Posted By

MMDeveloper on 10/21/08


Tagged

url php String query encrypt obfuscate compress


Versions (?)

Who likes this?

4 people have marked this snippet as a favorite

Scooter
bryandease
vali29
wirenaught


obfuscated query string


 / Published in: PHP
 

For those sites/scripts that use the GET method a lot to send information from one page to another, you can use this functionality to obfuscate the data so it's not so easily readable by people, helps prevent tampering of data.

Just send the query string to the compressCrypt function and it will return the obfuscated result, for example

$obfuscatedQueryString = compressCrypt("string=asdf&page=2&id=1998"); (a href="search.php?$obfuscatedQueryString")link(/a)

which would turn into: href="eNorLinKzEu3TSxOSVMrSExPtTVSy0yxNbS0tAAAgnoIsA=="

To go back to the original, take the obfuscated string and run it through the other function

$unobfuscated = decompressCrypt($encryptedquerystring);

or

$unobfuscated = decompressCrypt($SERVER["QUERYSTRING"]);

//update I just now noticed that the site stripped out the PHP part in the link

  1. function compressCrypt($string) {
  2. return base64_encode(gzcompress($string, 9));
  3. }
  4.  
  5. function decompressCrypt($string) {
  6. return gzuncompress(base64_decode($string));
  7. }

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: Scooter on November 1, 2008

If somebody does tamper with the data, gzuncompress() will throw a warning. Using a try...catch block doesn't suppress the warning; only way to suppress that I could figure was to disable warnings with the error_reporting() function. Naturally you'll hide all errors in a production environment, but it's nice to display some of them during development.

Posted By: MMDeveloper on November 5, 2008

according to the manual, the function returns a Boolean false on error so maybe one could try nesting an 'if' statement or two within the decompress function to check for a "false" value.

Posted By: pgmr on March 19, 2009

Good code but don't depend on it for security. It's easy to decode.

You need to login to post a comment.