[Cs-webapplibs-commits] SF.net SVN: cs-webapplibs:[214] trunk/0.4/cs_idObfuscator.class.php

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 214
          http://cs-webapplibs.svn.sourceforge.net/cs-webapplibs/?rev=214&view=rev
Author:   crazedsanity
Date:     2011-07-20 00:49:56 +0000 (Wed, 20 Jul 2011)

Log Message:
-----------
Class for masking ID's in the URL to avoid snooping (i.e. "ooh, what happens if I add 1 to thad ID?")

Added Paths:
-----------
    trunk/0.4/cs_idObfuscator.class.php

Copied: trunk/0.4/cs_idObfuscator.class.php (from rev 213, trunk/0.4/cs_idPath.class.php)
===================================================================

--- trunk/0.4/cs_idObfuscator.class.php	                        (rev 0)
+++ trunk/0.4/cs_idObfuscator.class.php	2011-07-20 00:49:56 UTC (rev 214)
@@ -0,0 +1,58 @@
+<?php
+/*
+ * Created on May 16th, 2011
+ * 
+ * FILE INFORMATION:
+ * 
+ * $HeadURL$
+ * $Id$
+ * $LastChangedDate$
+ * $LastChangedBy$
+ * $LastChangedRevision$
+ * 
+ * Originally pulled from http://raymorgan.net/web-development/how-to-obfuscate-integer-ids/
+ */
+
+class cs_IdObfuscator {
+ 
+	public static function encode($id) {
+		if (!is_numeric($id) or $id < 1) {return FALSE;}
+		$id = (int)$id;
+		if ($id > pow(2,31)) {return FALSE;}
+		$segment1 = self::getHash($id,16);
+		$segment2 = self::getHash($segment1,8);
+		$dec	  = (int)base_convert($segment2,16,10);
+		$dec	  = ($dec>$id)?$dec-$id:$dec+$id;
+		$segment2 = base_convert($dec,10,16);
+		$segment2 = str_pad($segment2,8,'0',STR_PAD_LEFT);
+		$segment3 = self::getHash($segment1.$segment2,8);
+		$hex	  = $segment1.$segment2.$segment3;
+		$bin	  = pack('H*',$hex);
+		$oid	  = base64_encode($bin);
+		$oid	  = str_replace(array('+','/','='),array('$',':',''),$oid);
+		return $oid;
+	}
+ 
+	public static function decode($oid) {
+		if (!preg_match('/^[A-Z0-9\:\$]{21,23}$/i',$oid)) {return 0;}
+		$oid	  = str_replace(array('$',':'),array('+','/'),$oid);
+		$bin	  = base64_decode($oid);
+		$hex	  = unpack('H*',$bin); $hex = $hex[1];
+		if (!preg_match('/^[0-9a-f]{32}$/',$hex)) {return 0;}
+		$segment1 = substr($hex,0,16);
+		$segment2 = substr($hex,16,8);
+		$segment3 = substr($hex,24,8);
+		$exp2	 = self::getHash($segment1,8);
+		$exp3	 = self::getHash($segment1.$segment2,8);
+		if ($segment3 != $exp3) {return 0;}
+		$v1	   = (int)base_convert($segment2,16,10);
+		$v2	   = (int)base_convert($exp2,16,10);
+		$id	   = abs($v1-$v2);
+		return $id;
+	}
+ 
+	private static function getHash($str,$len) {
+		return substr(sha1($str.CRYPT_SALT),0,$len);
+	}
+}
+?>


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


