Senin, 09 Januari 2012

CodeIgniter - Library MZA_SecureUrl to encrypt Url

After long time i didn't write an article, now i'll write an article about the codeigniter library to encrypt url.
I created this library with the name MZA_SecureUrl, library to secure the url that we make with the way in encryption. Url needs to be secured so that our web a little safer from the dangers of meddling hand that can infiltrate our website by reading Url. Therefore, one way to secure the url is to encrypt the url. 
The first thing that must be made is a library for encryption. Encryption is done only for the intended function names and its parameters (if there are parameters in the function).
Create a file with a name MZA_SecureUrl.php
class MZA_SecureUrl{
   private $valid_url, $parse, $length, $point1, $point2;
    
   function MZA_SecureUrl(){
      $this->obj =& get_instance();
      $this->valid_url = md5('mza secure url');  // you can change the string
      $this->parse  = 'mza secure url';  // you can change the string
      $this->length  = 5;  // you can change the value. Min : 1, Max : 32;
      $this->point1  = 5;  // you can change the value. Min : 1, Max : point1 + length : 32
      $this->point2  = 17;  // you can change the value. Min : 1, Max : point2 + length : 32
   }
 
   function _get_iv(){
      $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
      return mcrypt_create_iv($iv_size, MCRYPT_RAND);
   }
 
   function setSecureUrl_encode($class,$function, $param = array()){ // array $param only singel dimension of array, can't multiple
 dimensions. 
      $parameter = '';             // Send me an email if you have any suggestion. 
      $function = $this->_encodeUrl($function);
      if(!empty($param)){
  foreach($param as $value){
     $parameter .= $value.'/';
         }   
         $parameter = $this->_encodeUrl(substr($parameter,0,-1));
         return $class.'/secure/'.substr($this->valid_url,$this->point1,$this->length).$function.substr($this->valid_url,$this->point2,$this->length).$parameter;
      }else{
  return $class.'/secure/'.substr($this->valid_url,$this->point1,$this->length).$function;
      }
   }
 
   function _encodeUrl($url){
      return str_replace(array('+','/','='),array('-','_',' '),base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($this->parse), $url, MCRYPT_MODE_ECB, $this->_get_iv())));
   }
 
   function _decodeUrl($url){
      return mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->parse), base64_decode($url), MCRYPT_MODE_ECB, $this->_get_iv());
   }
 
   function setSecureUrl_decode($url){
      $url = str_replace(array('-','_',' '),array('+','/','='),urldecode($url));
      if($this->_isValid_url($url)){
  $parameter = '';
  $data = explode(substr($this->valid_url,$this->point2,$this->length),substr($url,$this->length));
  $url = $this->_decodeUrl($data[0]);
  if(!empty($data[1])){
     $parameter = trim($this->_decodeUrl($data[1]));
     $parameter = explode('/', $parameter);  
     return array('function' => trim($url), 'params' => $parameter);
  }else{
     return array('function' => trim($url), 'params' => null);
  }
      }else{
  return false;
      }
   }
 
   function _isValid_url($url){
      if(strcmp(substr($url,0,$this->length),substr($this->valid_url,$this->point1,$this->length)) == 0){
         return true;
      }else{
  return false;
      }
   }
} 

after that, copy the following functionality to any existing controller file in your application
function secure($url){
   $data    = $this->mza_secureurl->setSecureUrl_decode($url);
   if($data != false){
      if (method_exists($this, trim($data['function']))){
         if(!empty($data['param'])){
            return call_user_func_array(array($this, trim($data['function'])), $data['param']);
         }else{
            return $this->$data['function']();
         }
      }
   }
   show_404();
}
yap ... library to encrypt the url is created. Now, to run its library, please set the configuration and add MZA_SecureUrl  to $autoload ['libraries']  on autoload.php file. To call its library can be used like this
$data['url'] = $this->mza_secureurl->setSecureUrl_encode($class,$function,$params);
example to call count controller, say function and the parameters
    $data['url1'] = $this->mza_secureurl->setSecureUrl_encode('count','say',array(1,'+',2,'=',3));
example to call front controller, front_site function that haven't parameters
    $data['url2'] = $this->mza_secureurl->setSecureUrl_encode('front','front_site');

Here I also give an example, you can download here or mirror.
So first article that I created. Hope can be useful .. ^ _ ^


Sorry about my english... (^_^)v

Keyword : PHP CodeIgniter, Secure Url

To appreciate the IPR (Intellectual Property Rights), the source of reference that I use and I learned will be displayed.
Referensi     :codeigniter.com
Author        : Moch. Zawaruddin Abdullah, www.zawaruddin.blogspot.com

