I've to give the client ID to my customers. As this number will be used in a
third part app, and I only rely on this number for checking the user's
existence (I can't change the third part app), I'd like not to give the flat
number, but an "encoded"
number that let me check if the code is valid.

Let's say client ID = 723
I'd like to have a code quite simple to provide by phone, without any
strange things like @^~... for simple users...

The best things would be an algorithm to crypt the code with a private key
known only by me, and being able to decrypt the code.

I've tried mcrypt_encrypt() , but it's an uncknown function (I'm under
Apache, XP).

Cheers

Well Bob,
Considering you can't use mcrypt, which kinda stinks, you could also just
make the string appear encoded with bas64_encode and base64_decode. No key
required but it appears encrypted to inexperienced peepers. :-\
-Kyle

"Bob Bedford" <bedford1@YouKnowWhatToDoHerehotmail.com> wrote in message
news:416d34bb$0$28031$5402220f@news.sunrise.ch...[color=blue]
> I've to give the client ID to my customers. As this number will be used in
> a third part app, and I only rely on this number for checking the user's
> existence (I can't change the third part app), I'd like not to give the
> flat number, but an "encoded"
> number that let me check if the code is valid.
>
> Let's say client ID = 723
> I'd like to have a code quite simple to provide by phone, without any
> strange things like @^~... for simple users...
>
> The best things would be an algorithm to crypt the code with a private key
> known only by me, and being able to decrypt the code.
>
> I've tried mcrypt_encrypt() , but it's an uncknown function (I'm under
> Apache, XP).
>
> Cheers
>[/color]

"Kyle Hayes" <kyle@digitaleyeon.com> a écrit dans le message de news:
Bdadnf76zawkpPDcRVn-pg@adelphia.com...[color=blue]
> Well Bob,
> Considering you can't use mcrypt, which kinda stinks, you could also just
> make the string appear encoded with bas64_encode and base64_decode. No key
> required but it appears encrypted to inexperienced peepers. :-\
> -Kyle
>[/color]
I've tried, but ask the user, by phone, to enter something like McxFasfxcr
isn't the worst thing I can do.

I'm thinking of something like:
$1 = $ID*45-3
$2 = $ID+2*17
Then the code I provide is $1."S".$2

For decoding and testing, I'll only make the opposite calculation, and if
the calculation1 == calculation2, then the ID should be OK.

But I'd like to avoid such S in the middle.

"Bob Bedford" <bedford1@YouKnowWhatToDoHerehotmail.com> wrote in message
news:416d34bb$0$28031$5402220f@news.sunrise.ch...[color=blue]
> I've to give the client ID to my customers. As this number will be used in[/color]
a[color=blue]
> third part app, and I only rely on this number for checking the user's
> existence (I can't change the third part app), I'd like not to give the[/color]
flat[color=blue]
> number, but an "encoded"
> number that let me check if the code is valid.
>
> Let's say client ID = 723
> I'd like to have a code quite simple to provide by phone, without any
> strange things like @^~... for simple users...
>
> The best things would be an algorithm to crypt the code with a private key
> known only by me, and being able to decrypt the code.
>
> I've tried mcrypt_encrypt() , but it's an uncknown function (I'm under
> Apache, XP).[/color]

Do something like this: combine the client ID with a secret password, then
get the MD5 hash. To check whether it's valid, just loop through all the
possible client IDs and calculate the hash. If there's a match then it's
valid. md5() is quite fast on modern CPUs. As long as your clients number in
thousands rather then millions, the operation should complete in fraction of
a second.

To make it a little friendlier, you can perhaps use just the last few
characters of the hash and convert it to a decimal with hexdec().

"Bob Bedford" <bedford1@YouKnowWhatToDoHerehotmail.com> wrote in message news:<416d34bb$0$28031$5402220f@news.sunrise.ch>.. .[color=blue]
> I've to give the client ID to my customers. As this number will be used in a
> third part app, and I only rely on this number for checking the user's
> existence (I can't change the third part app), I'd like not to give the flat
> number, but an "encoded"
> number that let me check if the code is valid.
>
> Let's say client ID = 723
> I'd like to have a code quite simple to provide by phone, without any
> strange things like @^~... for simple users...[/color]

Perhaps...

<?php
function EncryptClientId($id)
{
return substr(md5($id), 0, 8).dechex($id);
}

function DecryptClientId($id)
{
$md5_8 = substr($id, 0, 8);
$real_id = hexdec(substr($id, 8));
return ($md5_8==substr(md5($real_id), 0, 8)) ? $real_id : 0;
}

$id = 723;
$enc_id = EncryptClientId($id);
echo $enc_id."\n";
echo DecryptClientId($enc_id);
?>

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com