473,224 Members | 1,578 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,224 software developers and data experts.

PHP querystring encryption,

Hi,

I've had to quickly servers and need to turn an ASP script into PHP, i
got the original script from: -

http://www.4guysfromrolla.com/webtech/012000-1.shtml

Does anyone know of a PHP version of this? otherwise it's gonna be a
few hours sifting through it and converting it line by line.

Any suggestions very much welcome.

Jul 17 '05 #1
6 6111
JDS
On Mon, 20 Jun 2005 11:06:15 -0700, Ian N wrote:
Does anyone know of a PHP version of this? otherwise it's gonna be a
few hours sifting through it and converting it line by line.


No, but you can probably do something similar using a combination of
serialize() + urlencode() and decoding it with urldecode()

If you *really* want to obfuscate the query string, try throwing
base64_encode() (and base64_decode()) into the mix.

Note that this is not really encryption, merely obfuscation, and the ASP
example is also not really encryption, merely obfuscation.

--
JDS | je*****@example.invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/

Jul 17 '05 #2
JDS
On Mon, 20 Jun 2005 14:13:50 -0400, JDS wrote:
Note that this is not really encryption, merely obfuscation, and the ASP
example is also not really encryption, merely obfuscation.


Ooops, my blow, hank. It really *is* encryption. I just read the article
in more detail.

Look at PHP's mcrpypt* functions.

http://us4.php.net/manual/en/functio...odule-open.php

later...

--
JDS | je*****@example.invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/

Jul 17 '05 #3
Thanks for the reply, i'm looking into the php version now.

My main problem is that it's got to be passed from a PHP server to an
ASP server, so the encryption must be spot on or it won't decrypt.

In theory it should work fine, i'm not so convinced it'll be so simple
in practice sadly.

Jul 17 '05 #4
NC
Ian N wrote:

I've had to quickly servers and need to turn an ASP script
into PHP, i got the original script from: -

http://www.4guysfromrolla.com/webtech/012000-1.shtml

Does anyone know of a PHP version of this? otherwise it's gonna be a
few hours sifting through it and converting it line by line.


Hours? How about ten minutes? The script given at

http://www.4guysfromrolla.com/webtech/110599-1.2.shtml

translates as follows:

$g_CryptThis = "Now is the time for all good men to come to the aid of
their country.";
$g_KeyLocation = "key.txt";

$g_Key = substr(ReadKeyFromFile($g_KeyLocation), 0,
strlen($g_CryptThis));

echo "<p>ORIGINAL STRING: ", $g_CryptThis, "<p>";
echo "<p>KEY VALUE: ", $g_Key, "<p>";
echo "<p>ENCRYPTED CYPHERTEXT: ", EnCrypt($g_CryptThis), "<p>";
echo "<p>DECRYPTED CYPHERTEXT: ", DeCrypt(EnCrypt($g_CryptThis)),
"<p>";

function EnCrypt($strCryptThis) {
global $g_Key;
for ($i = 0; $i < strlen($strCryptThis); $i++) {
$iKeyChar = ord($g_Key{$i});
$iStringChar = ord($strCryptThis{$i});
// *** uncomment below to encrypt with addition,
// $iCryptChar = $iStringChar + $iKeyChar;
$iCryptChar = $iKeyChar ^ $iStringChar;
$strEncrypted = $strEncrypted . chr($iCryptChar);
}
return $strEncrypted;
}

function DeCrypt($strEncrypted) {
global $g_Key;
for ($i = 0; $i < strlen($strEncrypted); $i++) {
$iKeyChar = ord($g_Key{$i});
$iStringChar = ord($strEncrypted{$i});
// *** uncomment below to decrypt with subtraction
// $iDeCryptChar = $iStringChar - $iKeyChar;
$iDeCryptChar = $iKeyChar ^ $iStringChar;
$strDecrypted = $strDecrypted . chr($iDeCryptChar);
}
return $strDecrypted;
}

function ReadKeyFromFile($strFileName) {
$key = file_get_contents($strFileName);
$key = str_replace("\r", '', $key);
$key = str_replace("\n", '', $key);
return $key;
}

Cheers,
NC

Jul 17 '05 #5
NC
Ian N wrote:

My main problem is that it's got to be passed from a PHP
server to an ASP server,
Be sure to safeguard the key in both places...
the encryption must be spot on or it won't decrypt.
It is.
In theory it should work fine, i'm not so convinced it'll
be so simple in practice sadly.


Well, you should try it... :)

Cheers,
NC

Jul 17 '05 #6
JDS
On Wed, 22 Jun 2005 13:04:40 -0700, NC wrote:
Be sure to safeguard the key in both places...


Maybe, try encrypting the key with another key? And then, for extra
security, encrypt that key with another key. That oughtta do it.

--
JDS | je*****@example.invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/

Jul 17 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Arjen | last post by:
Hello, Can somebody tell my if it is posible to create a QueryString encryption/decryption that works from a higher level then the code view... For example: I have an URL like...
4
by: Jason Shohet | last post by:
I'm getting a URL w/ a querystring coming in to start my app. In session_start, I was thinking of scrambling that querystring to keep it from prying eyes.... Any ideas? Doesn't need to be...
1
by: Nils N | last post by:
Hi all, Does anyone have a best practice for performring querystring authentication. I am now sending an email with a url to which the user clicks to confirm his or her registration. The url...
2
by: Craig HB | last post by:
I need to pass a variable in a querystring that I want to hide from the user. eg www.abc.com?UserID=555 and the UserID must be hidden. I was thinking of encrypting the ID, using a UserGUID that...
2
by: Ryan | last post by:
Hi. I am trying to encrypt some data being passed between two aspx pages using querystring. I have tried bith DES and Rijndael and have run across the following problem. After either provider...
2
by: Ram | last post by:
Hi, I am passing values from one form to another using querystring. It is easy for anyone to tamper these values. Now i don't want to show any values in the url .How can be this done?. I don't...
4
by: Islamegy® | last post by:
I give up.. I tried everything to encrypt querystring and decrypt it back but this never success.. i use RSA encryption. I always get excption when Convert fromBase64String so i tried...
2
by: gandhibasnet | last post by:
Using : System.Web.HttpUtility.UrlEncode() I have used the following code : Response.Redirect("Receive_encrypted_data.aspx?valz="+System.Web.HttpUtility.UrlEncode(TextBox1.Text)); but the...
3
by: pingsheng | last post by:
Dear all, I have a form with dynamically created input fields. These fields go to next page for submitting into SQL database. The thing is all fields are the same but 4 fields. So each record...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: veera ravala | last post by:
ServiceNow is a powerful cloud-based platform that offers a wide range of services to help organizations manage their workflows, operations, and IT services more efficiently. At its core, ServiceNow...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: mar23 | last post by:
Here's the situation. I have a form called frmDiceInventory with subform called subfrmDice. The subform's control source is linked to a query called qryDiceInventory. I've been trying to pick up the...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.