Hi, am currently using this script to protect/encrpty info in the address bar,but i thnk its not very strong. cn any one help me make/find a more secure one, thanks.

<a href='articlesdetails.php?pif=ixhsuwu9xyysysjj300&yisu=uuwuwuwzuab&jsn=733888559jdjdjdeyey&tsyi=378hyxbh738hssh272sh&zy9stxyw=w&shy272bs2637shuw727hhshs377ywwwyw&id=$id'>

What is the reasoning for encrypting/protecting what is in the url? Considering this is supplied/visible/modifiable by the user it should never be treated as trusted data and should always be filtered/validated before you use it in your application.

Member Avatar

diafol

what's this at the end? id=$id

Look, you've created the hashes/encryptions - you must have had a reason. What are you trying to do?

what's this at the end? id=$id

Look, you've created the hashes/encryption - you must have had a reason. What are you trying to do?

for example, i have a site under construction. www.example.com/
all am trying to do is encrypt any thing that comes after the slash '/' ,example: www.example.com/books.php. i don't what the 'books.php' showing in words, i want to encrypt it,that's all.

Thanks for your concern and time.

Member Avatar

diafol

I have to be honest, I don't see why you need to go to all the trouble of doing that. Why is books.php so secret? Your 'allowed' pages can be protected with something like sessions.

While I don't understand your use case, and I think you're encrypting the url parameters for no value, you could do this with mod_rewrite.

However you would need some kind of indicator to tell it where to route the url params to.

e.g.
website.com/books/{encrypted} and your rewrite rules would rewrite this to website.com/books.php?enc={encrypted}

The encrypted text would be best represented by base64_encode( mcrypt_encrypt( http_build_query( $array ) ) );

Your script would then receive this string via the $_GET variable and you would need to decode it, unecrypt it, and then parse the query back into attribute value pairs.

Also if you choose this route be aware you will need to use a URI-safe base64_encode as + / and = are not uri safe.