Page 1 of 2

how to obfuscate links while working with mysql?

Posted: Fri Sep 02, 2005 8:54 pm
by leonardobii
I am very new on this and have been desperately trying to find a way to obfuscate links (what would appear on the address bar). The following works for static pages, but not when working with databases. would there be a creative way to modify this or am I approaching it incorrectly?

Code: Select all

class linkObfuscator
{
	var $seed=0;
	var $referralSeed=0;
	function linkObfuscator($referralSeed=false)
	{
		// new seed, to obfuscate new pages
   		srand();
		$this->seed= rand();
		// old seed, to check access
		if($referralSeed===false or !is_numeric($referralSeed)) {
			$this->referralSeed=$referralSeed;
		} else if(is_numeric($_SESSION['referralSeed'])) {
			$this->referralSeed=$_SESSION['referralSeed'];
			$_SESSION['referralSeed']=$this->seed;
		}	
	}

	function _obfuscate($aLink,$aSeed)
	{
		$sep=(strpos('?',$aLink)===false)?'?':'&';
		return $aLink. $sep ."go=".md5($aSeed .$aLink);
	}
	
	function obfuscate($aLink)
	{
		return $this->_obfuscate($aLink,$this->seed);
	}
	
	function check($anObfuscatedLink)
	{
		$theLink=preg_replace('/(&|\?)go=(\w)+/','',$anObfuscatedLink);
		if($this->_obfuscate($theLink,$this->referralSeed)==$anObfuscatedLink)
			return true;
			
		return false;
	}
}

feyd | Please use

Code: Select all

and

Code: Select all

tags where approriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Fri Sep 02, 2005 8:58 pm
by feyd
I don't see why this would have an issue working with something from a database...

Posted: Fri Sep 02, 2005 9:01 pm
by leonardobii
It seems that the obfuscated link, returns obfuscated back to the database and is unrecognizable, causing errors

Posted: Fri Sep 02, 2005 9:05 pm
by feyd
how are you using it? Did you remember to quote the output, because it's returning a string?

Posted: Fri Sep 02, 2005 9:10 pm
by leonardobii
hmm I dont think so, could you give me a proper example?

Posted: Fri Sep 02, 2005 9:11 pm
by leonardobii
this is where we are applying the script:

<?php echo $obf->obfuscate("clasif.php","?codsubgrupo=".$row_jr_subgrupo['codsubgrupoclasificados']); ?>

Posted: Fri Sep 02, 2005 9:13 pm
by feyd
obfuscate() expects one argument, you're passing two. The second argument (your query component) will not be output.

Posted: Fri Sep 02, 2005 9:24 pm
by leonardobii
I am still having trouble, could you please give me an example or the way you would fix it?

Posted: Fri Sep 02, 2005 9:27 pm
by feyd

Code: Select all

echo $obf->obfuscate('clasif.php?codsubgrupo='.$row_jr_subgrupo['codsubgrupoclasificados']);
The only real change was removing the comma seperation. :)

Posted: Fri Sep 02, 2005 9:32 pm
by leonardobii
I am still receiving the same error

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '?go=eaabccf037dfe25f1c635857d1635357' at line 1

Posted: Fri Sep 02, 2005 9:36 pm
by feyd
post the code you are using to for the query stuffs

Posted: Fri Sep 02, 2005 9:37 pm
by leonardobii
<a href="<?php echo $obf->obfuscate("clasif.php?codsubgrupo=".$row_jr_subgrupo['codsubgrupoclasificados']); ?>" target="framecontenido"><?php echo $row_jr_subgrupo['descripcionSG']; ?> </a>

Posted: Fri Sep 02, 2005 9:40 pm
by feyd
that wouldn't generate an SQL error. What's the code that interacts with MySQL ?

Posted: Fri Sep 02, 2005 9:43 pm
by leonardobii
if (isset($_GET['codsubgrupo'])) {
$codsubgrupo_jr_item = (get_magic_quotes_gpc()) ? $_SESSION['codsubgrupo'] : addslashes($_SESSION['codsubgrupo']);
}
mysql_select_db($database_adm, $adm);
$query_jr_item = sprintf("SELECT * FROM tipoclasificado WHERE tipoclasificado.codsubgrupo=%s",$codsubgrupo_jr_item);
$jr_item = mysql_query($query_jr_item, $adm) or die(mysql_error());
$row_jr_item = mysql_fe

Posted: Fri Sep 02, 2005 10:03 pm
by feyd
SELECT * FROM tipoclasificado WHERE tipoclasificado.codsubgrupo=%s

to

SELECT * FROM tipoclasificado WHERE tipoclasificado.codsubgrupo='%s'


and please.. start using the

Code: Select all

and/or

Code: Select all

tags like I asked. (Read the first link in my signature to learn how and what they do)