Decrypting query string back into GET

From Code Trash
Jump to: navigation, search 
So is this the best/safest  way within reason ?


  'Sending'  PHP script:

require_once("/home/includes/encryption.inc");
	
$str 
=encrypt(urlencode("movie=mymovie.mov&mask=mask.gif&drag=drag.gif"));
$urlString = $pathtoReceivingScript.$str ;


  'Receiving' PHP script:

require_once("/home/includes/encryption.inc");

$str =$_SERVER['QUERY_STRING'];
parse_str(urldecode(decrypt($str)),$getVarArray);
$movie = $getVarArray['movie'];
$mask = $getVarArray['mask'];
$drag = $getVarArray['drag'];



function encrypt($encrypt) {
  	$key = "6r9qEJg6";
    srand((double) microtime() * 1000000); //for sake of MCRYPT_RAND
    $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, 
MCRYPT_MODE_ECB), MCRYPT_RAND);
    $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, 
MCRYPT_MODE_ECB, $iv);
    $encode = base64_encode($passcrypt);
  return $encode;
  }

  function decrypt($decrypt) {
    global $key;
    $key = "6r9qEJg6";
    $decoded = base64_decode($decrypt);
    $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, 
MCRYPT_MODE_ECB), MCRYPT_RAND);
    $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, 
MCRYPT_MODE_ECB, $iv);
  return $decrypted;
}

On Sep 29, 2005, at 9:33 AM, Jochem Maas wrote:

 Graham Anderson wrote:
 What is the best way to decrypt a query string  back into  variables ?
 $root = "http://www.myserver.com/script.php";
 $queryString = "?test=mytest&color=red";
 myEncrypt($queryString);  //add mCrypt encryption
 $finalURL = $root.$encryptedQueryString;
 what is the proper what to decrypt the GET variables on the other 
 side ?

 Do you need to decrypt the query string first ?

 yes - if you have a query string like

 4509134534068953534875104584437043134081743

 or whatever then php won't turn it into a $_GET var.
 although your query string could contain &'s and/or ?'s and/or ='s
 in which case you might have cruft in the $_GET array which you would
 want to clean out before extracting your decrypted string into
 $_GET ..

 decrypt($_SERVER['QUERY_STRING']);
 Once you have decrypted it, can you pass it along to a $_GET as you 
 would with an unencrypted query string ?
 $test = $_GET['test'];
 Or, do you need to parse the string to extract variables?

 yes you do, but this being php - there is a function that will do it 
 for you :-)

 http://php.net/parse_str

 many thanks
 g
Retrieved from "http://vikku.info/code-trash/index.php?title=Decrypting_query_string_back_into_GET&oldid=1006"