Simple encryption in PHP

Question

Simple encryption in PHP

I am creating a source code system that I give out online for providing adopted virtual pets. The system will belong primarily to children. Since I want it to be useful for novice programmers, there are several complexity limitations on my system: it cannot use libraries that usually do not ship with PHP, and cannot touch a database or write to another persistent storage.

When each pet is accepted, the visitor will randomly receive one of a series of slightly different variations of this pet. The changes initially look the same, but grow over time to become different pets. The visitor will be given a short HTML code that refers to the image of his pet. Since there is no permanent storage on the server, the link to the user’s image must contain all the information in order to determine what change they received for pets.

Currently, the URL contains only the pet ID and the identifier of the change that the user received. The problem is that by comparing the codes with each other, users can find out which one is in the same version. Because some variations are less common than others, users can easily spot rare variations before the difference is even visually apparent.

What I would like is an encryption system for details in the url. Something that hides the variation identifier so that each user gets a different URL with a high probability. I was thinking about using the variation identifier (3 or 4 bits) as the low bits or high bits of a large random number, but users will define a pattern in this. Ideally, the encryption system will be parameterized so that each installation of my system uses slightly different encryption.

The PHP mcrypt library is likely to have something useful in it, but it does not seem very common among hosters.

Is there a simple, parameterized, obfuscation / encryption that I can use here?

+7

php encryption

thenickdude Nov 29 '08 at 3:08

source share

3 answers

You are looking for one-time encryption. It takes a key and adds a module to the characters to create an encrypted string.

 function ecrypt($str){ $key = "abc123 as long as you want bla bla bla"; for($i=0; $i<strlen($str); $i++) { $char = substr($str, $i, 1); $keychar = substr($key, ($i % strlen($key))-1, 1); $char = chr(ord($char)+ord($keychar)); $result.=$char; } return urlencode(base64_encode($result)); } function decrypt($str){ $str = base64_decode(urldecode($str)); $result = ''; $key = "must be same key as in encrypt"; for($i=0; $i<strlen($str); $i++) { $char = substr($str, $i, 1); $keychar = substr($key, ($i % strlen($key))-1, 1); $char = chr(ord($char)-ord($keychar)); $result.=$char; } return $result; }

So this is simple string encryption. I would serialize the user parameter array and pass it as a variable in the link:

 $arr = array( 'pet_name'=>"fido", 'favorite_food'=>"cat poop", 'unique_id'=>3848908043 ); $param_string = encrypt(serialize($arr)); $link = "/load_pet.php?params=$param_string";

In load_pet.php you have to do the opposite:

 $param_string = $_GET["params"]; $params = unserialize(decrypt($param_string));

Bam.

+16

John ii Nov 29 '08 at 5:16

source share

Why not just give each user a long random identifier, and then save all the information about their pet on the server? Best practice is not to store anything in a URL, encrypted or not. All you need is a session id.

+2

Eli Nov 29 '08 at 4:46

source share

Soapbox · Accepted Answer · 2008-11-29T03:13:25+0000

If you expect a relatively low level of complexity, you can make the xor encryption very simple and save the key as part of the URL. Then you can just use php rand () or / dev / random or something else to generate the keys.

Users with a low degree of difficulty will not readily understand that all they need to do is xor the bottom half of their pet id with the top half to get a value that can be compared with their friends. I would suggest that most people who could find out what was happening did not take the time to figure it out, and these people are still outside your target audience.

Edit: If this was not obvious, I say that you give a different key to each pet (since providing the same solution will not solve your problem). Therefore, if the pet change (petvar) is a 16-bit number, you generate a 16-bit random number (rnd), then you do this: petvar = (petvar^rnd)<<16 | rnd; petvar = (petvar^rnd)<<16 | rnd; and then you can cancel this operation to extract rnd, and then petvar ^ rnd, and then just xor it again to get the original petvar.

Simple encryption in PHP

More articles: