Hi I am using an encryption function to encrypt my URI before getting it urlencoded and function to finally decrypt it back after I urldecoded in receiving page. Its working fine often but occasionally urldecode replacing all the + with spaces thus making my decrypt function fail.
Here are my encrypt and decrypt functions:
function encryptIt( $q ) {
$cryptKey = 'aJB0rGtIn5UB1xG40efydp';
$qEncoded = base64_encode( mcrypt_encrypt( MCRYPT_RIJNDAEL_256, md5( $cryptKey ), $q, MCRYPT_MODE_CBC, md5( md5( $cryptKey ) ) ) );
return( $qEncoded );
}
function decryptIt( $q ) {
$cryptKey = 'aJB0rGtIn5UB1xG40efydp';
$qDecoded = rtrim( mcrypt_decrypt( MCRYPT_RIJNDAEL_256, md5( $cryptKey ), base64_decode( $q ), MCRYPT_MODE_CBC, md5( md5( $cryptKey ) ) ), "\0");
return( $qDecoded );
}
And here is how I am preparing my GET Url :
$encrypted_id = encryptIt( $id );
$uri=urlencode($encrypted_id);
$uri="http://example.com/xyz.php?id=".$uri;
And then my receiving script:
$id=urldecode($_GET['id']);
$id=decryptIt($id);
Is it safe to use encryption/decryption and URlencode / urldecode at same time? or I am doing it wrong way somewhere .
Don't call urldecode() in the receiver. PHP automatically decodes all the URL parameters before it puts them into $_GET. So you're decoding twice; the automatic decode translates %2B to +, and then your call to urldecode() translates + to space.