Secure GET

This class can generate and validate URLs to prevent tampering.

It takes an associative array of parameters to pass in a link.

The class assembles the link parameter keys and values and adds an extra parameter which is the SHA1 value of all parameters adding a secret prefix and a suffix salt values.

The class can also verify if the parameter values are correct in a page of the previously generated URL checking against the passed SHA1 value.

Download the package at www.phpclasses.org:

http://www.phpclasses.org/package/7336-PHP-Generate-and-validate-URLs-to-prevent-tampering.html

The class:


       

class secure_get {
    
    var $arr_get;
    var $salt1;
    var $salt2;
    var $sha1;
    var $link;
    
    function __construct(){
       $this->salt1 = 'e5dg6hyt7u8fgigg802s';
       $this->salt2 = '4nfgs5asdd320dkjh7kd';
   }
    
    public function secure_make($arr=array()){
            
        $this->sha1 = $this->salt1;
        $this->link = '?';
        
        foreach($arr as $key => $val){
            
            $this->sha1 .= $key.$val;
            $this->link .= "&".$key."=".urlencode($val);
            
        }
        
        $this->sha1 .= $this->salt2;
        $this->sha1 = sha1($this->sha1);
        $this->link .= "&sha1=".$this->sha1;
        
        return($this->link);
        
    }
    
    public function secure_check($arr=array()){
        
        $this->sha1 = $this->salt1;
        
        foreach($arr as $key => $val){
            
            if($key != 'sha1') $this->sha1 .= urldecode($key.$val);
            
        }
        
        $this->sha1 .= $this->salt2;
        $this->sha1 = sha1($this->sha1);
        
        if($this->sha1 == $arr['sha1']) return(TRUE);
        
    }
    
}


and how to use it:

       
require_once('secure_get.class.php');

$arrValues = array('city'=>'Amsterdam', 'name'=>'J. Rambo', 'age'=>'45');

$sg = new secure_get;

$link = $sg->secure_make($arrValues); 

/*
 * checks if the data is sent properly
 */
if(isset($_GET['sha1'])):
    
   echo($sg->secure_check($_GET)) ? 'SENT PROPERLY' : 'SENT WITH MANUPULATION';
    
endif;

Comments

Post a Comment

Popular posts from this blog

ZAMP a windows portable LAMP webserver

Hi folks, recently I was searching for a good "test" easy to use and stable webserver for a windows box. I found and tried some packages with the surprise that NONE was reliable or stable enough. Even the famous XAMPP didn't passed my tests. So I decided to gather the tools together and create a webserver package with a LAMP stack. Even I didn't want to "install" it on de windows box or start services on boot! I came with a package called "ZAMP". Here below some specs: "Zanfi" Apache (2.4.39) MariaDb (10.4) Php (7.3.7) webserver This webserver runs as standalone as default in a directory. Make in the root of the C: a directory named zamp and put the content in it. This is a development environment. Do not use it for production. Double click the zamp.hta file to start Apache webserver and MySql database server. "NO" service is installed. You have to start and stop manually the two servers. Windows firewall will ...
Read more

Killing orphans and zombies

Image
First please do not misunderstand me about "killing orphans and zombies". I'm for sure not going to hurt people without parents or people that are already dead :-( I'm talking about running processes that can be harmful for your system and shuld be better get killed. First of all a Zombie process is not an orphan process. As the word says, an orphan process is a procees without legitim parent, a zombie process is not alive but still have an entry in parent table. A process can be orphaned either intentionally or unintentionally. Sometime a parent process exits/terminates or crashes leaving the child process still running, and then they become orphans. In Linux/Unix like operating systems, as soon as parents of any process are dead, re-parenting occurs, automatically. Re-parenting processes whose parents are dead, means Orphaned processes, are immediately adopted by special process "init". Take a look to a htop situation where winexe causes a lot of or...
Read more

XPDF Segmentation fault (core dumped) SOLVED

I have a friend with a Linux Mint based on Ubuntu 13.04 that has to use a Java program (jnlp); this program has some print features that doesn't open a print dialog but fires XPDF directly. That's very annoying, because there is no possibility afaik to change the default pdf program inside the application. I suppose that the command is hard coded in the application itself. The problem is that XPDF opens and shuts down immediately and no pdf is shown. Launching XPDF from a terminal window the following errors are thrown: $ xpdf main.pdf ***** MediaBox = ll:0,0 ur:595.276,841.89 ***** CropBox = ll:0,0 ur:595.276,841.89 ***** Rotate = 0 Segmentation fault (core dumped) After a lot of trials without any success I found the solution to fix that: sudo apt-get install libfreetype6-dev libmotif-dev wget ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.03.tar.gz tar xzpf xpdf-3.03.tar.gz cd xpdf-3.03 ./configure --with-freetype2-library=/usr/lib/i386-linux-gnu / --with-freetype2-include...
Read more