side ? Do you need to decrypt the query string first ? yes - if you have a query string like 4509134534068953534875104584437043134081743 or whatever then php won't turn it into a $_GET var. although your query string could contain 's and/or ?'s and/or ='s in which case you might have cruft in the $_GET array which you would want to clean out before extracting your decrypted string into $_GET .. decrypt($_SERVER['QUERY_STRING']); Once you have decrypted it, can you pass it along to a $_GET as you would with an unencrypted query string ? $test = $_GET['test']; Or, do you need to parse the string to extract variables? yes you do, but this being php - there is a function that will do it for you :-) http://php.net/parse_str many thanks g -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] decrypting query string back into $_GET['var']
What is the best way to decrypt a query string back into variables ? $root = http://www.myserver.com/script.php;; $queryString = ?test=mytestcolor=red; myEncrypt($queryString); //add mCrypt encryption $finalURL = $root.$encryptedQueryString; what is the proper what to decrypt the GET variables on the other side ? Do you need to decrypt the query string first ? decrypt($_SERVER['QUERY_STRING']); Once you have decrypted it, can you pass it along to a $_GET as you would with an unencrypted query string ? $test = $_GET['test']; Or, do you need to parse the string to extract variables? many thanks g -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] decrypting query string back into $_GET['var']
Graham Anderson wrote: What is the best way to decrypt a query string back into variables ? $root = http://www.myserver.com/script.php;; $queryString = ?test=mytestcolor=red; myEncrypt($queryString); //add mCrypt encryption $finalURL = $root.$encryptedQueryString; what is the proper what to decrypt the GET variables on the other side ? Do you need to decrypt the query string first ? yes - if you have a query string like 4509134534068953534875104584437043134081743 or whatever then php won't turn it into a $_GET var. although your query string could contain 's and/or ?'s and/or ='s in which case you might have cruft in the $_GET array which you would want to clean out before extracting your decrypted string into $_GET .. decrypt($_SERVER['QUERY_STRING']); Once you have decrypted it, can you pass it along to a $_GET as you would with an unencrypted query string ? $test = $_GET['test']; Or, do you need to parse the string to extract variables? yes you do, but this being php - there is a function that will do it for you :-) http://php.net/parse_str many thanks g -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] decrypting query string back into $_GET['var']
thanks :) that was exactly what I needed g On Sep 29, 2005, at 9:33 AM, Jochem Maas wrote: Graham Anderson wrote: What is the best way to decrypt a query string back into variables ? $root = http://www.myserver.com/script.php;; $queryString = ?test=mytestcolor=red; myEncrypt($queryString); //add mCrypt encryption $finalURL = $root.$encryptedQueryString; what is the proper what to decrypt the GET variables on the other side ? Do you need to decrypt the query string first ? yes - if you have a query string like 4509134534068953534875104584437043134081743 or whatever then php won't turn it into a $_GET var. although your query string could contain 's and/or ?'s and/or ='s in which case you might have cruft in the $_GET array which you would want to clean out before extracting your decrypted string into $_GET .. decrypt($_SERVER['QUERY_STRING']); Once you have decrypted it, can you pass it along to a $_GET as you would with an unencrypted query string ? $test = $_GET['test']; Or, do you need to parse the string to extract variables? yes you do, but this being php - there is a function that will do it for you :-) http://php.net/parse_str many thanks g -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php