By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,824 Members | 1,296 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,824 IT Pros & Developers. It's quick & easy.

simple encode/decode with checksum

P: n/a
I've to give the client ID to my customers. As this number will be used in a
third part app, and I only rely on this number for checking the user's
existence (I can't change the third part app), I'd like not to give the flat
number, but an "encoded"
number that let me check if the code is valid.

Let's say client ID = 723
I'd like to have a code quite simple to provide by phone, without any
strange things like @^~... for simple users...

The best things would be an algorithm to crypt the code with a private key
known only by me, and being able to decrypt the code.

I've tried mcrypt_encrypt() , but it's an uncknown function (I'm under
Apache, XP).

Cheers
Jul 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Well Bob,
Considering you can't use mcrypt, which kinda stinks, you could also just
make the string appear encoded with bas64_encode and base64_decode. No key
required but it appears encrypted to inexperienced peepers. :-\
-Kyle

"Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote in message
news:41***********************@news.sunrise.ch...
I've to give the client ID to my customers. As this number will be used in
a third part app, and I only rely on this number for checking the user's
existence (I can't change the third part app), I'd like not to give the
flat number, but an "encoded"
number that let me check if the code is valid.

Let's say client ID = 723
I'd like to have a code quite simple to provide by phone, without any
strange things like @^~... for simple users...

The best things would be an algorithm to crypt the code with a private key
known only by me, and being able to decrypt the code.

I've tried mcrypt_encrypt() , but it's an uncknown function (I'm under
Apache, XP).

Cheers

Jul 17 '05 #2

P: n/a

"Kyle Hayes" <ky**@digitaleyeon.com> a écrit dans le message de news:
Bd********************@adelphia.com...
Well Bob,
Considering you can't use mcrypt, which kinda stinks, you could also just
make the string appear encoded with bas64_encode and base64_decode. No key
required but it appears encrypted to inexperienced peepers. :-\
-Kyle

I've tried, but ask the user, by phone, to enter something like McxFasfxcr
isn't the worst thing I can do.

I'm thinking of something like:
$1 = $ID*45-3
$2 = $ID+2*17
Then the code I provide is $1."S".$2

For decoding and testing, I'll only make the opposite calculation, and if
the calculation1 == calculation2, then the ID should be OK.

But I'd like to avoid such S in the middle.

Jul 17 '05 #3

P: n/a
"Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote in message
news:41***********************@news.sunrise.ch...
I've to give the client ID to my customers. As this number will be used in a third part app, and I only rely on this number for checking the user's
existence (I can't change the third part app), I'd like not to give the flat number, but an "encoded"
number that let me check if the code is valid.

Let's say client ID = 723
I'd like to have a code quite simple to provide by phone, without any
strange things like @^~... for simple users...

The best things would be an algorithm to crypt the code with a private key
known only by me, and being able to decrypt the code.

I've tried mcrypt_encrypt() , but it's an uncknown function (I'm under
Apache, XP).


Do something like this: combine the client ID with a secret password, then
get the MD5 hash. To check whether it's valid, just loop through all the
possible client IDs and calculate the hash. If there's a match then it's
valid. md5() is quite fast on modern CPUs. As long as your clients number in
thousands rather then millions, the operation should complete in fraction of
a second.

To make it a little friendlier, you can perhaps use just the last few
characters of the hash and convert it to a decimal with hexdec().
Jul 17 '05 #4

P: n/a
"Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote in message news:<41***********************@news.sunrise.ch>.. .
I've to give the client ID to my customers. As this number will be used in a
third part app, and I only rely on this number for checking the user's
existence (I can't change the third part app), I'd like not to give the flat
number, but an "encoded"
number that let me check if the code is valid.

Let's say client ID = 723
I'd like to have a code quite simple to provide by phone, without any
strange things like @^~... for simple users...


Perhaps...

<?php
function EncryptClientId($id)
{
return substr(md5($id), 0, 8).dechex($id);
}

function DecryptClientId($id)
{
$md5_8 = substr($id, 0, 8);
$real_id = hexdec(substr($id, 8));
return ($md5_8==substr(md5($real_id), 0, 8)) ? $real_id : 0;
}

$id = 723;
$enc_id = EncryptClientId($id);
echo $enc_id."\n";
echo DecryptClientId($enc_id);
?>

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.