Codeigniter - Library MZA_SecureUrl untuk mengenkripsi Url

Setelah sekian lama tidak buat artikel, kini saya akan buat artikel tentang library untuk enkripsi url.
Library ini saya buat dengan nama MZA_SecureUrl, yaitu library untuk mengamankan tentang url yang kita
buat dengan cara di enkripsi. Url perlu diamankan agar web kita sedikit lebih aman dari bahaya tangan usil yang dapat mengerjai web kita dengan membaca Url. Oleh karena itu, salah satu mengamankan url adalah dengan cara menenkripsi url tersebut.
Langsung saja....
hal pertama yang harus dibuat adalah library untuk men-enkripsi. Enkripsi dilakukan hanya untuk nama fungsi yang dituju
beserta parameternya (jika terdapat parameter dalam fungsi tersebut).
Buat file dengan nama MZA_SecureUrl.php yang isinya
class MZA_SecureUrl{
   private $valid_url, $parse, $length, $point1, $point2;
    
   function MZA_SecureUrl(){
      $this->obj =& get_instance();
      $this->valid_url = md5('mza secure url');  // you can change the string
      $this->parse  = 'mza secure url';  // you can change the string
      $this->length  = 5;  // you can change the value. Min : 1, Max : 32;
      $this->point1  = 5;  // you can change the value. Min : 1, Max : point1 + length : 32
      $this->point2  = 17;  // you can change the value. Min : 1, Max : point2 + length : 32
   }
 
   function _get_iv(){
      $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
      return mcrypt_create_iv($iv_size, MCRYPT_RAND);
   }
 
   function setSecureUrl_encode($class,$function, $param = array()){ // array $param only singel dimension of array, can't multiple
 dimensions. 
      $parameter = '';             // Send me an email if you have any suggestion. 
      $function = $this->_encodeUrl($function);
      if(!empty($param)){
  foreach($param as $value){
     $parameter .= $value.'/';
         }   
         $parameter = $this->_encodeUrl(substr($parameter,0,-1));
         return $class.'/secure/'.substr($this->valid_url,$this->point1,$this->length).$function.substr($this->valid_url,$this->point2,$this->length).$parameter;
      }else{
  return $class.'/secure/'.substr($this->valid_url,$this->point1,$this->length).$function;
      }
   }
 
   function _encodeUrl($url){
      return str_replace(array('+','/','='),array('-','_',' '),base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($this->parse), $url, MCRYPT_MODE_ECB, $this->_get_iv())));
   }
 
   function _decodeUrl($url){
      return mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($this->parse), base64_decode($url), MCRYPT_MODE_ECB, $this->_get_iv());
   }
 
   function setSecureUrl_decode($url){
      $url = str_replace(array('-','_',' '),array('+','/','='),urldecode($url));
      if($this->_isValid_url($url)){
  $parameter = '';
  $data = explode(substr($this->valid_url,$this->point2,$this->length),substr($url,$this->length));
  $url = $this->_decodeUrl($data[0]);
  if(!empty($data[1])){
     $parameter = trim($this->_decodeUrl($data[1]));
     $parameter = explode('/', $parameter);  
     return array('function' => trim($url), 'params' => $parameter);
  }else{
     return array('function' => trim($url), 'params' => null);
  }
      }else{
  return false;
      }
   }
 
   function _isValid_url($url){
      if(strcmp(substr($url,0,$this->length),substr($this->valid_url,$this->point1,$this->length)) == 0){
         return true;
      }else{
  return false;
      }
   }
} 

setelah itu, copy-kan fungsi di bawah ini ke setiap file controller yang ada.
function secure($url){
   $data    = $this->mza_secureurl->setSecureUrl_decode($url);
   if($data != false){
      if (method_exists($this, trim($data['function']))){
         if(!empty($data['param'])){
            return call_user_func_array(array($this, trim($data['function'])), $data['param']);
         }else{
            return $this->$data['function']();
         }
      }
   }
   show_404();
}
yap... library untuk menenkripsi url sudah dibuat. Sekarang, untuk menjalankan library-nya, silakan set konfigurasi autoload.php dan tambahkan MZA_SecureUrl pada $autoload['libraries'] nya. Untuk memanggil library nya dapat menggunakan seperti ini
$data['url'] = $this->mza_secureurl->setSecureUrl_encode($class,$function,$params);
contoh untuk memanggil controller count, fungsi say dan parameternya
    $data['url1'] = $this->mza_secureurl->setSecureUrl_encode('count','say',array(1,'+',2,'=',3));
contoh untuk memanggil controller front, fungsi front_site yang tidak memiliki parameter
    $data['url2'] = $this->mza_secureurl->setSecureUrl_encode('front','front_site');

Disini saya juga memberikan contohnya, silakan download disini atau mirror
Sekian dulu artikel yang saya buat. Semoga dapat berguna.. ^_^

Keyword : PHP CodeIgniter, Secure Url

Untuk menghargai HKI(Hak Kekayaan Intelektual), sumber referensi yang saya pakai dan saya pelajari akan ditampilkan.
Referensi     :codeigniter.com
Author        : Moch. Zawaruddin Abdullah, www.zawaruddin.blogspot.com