For those sites/scripts that use the GET method a lot to send information from one page to another, you can use this functionality to obfuscate the data so it's not so easily readable by people, helps prevent tampering of data.
Just send the query string to the compressCrypt function and it will return the obfuscated result, for example
$obfuscatedQueryString = compressCrypt("string=asdf&page=2&id=1998"); (a href="search.php?$obfuscatedQueryString")link(/a)
which would turn into: href="eNorLinKzEu3TSxOSVMrSExPtTVSy0yxNbS0tAAAgnoIsA=="
To go back to the original, take the obfuscated string and run it through the other function
$unobfuscated = decompressCrypt($encryptedquerystring);
or
$unobfuscated = decompressCrypt($SERVER["QUERYSTRING"]);
//update I just now noticed that the site stripped out the PHP part in the link
Expand |
Embed | Plain Text
Comments
Subscribe to comments
You need to login to post a comment.
If somebody does tamper with the data, gzuncompress() will throw a warning. Using a try...catch block doesn't suppress the warning; only way to suppress that I could figure was to disable warnings with the error_reporting() function. Naturally you'll hide all errors in a production environment, but it's nice to display some of them during development.
according to the manual, the function returns a Boolean false on error so maybe one could try nesting an 'if' statement or two within the decompress function to check for a "false" value.
Good code but don't depend on it for security. It's easy to decode.