Hi all,

I have a question thats been puzzling me a little.


I am using PHP5 and would like to encrypt the query string part of the url (?a=1&b=2 etc), so that its harder for people to play with the variables and also so that search engine spiders can move easier through the site.

I've been polaying with PHP's Mcrypt function, but the problem is that it produces non standard characters, that most certainly would not work in an url.
Does anyone know of a way to only produce characters via encryption, that are (a-zA-Z9-0 - _) etc ?

Hope someone can help :)
Many thanks !
Simon

http://us2.php.net/md5

Hi,
Thanks for the reply, but i was under the understanding that MD5 is one way encryption. What i need is to encrypt the url, then decrypt it to extract the url query string. So it needs to be encryptable and also decryptable.

Regards
Simon

md5 is a one way encryption, so you would have to match var's via a switch statement if you did, that. Is that really what you want?

why not base64_encode and base64_decode ? Much easier, produces ONLY chars and nums, usable in urls, and is two way encoding.

HTH

I'm not sure what post this came off of, but encryption that is easily decrypted is almost pointless. Any encrypted password you have could be decrypted with little or no effort unless you wrote your own algorythm, and then with enough exampels one could figure it out as well.

base64_encode and base64_decode.

Those are PLENTY of SIMPLE encryption/decryption, do it twice or three times if you want to be more secure.

Originally posted by mouseattack
base64_encode and base64_decode.

Those are PLENTY of SIMPLE encryption/decryption, do it twice or three times if you want to be more secure.

I will agree iwth Base64 being a good choice for this situation, but doing it several times is not going to make it anymore secure than doing it once.

well it will FOOL someone if they try to decode once, they still get a jumbled string and WON'T think to try it again. Three or four times, and the person gives up, it's unexpected to encrypt three of four times with base64. As long as they can't look at the code, they would never guess how many times you encrypted with base64, 1 time or 1,000 times.

Base 64 encoding is not encryption. The MD5 algorithm is not encryption. If you want good encryption don't make your own algorithm, unless you're some type of math genius.

I'm not sure what this is about either, but if I knew, I could probably make some relevant suggestions.

My apologies, this reply was meant in response to the reply in this thread
http://www.webhostingtalk.com/showthread.php?s=&threadid=354438

Not sure how it started a seperate thread

Simon

Thanks mouseattack,

I have to confess that i havent ever used these functions, but you have given me a place to start :)

Many thanks for your time and help !


Simon

You can compile php with mcrypt and use blowfish or twofish and unpack to convert binary strings into nice hexadecimal. It's what I used to do something similar. You can also use unpack to do a checksum on your encrypted and hex encoded strings.

Originally posted by Simon999
My apologies, this reply was meant in response to the reply in this thread
http://www.webhostingtalk.com/showthread.php?s=&threadid=354438

Not sure how it started a seperate thread

Simon

// Thread Merged.