Sunday, March 10, 2013

Secure GET

This class can generate and validate URLs to prevent tampering.

It takes an associative array of parameters to pass in a link.

The class assembles the link parameter keys and values and adds an extra parameter which is the SHA1 value of all parameters adding a secret prefix and a suffix salt values.

The class can also verify if the parameter values are correct in a page of the previously generated URL checking against the passed SHA1 value.

Download the package at

The class:


class secure_get {
    var $arr_get;
    var $salt1;
    var $salt2;
    var $sha1;
    var $link;
    function __construct(){
       $this->salt1 = 'e5dg6hyt7u8fgigg802s';
       $this->salt2 = '4nfgs5asdd320dkjh7kd';
    public function secure_make($arr=array()){
        $this->sha1 = $this->salt1;
        $this->link = '?';
        foreach($arr as $key => $val){
            $this->sha1 .= $key.$val;
            $this->link .= "&".$key."=".urlencode($val);
        $this->sha1 .= $this->salt2;
        $this->sha1 = sha1($this->sha1);
        $this->link .= "&sha1=".$this->sha1;
    public function secure_check($arr=array()){
        $this->sha1 = $this->salt1;
        foreach($arr as $key => $val){
            if($key != 'sha1') $this->sha1 .= urldecode($key.$val);
        $this->sha1 .= $this->salt2;
        $this->sha1 = sha1($this->sha1);
        if($this->sha1 == $arr['sha1']) return(TRUE);


and how to use it:


$arrValues = array('city'=>'Amsterdam', 'name'=>'J. Rambo', 'age'=>'45');

$sg = new secure_get;

$link = $sg->secure_make($arrValues); 

 * checks if the data is sent properly
   echo($sg->secure_check($_GET)) ? 'SENT PROPERLY' : 'SENT WITH MANUPULATION';


No comments:

Post a Comment