{"id":1784,"date":"2012-09-14T12:33:17","date_gmt":"2012-09-14T12:33:17","guid":{"rendered":"http:\/\/truelogic.org\/wordpress\/?p=1784"},"modified":"2012-09-14T12:33:17","modified_gmt":"2012-09-14T12:33:17","slug":"url-masking-by-encrypting-query-string","status":"publish","type":"post","link":"https:\/\/truelogic.org\/wordpress\/2012\/09\/14\/url-masking-by-encrypting-query-string\/","title":{"rendered":"URL masking by encrypting query string"},"content":{"rendered":"            <script type=\"text\/javascript\" src=\"https:\/\/truelogic.org\/wordpress\/wp-content\/plugins\/wordpress-code-snippet\/scripts\/shBrushPhp.js\"><\/script>\n<p>For many of my project I have written code which simply a link having some parameters as query string in url to pass information from one page to another by using GET request. However there are situations when I want to hide the query string to avoid tempering by users. Many people suggest using POST instead of GET, but remembering I am not submitting a form. Another possible solution is to use session variable and pass data from one page to another, this is fine if we have limited number of link having query string.<br \/>\nThe best suggested way to hide the query string from a site user is to use rewrite rule in your htaccess file.<br \/>\nBut I decided to encrypt the query string and then decrypt it back on landing page. I does some googling and integrate the suggestion from there with some of the built in php function to get a working code.<br \/>\nHere is the code<br \/>\n<pre class=\"brush: php\">&lt;?php\r\n\r\n\t\/\/function to encrypt the query string\r\n\r\nfunction encryptLink($val1, $val2){\r\n\r\n\t$keySalt = &quot;aghtUJ6y&quot;;  \/\/ change it\r\n\r\n\t$qryStr = &quot;name1=&quot;.$val1.&quot;&amp;name2=&quot;.$val2;  \/\/making query string\r\n\r\n\t$query = base64_encode(urlencode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($keySalt), $qryStr, MCRYPT_MODE_CBC, md5(md5($keySalt)))));    \/\/this line of code encrypt the query string\r\n\r\n\t$link = &quot;landing_page.php?&quot;.$query;\r\n\r\n\treturn $link;\r\n\r\n}\r\n\r\n$v1 = &quot;foo&quot;;  \/\/ you can generate this value dynamically \r\n\r\n$v2 = &quot;bar&quot;;\r\n\r\n$pagelink = encryptLink($v1, $v2);\r\n\r\n?&gt;\r\n\r\n&lt;a href=&quot;&lt;?php echo $pagelink ?&gt;&quot;&gt;link&lt;\/a&gt;\r\n<\/pre><\/p>\n<p>The function encryptLink take parameters which are the values to be passed on landing_page.php (in this example). Off course you can pass the parameters in different style and manipulate according to your need. The mcrypt_encrypt() function take different parameters details of which you can find on its documentation on php.net.<\/p>\n<p>Now on landing_page.php you must have decrypt script to get the query string back in original from so that you can process any further logic<br \/>\nIt\u2019s very simple<br \/>\n<pre class=\"brush: php\">&lt;?php\r\n\r\n$keySalt = &quot;aghtUJ6y&quot;;     \/\/ same as used in encryptLink function\r\n\r\n$queryString = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($keySalt), urldecode(base64_decode($_SERVER[&#039;QUERY_STRING&#039;])), MCRYPT_MODE_CBC, md5(md5($keySalt))), &quot;\\0&quot;);   \/\/this line of code decrypt the query string\r\n\r\nparse_str($queryString);   \/\/parse query string\r\n\r\nif(!empty($name1) &amp;&amp; !empty($name2)){\r\n\r\n       echo $name1;  \/\/  will print &quot;foo&quot;\r\n\r\n      echo $name2;  \/\/ will print &quot;bar&quot;\r\n\r\n}\r\nelse{\r\n\r\n\texit(&quot;Invalid parameters passed&quot;);\r\n\r\n}\r\n\r\n?&gt;<\/pre><\/p>\n<p>That\u2019s all you need to mask you link so the user cannot temper with your url query string. Hope this small tutorial helps you. Feel free to comment or leave a suggestion.<\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>For many of my project I have written code which simply a link having some parameters as query string in url to pass information from <a class=\"mh-excerpt-more\" href=\"https:\/\/truelogic.org\/wordpress\/2012\/09\/14\/url-masking-by-encrypting-query-string\/\" title=\"URL masking by encrypting query string\">[&#8230;]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,11,12,16],"tags":[292,291,293,290,289,200],"class_list":["post-1784","post","type-post","status-publish","format-standard","hentry","category-apachephp","category-tutorials","category-useful-lists","category-www-stuff","tag-decode-url","tag-encode-url","tag-encrypt-url","tag-hide-query-string","tag-mask-url","tag-php"],"_links":{"self":[{"href":"https:\/\/truelogic.org\/wordpress\/wp-json\/wp\/v2\/posts\/1784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/truelogic.org\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/truelogic.org\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/truelogic.org\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/truelogic.org\/wordpress\/wp-json\/wp\/v2\/comments?post=1784"}],"version-history":[{"count":2,"href":"https:\/\/truelogic.org\/wordpress\/wp-json\/wp\/v2\/posts\/1784\/revisions"}],"predecessor-version":[{"id":1786,"href":"https:\/\/truelogic.org\/wordpress\/wp-json\/wp\/v2\/posts\/1784\/revisions\/1786"}],"wp:attachment":[{"href":"https:\/\/truelogic.org\/wordpress\/wp-json\/wp\/v2\/media?parent=1784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/truelogic.org\/wordpress\/wp-json\/wp\/v2\/categories?post=1784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/truelogic.org\/wordpress\/wp-json\/wp\/v2\/tags?post=1784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}