Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

Script to secure urls

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

Script to secure urls

Postby burisk » Thu Mar 21, 2013 9:09 am

Hi, first before I begin, i apologize for my bad english :)
So.. I want to secure my url links with some key. Let me show you an example:

Code: Select all
<?php
define("KEY_URL", "Dcm98s%.-/1oa92Skm"); // a random secret key..

function url_hash($data="")
{
    return hash('sha1', KEY_URL.$data);
}
?>

- This is my url_hash() function in which KEY_URL is hashed with some data with sha1.
And this is my url_encode() and url_decode() function:
Code: Select all
<?php

function url_encode($data=array())
{
    $data = serialize($data);
    $hash = url_hash($data);
    return base64_encode($hash."|".$data);
}
Code: Select all
define("URL_HASHED", $_SERVER['QUERY_STRING']);
function url_decode()
{
    if(strlen(URL_HASHED))
    {
        if($decode = @base64_decode(URL_HASHED))
        {
            $decode = explode("|", $decode);
            if(count($decode) == 2 AND strlen($decode[0]) == 40 AND $decode[0] == url_hash($decode[1])) // 40 because of sha1
            {
                return unserialize($decode[1]);
            }
        }
        return FALSE; // Error with url link
    }
    return NULL; // query is empty..
}

?>


My inspiration for this code was some internet banking implementations with DES in ECB etc...
My question is.. is that way secure or insecure? Should I use checking functions for $data or is it not necessary? (I mean preg_match, is_int etc...) Or rather yes, to be sure?

Live demo: http://31.31.76.118/phpf/index.php
Source: http://31.31.76.118/phpf/index.phps

Thanks :)
Note: Of course I know about the url length limits in webservers..
burisk
New php-forum User
New php-forum User
 
Posts: 2
Joined: Thu Mar 21, 2013 8:24 am

Re: Script to secure urls

Postby burisk » Thu Mar 21, 2013 11:19 am

Or next solution is with sessions and to URL can I write only hash..

Demo: http://31.31.76.118/phpf/index_session.php
Source: http://31.31.76.118/phpf/index_session.phps
burisk
New php-forum User
New php-forum User
 
Posts: 2
Joined: Thu Mar 21, 2013 8:24 am


Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 0 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.

cron