[Phpwm] Encryption

Rob Allen rob at akrabat.com
Mon Aug 20 22:22:40 BST 2007


Elliot Smith wrote:
> 
> I reiterate that I haven't really thought through every ramification of
> this, but my head hurts for now, so I'll come back to it later.
> 

Something simple:
(implementation not tested - based on idea I've used before though!)


// encode
define('SALT', 'my salt phrase');
$t = SALT.$id;
$url = $id.'g'.substr(md5($t),0,6);


//decode
$parts = explode('g', $id);
if(count(parts == 3) {
  $id = $parts[0];
  $expected = substr(md5(SALT.$id),0,6);
  $actual = $parts[1];
  if($expected != $actual) {
    // tampering happened!
  }
}



Only geeks work out that g is "impossible", but it makes getting back
the actual id easy using explode() or strpos(). If you want to check for
tampering, recompute the hash. It's not foolproof of course, especially
if you only use part of the hash for aesthetic reasons.



Regards,

Rob...



More information about the Phpwm mailing list