Re: actually thinking about it
From: Golf Nut (trippsathyperconcom-golfnut_at_yahoo.com)
Date: 05/25/04
- Next message: Quirk: "Re: What so special about PostgreSQL and other RDBMS?"
- Previous message: Shane Lahey: "Re: Trouble Using a PHP Script to Send an Image - showimage.php (0/1)"
- In reply to: Andrew Crowe: "actually thinking about it"
- Next in thread: Chung Leong: "Re: want to create a session class"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 25 May 2004 18:33:54 GMT
Andrew,
Thanks for your thoughts and comments!
What you're talking about below is actually what I'm working on. Below is
some sample code from a class I've created:
function pc_encode($data)
{
$secret = $_SESSION["secret"];
$data = base64_encode(serialize($data));
$hash = md5($this->$secret . $data);
return array($data, $hash);
}
function pc_decode($data, $hash)
{
$secret = $_SESSION["secret"];
if (!empty($data) && !empty($hash))
{
if (md5($this->$secret . $data) == $hash)
{
return unserialize(base64_decode($data));
}
else
{
error_log("Valdation Error: data has been modified!!");
return false;
}
}
return false;
}
function MakeGetString($string)
{
list($data,$hash) = $this->pc_encode($string);
$getstring = "d=$data&h=$hash";
return $getstring;
}
function CheckGetString()
{
$data = $_GET['d'];
$hash = $_GET['h'];
if (! $data = $this->pc_decode($data, $hash))
return false;
else
return $data;
}
And now some code that's actually on the php script page (mind you I'm using
Smarty templating). Remember this is a rough rendition before profiling and
cleaning up, so excuse the messy code! :)
$getstringarray = array('m','a','d','s');
$newstringarray = array();
foreach ($getstringarray as $gmode) {
$newstring = $gmode;
$encstring = $insurancequotelib->MakeGetString($newstring);
$newstringarray[$gmode] = $encstring;
}
print_r($newstringarray);
$smarty->assign('getstring',$newstringarray);
Then I use the Smarty template to, in this case, have the following in my
link: <a href=page.php?{$getstring.m}> for example. I'm using a random
string using time(), etc., to create the $secret used in the code above and
save it in $_SESSION["secret"]. I would like to extend this to encapsulate
post data as well, i suppose saving it to hidden form fields using d and h
as above for GET data, the d field containing the serialized data and h the
hash.
Any thoughts about this? Again, TIA!!
GN
"Andrew Crowe" <andrewcrowe_uk@yahoo.co.uk> wrote in message
news:40b389c2$0$8110$afc38c87@news.easynet.co.uk...
> What you could do is add a hash to any links, eg.
>
> <a href="mysite.com?action=edit&id=55&hash=74F4980E2938CDF">
>
> This would be a quick way of stopping users editing the id parameter, but
> you couldn't use it to validate any user form data
>
> --
> Regards,
> Andrew Crowe
>
>
- Next message: Quirk: "Re: What so special about PostgreSQL and other RDBMS?"
- Previous message: Shane Lahey: "Re: Trouble Using a PHP Script to Send an Image - showimage.php (0/1)"
- In reply to: Andrew Crowe: "actually thinking about it"
- Next in thread: Chung Leong: "Re: want to create a session class"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
