TIP: Use Markdown or, <pre> for multi line code blocks / <code> for inline code.
These forums are read-only and for archival purposes only!
Please join our new forums at discourse.kohanaframework.org
Kohana3.3 With Encryption mode
  • Hi,

    I am using Kohana3.3 to encrypt URL but I am getting sometimes error because while generating encrypted links the special characters appear such like "/". So I would to change the encrypt mode so that my encrypt link contains only [a-z]^[A-Z] . How can I do it ?

    Here is my encrypt config file 'key' => 'my_key_here',
    'cipher' => MCRYPT_RIJNDAEL_128,
    'mode' => MCRYPT_MODE_NOFB,

    And this is how I call it in the controller ton encrypt a string $string = Encrypt::instance()->encode($str); and to decode
    $string = Encrypt::instance()->decode($str);

  • Use urlencode() if you need to put things into the query string

    http://php.net/manual/en/function.urlencode.php

  • No I don't think it is what I am looking for. My url looks like www.domain.com/profile/view/_user_id I want to mask _user_id with an encryption string like www.domain.com/profile/view/HHgkjdhfayxpszmcnsbqhe such a way noone can get the user ID just by looking at the URL I am using Encrypt library but sometime it is generating the encryption string with "/" and this is not define in the Route so Kohana gets errors.

  • Could you use a combo of URL::title() and Inflector::humanize() to have the username as the parameter instead of an ID?

  • My problem is that I want to hide any trace of a user when you copy down the url. I was asking how can generate the url parameter with Encrypt without it contains special character like "/". I think it is possible to do it using one of the MODE option.

  • I think the best solution to a problem like this is to generate a random unique token for the user when the user record is created, stored in a separate field in your database table, and reference that instead. That way you have control over what characters you want in the token, you don't have the overhead of repeatedly encrypting/decrypting the IDs, and you don't have to worry about anyone cracking the encryption. :)

    This is what I use:

    function generate_token($length = 16)
    {
      $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
      $token = '';
      for ($i = 0; $i < $length; $i++)
      {
        $token .= $characters[mt_rand(0, strlen($characters) - 1)];
      }
      return $token;
    }
    
  • You use urlencode() in combo with your encryption

    • plain text => encrypt => urlencode
    • (coming back) urldecode => decrypt => plain text

    You can even use the code by @talisto to do the encrypt/decrypt part

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion