Senin, 09 Januari 2012

CodeIgniter - Library MZA_SecureUrl to encrypt Url

After long time i didn't write an article, now i'll write an article about the codeigniter library to encrypt url.
I created this library with the name MZA_SecureUrl, library to secure the url that we make with the way in encryption. Url needs to be secured so that our web a little safer from the dangers of meddling hand that can infiltrate our website by reading Url. Therefore, one way to secure the url is to encrypt the url. 
The first thing that must be made is a library for encryption. Encryption is done only for the intended function names and its parameters (if there are parameters in the function).
Create a file with a name MZA_SecureUrl.php
class MZA_SecureUrl{
   private $valid_url, $parse, $length, $point1, $point2;
    
   function MZA_SecureUrl(){
      $this->obj =& get_instance();
      $this->valid_url = md5('mza secure url');  // you can change the string
      $this->parse  = 'mza secure url';  // you can change the string
      $this->length  = 5;  // you can change the value. Min : 1, Max : 32;
      $this->point1  = 5;  // you can change the value. Min : 1, Max : point1 + length : 32
      $this->point2  = 17;  // you can change the value. Min : 1, Max : point2 + length : 32
   }
 
   function _get_iv(){
      $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
      return mcrypt_create_iv($iv_size, MCRYPT_RAND);
   }
 
   function setSecureUrl_encode($class,$function, $param = array()){ // array $param only singel dimension of array, can't multiple
 dimensions. 
      $parameter = '';             // Send me an email if you have any suggestion. 
      $function = $this->_encodeUrl($function);
      if(!empty($param)){
  foreach($param as $value){
     $parameter .= $value.'/';
         }   
         $parameter = $this->_encodeUrl(substr($parameter,0,-1));
         return $class.'/secure/'.substr($this->valid_url,$this->point1,$this->length).$function.substr($this->valid_url,$this->point2,$this->length).$parameter;
      }else{
  return $class.'/secure/'.substr($this->valid_url,$this->point1,$this->length).$function;
      }
   }
 
   function _encodeUrl($url){
      return str_replace(array('+','/','='),array('-','_',' '),base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($this->parse), $url, MCRYPT_MODE_ECB, $this->_get_iv())));
   }
 
   function _decodeUrl($url){
      return mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->parse), base64_decode($url), MCRYPT_MODE_ECB, $this->_get_iv());
   }
 
   function setSecureUrl_decode($url){
      $url = str_replace(array('-','_',' '),array('+','/','='),urldecode($url));
      if($this->_isValid_url($url)){
  $parameter = '';
  $data = explode(substr($this->valid_url,$this->point2,$this->length),substr($url,$this->length));
  $url = $this->_decodeUrl($data[0]);
  if(!empty($data[1])){
     $parameter = trim($this->_decodeUrl($data[1]));
     $parameter = explode('/', $parameter);  
     return array('function' => trim($url), 'params' => $parameter);
  }else{
     return array('function' => trim($url), 'params' => null);
  }
      }else{
  return false;
      }
   }
 
   function _isValid_url($url){
      if(strcmp(substr($url,0,$this->length),substr($this->valid_url,$this->point1,$this->length)) == 0){
         return true;
      }else{
  return false;
      }
   }
} 

after that, copy the following functionality to any existing controller file in your application
function secure($url){
   $data    = $this->mza_secureurl->setSecureUrl_decode($url);
   if($data != false){
      if (method_exists($this, trim($data['function']))){
         if(!empty($data['param'])){
            return call_user_func_array(array($this, trim($data['function'])), $data['param']);
         }else{
            return $this->$data['function']();
         }
      }
   }
   show_404();
}
yap ... library to encrypt the url is created. Now, to run its library, please set the configuration and add MZA_SecureUrl  to $autoload ['libraries']  on autoload.php file. To call its library can be used like this
$data['url'] = $this->mza_secureurl->setSecureUrl_encode($class,$function,$params);
example to call count controller, say function and the parameters
    $data['url1'] = $this->mza_secureurl->setSecureUrl_encode('count','say',array(1,'+',2,'=',3));
example to call front controller, front_site function that haven't parameters
    $data['url2'] = $this->mza_secureurl->setSecureUrl_encode('front','front_site');

Here I also give an example, you can download here or mirror.
So first article that I created. Hope can be useful .. ^ _ ^


Sorry about my english... (^_^)v

Keyword : PHP CodeIgniter, Secure Url

To appreciate the IPR (Intellectual Property Rights), the source of reference that I use and I learned will be displayed.
Referensi     :codeigniter.com
Author        : Moch. Zawaruddin Abdullah, www.zawaruddin.blogspot.com

4 komentar:

  1. terima kasih gan...sangat bermanfaat :)

    BalasHapus
  2. gan kalo pake class yang ada di CI gimana ya?

    BalasHapus
    Balasan
    1. ya tinggal d load class yg ingin d butuhkan...
      bisa d load secara otomatis, cek CI_Root/application/config/autoload.php
      trus masukin library yg ingin d load...
      contoh $autoload['libraries'] = array('database','session','form_validation');

      atau
      d load manual saat d controller
      $this->load->library('form_validation');

      Hapus
  3. I am curious to find out what blog system you're working with?

    I'm experiencing some small security issues with my latest website and I'd like to
    find something more safeguarded. Do you have any solutions?

    BalasHapus