BeeDog
BeeDog

Reputation: 1895

How to 'encrypt' information passed along in URL when redirecting in PHP?

Sorry if the title's unclear, couldn't think of anything better since I'm still new to this area. :)

Anyway, my question is this: I want to send some information from one page (let's call it 1.php) to another page (let's call it 2.php) using this (don't know the formal name, sorry):

http://localhost/X/2.php?user_id=5&user_type=2&ssn=1234567890&first_name=John&last_name=Doe

As you can see, the information is in plain text, which I dislike. Is there an easy way to encrypt the string after the question mark above in 1.php, and then let the 2.php (that gets the passed-along info) decrypt it? I'd like for it to be something along:

http://localhost/X/2.php?user_id=rj3i15k&user_type=8109fk1JIf&ssn=6893kfj399JFk...

Sorry if this is a stupid question. Many thanks in advance!

Upvotes: 2

Views: 3410

Answers (5)

rook
rook

Reputation: 67019

You should use $_SESSION.

Upvotes: 1

Oliver O'Neill
Oliver O'Neill

Reputation: 1254

Maybe you're going about it the wrong way.

Thought about storing the data in a serverside session variable? Or even in a database (if you're passing to another machine), then you just need to send the unique identifier of the database entry.

page2 will then read the session variable, or retrieve it out of the database again.

Basically, keep the data serverside and then you wont need to encrypt/decrypt.

Session Example:

page1

<?
session_start();

$_SESSION['pagedata'] = array(
    'user_id'=>5,
    'user_type'=>2,
    'ssn'=>1234567890,
    'first_name'=>'John',
    'last_name'=>'Doe'
    );

header('Location: page2.php');
?>

page2

<?
session_start();

$user_id = $_SESSION['pagedata']['user_id'];
$user_type = $_SESSION['pagedata']['user_type'];
$user_ssn = $_SESSION['pagedata']['user_ssn'];
$user_first_name = $_SESSION['pagedata']['first_name'];
$user_last_name = $_SESSION['pagedata']['last_name'];

// use variables to do stuff
?>

Upvotes: 3

oezi
oezi

Reputation: 51797

you could use base64_encode on the one side and bas64_decode on the other - just as one possibility - but note that this is only for "better looking" url als you want it (for me, this is ugly). this isn't encrypting your data for being more safe or something like that - to achive this, use https and don't confuse your users by doing such crazy stuff.

Upvotes: 2

blue112
blue112

Reputation: 56442

If you don't want information to be modified, use a hash string to verify them.

For instance :

$hash = sha1($user_id."haha".$user_type.$ssn.$first_name.$last_name);

The "haha" here, is a salt. Use a random string, it will be use so someone can't reuse your algorithm to inject fake data.

Then put this hash at the end of your url, eg

http://localhost/X/2.php?user_id=5&user_type=2&ssn=1234567890&first_name=John&last_name=Doe&hash=$hash`

When you'll get this information, make the hash again, and compare it to the hash sent : If the information was modified, the hash won't match.

Upvotes: 4

Hannes
Hannes

Reputation: 8237

Its called GET, never relate 100% on 2 Way Decryption but this may help you Best way to use PHP to encrypt and decrypt passwords?

Upvotes: 2

Related Questions