I'm trying to pass a password reset token as part of a CI4 url --it's 32 random bytes encoded using base64_encode. Suppose the token was generated this way:
PHP Code:
// returns LGziiALPuVrzIruXQNiFzDWbJuZNIT//zjgTh5FO288=
$token = base64_encode(random_bytes(32));
NOTE the two slashes in it. I'll need to urlencode.
I'm having a few problems:
1) If I try to add this token to a url like so:
PHP Code:
$url = site_url("/password-reset/token/" . urlencode($token));
then, for some strange reason, site_url function decodes the urlencoded token, yielding this:
Code:
https://example.com/password-reset/tokenLGziiALPuVrzIruXQNiFzDWbJuZNIT/zjgTh5FO288=
2) If I create the site url
without the token (which seems awkward, to be honest) and then append the urlencoded token like this:
PHP Code:
$url = site_url('/password-reset/token/') . urlencode($token);
then I get a url that looks good:
Code:
https://example.com/password-reset/token/LGziiALPuVrzIruXQNiFzDWbJuZNIT%2F%2FzjgTh5FO288%3D
but CI4 doesn't like the url and gives me 404 Not Found. It doesn't like the
% chars.
Is there some way to get codeigniter to allow url-encoded values in its segments? Is there any security risk in doing so? It seems pretty limited if we can't urlencode values to pass them in as autorouted parameters.