Secure GET

This class can generate and validate URLs to prevent tampering.

It takes an associative array of parameters to pass in a link.

The class assembles the link parameter keys and values and adds an extra parameter which is the SHA1 value of all parameters adding a secret prefix and a suffix salt values.

The class can also verify if the parameter values are correct in a page of the previously generated URL checking against the passed SHA1 value.

Download the package at www.phpclasses.org:

http://www.phpclasses.org/package/7336-PHP-Generate-and-validate-URLs-to-prevent-tampering.html

The class:


       

class secure_get {
    
    var $arr_get;
    var $salt1;
    var $salt2;
    var $sha1;
    var $link;
    
    function __construct(){
       $this->salt1 = 'e5dg6hyt7u8fgigg802s';
       $this->salt2 = '4nfgs5asdd320dkjh7kd';
   }
    
    public function secure_make($arr=array()){
            
        $this->sha1 = $this->salt1;
        $this->link = '?';
        
        foreach($arr as $key => $val){
            
            $this->sha1 .= $key.$val;
            $this->link .= "&".$key."=".urlencode($val);
            
        }
        
        $this->sha1 .= $this->salt2;
        $this->sha1 = sha1($this->sha1);
        $this->link .= "&sha1=".$this->sha1;
        
        return($this->link);
        
    }
    
    public function secure_check($arr=array()){
        
        $this->sha1 = $this->salt1;
        
        foreach($arr as $key => $val){
            
            if($key != 'sha1') $this->sha1 .= urldecode($key.$val);
            
        }
        
        $this->sha1 .= $this->salt2;
        $this->sha1 = sha1($this->sha1);
        
        if($this->sha1 == $arr['sha1']) return(TRUE);
        
    }
    
}


and how to use it:

       
require_once('secure_get.class.php');

$arrValues = array('city'=>'Amsterdam', 'name'=>'J. Rambo', 'age'=>'45');

$sg = new secure_get;

$link = $sg->secure_make($arrValues); 

/*
 * checks if the data is sent properly
 */
if(isset($_GET['sha1'])):
    
   echo($sg->secure_check($_GET)) ? 'SENT PROPERLY' : 'SENT WITH MANUPULATION';
    
endif;

Comments

Post a Comment

Popular posts from this blog

Killing orphans and zombies

Image
First please do not misunderstand me about "killing orphans and zombies". I'm for sure not going to hurt people without parents or people that are already dead :-( I'm talking about running processes that can be harmful for your system and shuld be better get killed. First of all a Zombie process is not an orphan process. As the word says, an orphan process is a procees without legitim parent, a zombie process is not alive but still have an entry in parent table. A process can be orphaned either intentionally or unintentionally. Sometime a parent process exits/terminates or crashes leaving the child process still running, and then they become orphans. In Linux/Unix like operating systems, as soon as parents of any process are dead, re-parenting occurs, automatically. Re-parenting processes whose parents are dead, means Orphaned processes, are immediately adopted by special process "init". Take a look to a htop situation where winexe causes a lot of or...
Read more

SOLVED: Can't establish a reliable connection to the server Google play store

Image
A couple of days ago I faced a nasty problem with my Android phone: It was not able to sign in the Google account / store. I thaught it was a temporary issue at Google's servers and I tried a couple of hours later, but nothing changed. I tried some usual things like clearing the cache of some apps, restart the phone and even change my Google account password and I resetted the phone twice to fabrics defaults. Nothing could help. I searched a lot of info on the internet and I found a hint about the hosts file. The hosts file is a computer file used by an operating system to map hostnames to IP addresses . I red that in some phones in the hosts file the adress to android.clients.google.com is translated to a certain IP address(es). Bang! what if Google changes the IP address for this domain? The first thing I needed to do was to root the phone and gain permissions to open the hosts file. I used Kingo ROOT which is a simple software to root the Android phones. After that, I ...
Read more

XPDF Segmentation fault (core dumped) SOLVED

I have a friend with a Linux Mint based on Ubuntu 13.04 that has to use a Java program (jnlp); this program has some print features that doesn't open a print dialog but fires XPDF directly. That's very annoying, because there is no possibility afaik to change the default pdf program inside the application. I suppose that the command is hard coded in the application itself. The problem is that XPDF opens and shuts down immediately and no pdf is shown. Launching XPDF from a terminal window the following errors are thrown: $ xpdf main.pdf ***** MediaBox = ll:0,0 ur:595.276,841.89 ***** CropBox = ll:0,0 ur:595.276,841.89 ***** Rotate = 0 Segmentation fault (core dumped) After a lot of trials without any success I found the solution to fix that: sudo apt-get install libfreetype6-dev libmotif-dev wget ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.03.tar.gz tar xzpf xpdf-3.03.tar.gz cd xpdf-3.03 ./configure --with-freetype2-library=/usr/lib/i386-linux-gnu / --with-freetype2-include...
Read more