Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Feb 2010
    Posts
    50
    Thanks
    5
    Thanked 1 Time in 1 Post

    encrypting and decrypting url string

    hi
    all i want to do is encryed part of my url.

    i want to do this becasue i have a private messaging system that i have made i made a page to view there message in detailed view. So i decside to pass throught a url paramiter but the problem with this is that the url is is this
    eg
    http://localhost/mywigan/user/privat...tails.php?id=5

    so a user can edit the id number and change it to view other peoples private messages (not very private now)

    so i did some reaserch and found about the function
    mcrypt
    and this is what i did

    PHP Code:
     
    <?php
    $key 
    'This encrypting key';
    $encrypted_data mcrypt_ecb (MCRYPT_3DES$key$row_messages['id'], MCRYPT_ENCRYPT);  //encrypt using triple DES
    $id urlencode(base64_encode($encrypted_data));
     
     
    ?>
    and the link to veiw the message in detail i did

    PHP Code:
    <td><a href="details.php?id=<?php echo $id urlencode(base64_encode($encrypted_data)); ?>">detail</a>></td>

    and yes this encryp the end so now i get

    somthing like this
    http://localhost/mywigan/user/privat...LWkimdP836s%3D

    now i need to decode the encryption and i don't know how to do this i have tryed this

    PHP Code:
    $id $_REQUEST["id"];
    $url_id base64_decode(urldecode($id));
    $decrypted_data mcrypt_decrypt(MCRYPT_BLOWFISH$key$url_idMCRYPT_MODE_CBC$iv); 
    but i get these errors

    Code:
    Notice: Undefined variable: key in C:\wamp\www\mywigan\user\private_messages\details.php on line 112
     
    Notice: Undefined variable: iv in C:\wamp\www\mywigan\user\private_messages\details.php on line 112
     
    Warning: mcrypt_decrypt() [function.mcrypt-decrypt]: The IV parameter must be as long as the blocksize in C:\wamp\www\mywigan\user\private_messages\details.php on line 112
     
    Catchable fatal error: mcrypt_decrypt() [function.mcrypt-decrypt]: Mcrypt initialisation failed in C:\wamp\www\mywigan\user\private_messages\details.php on line 112
    how can i decode the encrytion

    or this there a better way to make my details page or a better my at pass a paramiter through?

    thank for your time and help!
    Last edited by phpcodelearner; 02-19-2010 at 09:46 PM.

  • #2
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Check the logged in user id against the id from $_GET. If they don't match, the user is trying to view messages belonging to someone else. i.e:

    Code:
    if ($user_id != intval($_GET['id']))
    {
        exit('Invalid request.');
    }
    $user_id is an example. Replace that with what is relevant to your specific code.

  • Users who have thanked MattF for this post:

    phpcodelearner (02-19-2010)

  • #3
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    In fact, there's no point passing the user id via get at all. Just use the user id of the logged in user in your script.

  • #4
    New Coder
    Join Date
    Feb 2010
    Posts
    50
    Thanks
    5
    Thanked 1 Time in 1 Post

    thanks

    thanks mate

    i did this in the end

    PHP Code:
     
    <?php 
     
    $user_id 
    $_SESSION['MM_Username'];
    if (
    $user_id != $row_message['to'])
    {
        exit(
    'you can not view other peoples PRIVATE MESSAGES!');

     
     
    ?>
    one last question if i wanted to decrypt that id how would i do it.

    if you don't know does no matter my problem is sloved

    thanks alot mate

  • #5
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Quote Originally Posted by phpcodelearner View Post
    one last question if i wanted to decrypt that id how would i do it.
    $iv and $key aren't set, as your log messages point out.
    Last edited by MattF; 02-19-2010 at 11:34 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •