I wrote a little class to send private data with the url (can't use cookies/sessions or anything else for it). I encrypt/decrypt it with PHP's mcrypt and also base64-en/decoded it for use in the url.
Unfortunately I still end up with wrong results from time to time. I noticed that this always happens when at least a + appears in the url. I also played around with rawurlencode and urlencode/ urldecode, without success. I also tried strtr() the encrypted data, but somehow the + still appear. Anyone got an idea ?
Here's my class:
class crypto
{
public function __construct()
{
$this->iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
$this->iv = mcrypt_create_iv($this->iv_size, MCRYPT_RAND);
$this->llave = 'da332sdf9';
}
public function make_crypt($string)
{
$crypt = mcrypt_encrypt(MCRYPT_BLOWFISH, $this->llave, $string, MCRYPT_MODE_ECB, $this->iv);
$crypt = rawurlencode(base64_encode($crypt));
$crypt = strtr($crypt, '+/', '-_');
return $crypt;
}
public function get_crypt($data)
{
$crypt = strtr($crypt, '-_', '+/');
$data = base64_decode($data);
$decrypted = mcrypt_decrypt (MCRYPT_BLOWFISH, $this->llave, $data, MCRYPT_MODE_ECB, $this->iv);
return $decrypted;
}
}
What do you mean you tried URL encoding 'without success'? URL encoding the value does work, otherwise the function would be broken. I use it in my framework and have no errors.
Are you sure you are encoding the crypted value? Don't encode the entire URL.