I created this library with the name MZA_SecureUrl, library to secure the url that we make with the way in encryption. Url needs to be secured so that our web a little safer from the dangers of meddling hand that can infiltrate our website by reading Url. Therefore, one way to secure the url is to encrypt the url.
The first thing that must be made is a library for encryption. Encryption is done only for the intended function names and its parameters (if there are parameters in the function).
Create a file with a name MZA_SecureUrl.php
class MZA_SecureUrl{
private $valid_url, $parse, $length, $point1, $point2;
function MZA_SecureUrl(){
$this->obj =& get_instance();
$this->valid_url = md5('mza secure url'); // you can change the string
$this->parse = 'mza secure url'; // you can change the string
$this->length = 5; // you can change the value. Min : 1, Max : 32;
$this->point1 = 5; // you can change the value. Min : 1, Max : point1 + length : 32
$this->point2 = 17; // you can change the value. Min : 1, Max : point2 + length : 32
}
function _get_iv(){
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
return mcrypt_create_iv($iv_size, MCRYPT_RAND);
}
function setSecureUrl_encode($class,$function, $param = array()){ // array $param only singel dimension of array, can't multiple
dimensions.
$parameter = ''; // Send me an email if you have any suggestion.
$function = $this->_encodeUrl($function);
if(!empty($param)){
foreach($param as $value){
$parameter .= $value.'/';
}
$parameter = $this->_encodeUrl(substr($parameter,0,-1));
return $class.'/secure/'.substr($this->valid_url,$this->point1,$this->length).$function.substr($this->valid_url,$this->point2,$this->length).$parameter;
}else{
return $class.'/secure/'.substr($this->valid_url,$this->point1,$this->length).$function;
}
}
function _encodeUrl($url){
return str_replace(array('+','/','='),array('-','_',' '),base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($this->parse), $url, MCRYPT_MODE_ECB, $this->_get_iv())));
}
function _decodeUrl($url){
return mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->parse), base64_decode($url), MCRYPT_MODE_ECB, $this->_get_iv());
}
function setSecureUrl_decode($url){
$url = str_replace(array('-','_',' '),array('+','/','='),urldecode($url));
if($this->_isValid_url($url)){
$parameter = '';
$data = explode(substr($this->valid_url,$this->point2,$this->length),substr($url,$this->length));
$url = $this->_decodeUrl($data[0]);
if(!empty($data[1])){
$parameter = trim($this->_decodeUrl($data[1]));
$parameter = explode('/', $parameter);
return array('function' => trim($url), 'params' => $parameter);
}else{
return array('function' => trim($url), 'params' => null);
}
}else{
return false;
}
}
function _isValid_url($url){
if(strcmp(substr($url,0,$this->length),substr($this->valid_url,$this->point1,$this->length)) == 0){
return true;
}else{
return false;
}
}
}
after that, copy the following functionality to any existing controller file in your application
function secure($url){ $data = $this->mza_secureurl->setSecureUrl_decode($url); if($data != false){ if (method_exists($this, trim($data['function']))){ if(!empty($data['param'])){ return call_user_func_array(array($this, trim($data['function'])), $data['param']); }else{ return $this->$data['function'](); } } } show_404(); }yap ... library to encrypt the url is created. Now, to run its library, please set the configuration and add MZA_SecureUrl to $autoload ['libraries'] on autoload.php file. To call its library can be used like this
$data['url'] = $this->mza_secureurl->setSecureUrl_encode($class,$function,$params);example to call count controller, say function and the parameters
$data['url1'] = $this->mza_secureurl->setSecureUrl_encode('count','say',array(1,'+',2,'=',3));example to call front controller, front_site function that haven't parameters
$data['url2'] = $this->mza_secureurl->setSecureUrl_encode('front','front_site');
Here I also give an example, you can download here or mirror.
So first article that I created. Hope can be useful .. ^ _ ^
Sorry about my english... (^_^)v
Keyword : PHP CodeIgniter, Secure Url
To appreciate the IPR (Intellectual Property Rights), the source of reference that I use and I learned will be displayed.
Referensi :codeigniter.com
Author : Moch. Zawaruddin Abdullah, www.zawaruddin.blogspot.com