Sunday, March 10, 2013

Secure GET

This class can generate and validate URLs to prevent tampering.

It takes an associative array of parameters to pass in a link.

The class assembles the link parameter keys and values and adds an extra parameter which is the SHA1 value of all parameters adding a secret prefix and a suffix salt values.

The class can also verify if the parameter values are correct in a page of the previously generated URL checking against the passed SHA1 value.

Download the package at www.phpclasses.org:

http://www.phpclasses.org/package/7336-PHP-Generate-and-validate-URLs-to-prevent-tampering.html

The class:


       

class secure_get {
    
    var $arr_get;
    var $salt1;
    var $salt2;
    var $sha1;
    var $link;
    
    function __construct(){
       $this->salt1 = 'e5dg6hyt7u8fgigg802s';
       $this->salt2 = '4nfgs5asdd320dkjh7kd';
   }
    
    public function secure_make($arr=array()){
            
        $this->sha1 = $this->salt1;
        $this->link = '?';
        
        foreach($arr as $key => $val){
            
            $this->sha1 .= $key.$val;
            $this->link .= "&".$key."=".urlencode($val);
            
        }
        
        $this->sha1 .= $this->salt2;
        $this->sha1 = sha1($this->sha1);
        $this->link .= "&sha1=".$this->sha1;
        
        return($this->link);
        
    }
    
    public function secure_check($arr=array()){
        
        $this->sha1 = $this->salt1;
        
        foreach($arr as $key => $val){
            
            if($key != 'sha1') $this->sha1 .= urldecode($key.$val);
            
        }
        
        $this->sha1 .= $this->salt2;
        $this->sha1 = sha1($this->sha1);
        
        if($this->sha1 == $arr['sha1']) return(TRUE);
        
    }
    
} 

       
 


and how to use it:

       
require_once('secure_get.class.php');

$arrValues = array('city'=>'Amsterdam', 'name'=>'J. Rambo', 'age'=>'45');

$sg = new secure_get;

$link = $sg->secure_make($arrValues); 

/*
 * checks if the data is sent properly
 */
if(isset($_GET['sha1'])):
    
   echo($sg->secure_check($_GET)) ? 'SENT PROPERLY' : 'SENT WITH MANUPULATION';
    
endif; 

       
 

No comments:

Post a Comment