Welcome Guest, Not a member yet? Register   Sign In
URL Encryption Issues
#1

(This post was last modified: 07-11-2020, 01:13 AM by rfctech.)

Dear, Viewers I am facing issue with URL Encryption, I have done almost but stacking in some case let me explain...

First Try: I have encrypted the URL by custom function & then I route the page to common controller like below

$route["(:any)"] = "Decrypt/index/$1"; 

Below is Decrypt Controller code

PHP Code:
    public function index()
    {
        
$get_url $this->uri->segment(1);
        
$dcrypt_url decrypt_url($get_url);

        if(!
$dcrypt_url){
             
redirect(base_url().$get_url);
        }else{
             
redirect(base_url().$dcrypt_url);
        }
    } 


So its decrypt & redirect to desire page, but the issue is URL is not encrypted anymore example this was the encrypted url:

http://example.com/ded055278695fe8a7c8b2...wVkm.2QV1o-

After decrypt its become http://example.com/users & when its redirect URL is not encrypted anymore its showing decrypted url. I want URL will be remain encrypted. hope experts understand.

2nd Try: 

PHP Code:
    class Home extends Crypto_Controller {
    
    function 
__construct()
    {
        
parent::__construct();
        if(!
$this->session->userdata('id'))
        {
            
$this->session->sess_destroy();
            
redirect('login''refresh');    
        }
        
$this->load->model('M_users');        
    }


    public function 
index()
    {
        
$data['users']=$this->M_users->getAllUsers();
        
$get_url $this->uri->segment(1);
        
$dcrypt_url decrypt_url($get_url);

        if(!
$dcrypt_url){
            echo 
$this->load->view($get_url$dataTRUE);
        }else{
            echo 
$this->load->view($dcrypt_url$dataTRUE);
        }
    } 

In above code url is remain encrypted & working fine but as you can see I have load the modules to pass the data of users, I believe each & every controller & module should separate & just load when the paged called it, but by this way all models will load when page will load which is make site slower.

I hope someone can guide me or suggest me to reach my goal, T.I.A
Reply
#2

Encrypting url won't provide you with greater security. As a matter of fact, the they you are loading the view could lead to a security hole (2nd try), as they can do a "directory traversal attack". Don't know CI3 view() code by heart, so I'm not sure if it protects you from that.

And the only way to get this to work are using just one controller, you can never redirect them to an unencrypted url. And they can always guess your url, if you still got an "admin" url, they can access it. Nothing in CI prevents users to access a normal url.
Reply
#3
Sad 
(This post was last modified: 07-12-2020, 09:04 AM by jreklund.)

(07-11-2020, 01:32 AM)jreklund Wrote: And the only way to get this to work are using just one controller:

If I use one controller its not good/logical, because all models are loading without reason make site load very slow, because its take time to process all data, there is not any other way to reach my goal Sir?
Reply
#4

No, as you can't redirect it elsewhere. index() should only direct it elsewhere in the same controller. Pointing to news(), article(), page() etc and there you load the correct model.
Reply
#5

(07-12-2020, 09:06 AM)jreklund Wrote: No, as you can't redirect it elsewhere. index() should only direct it elsewhere in the same controller. Pointing to news(), article(), page() etc and there you load the correct model.

Sir can I decode in routes.php like below

Code:
$get_url = $this->uri->segment(1);
$dcrypt_url = decrypt_url($get_url);

  if(!$dcrypt_url){
     $route["(:any)"] = "$get_url/$1"
  }else{
     $route["(:any)"] = "$dcrypt_url/$1"
  }

something like this can we do it? or its possible in codeigniter, please let me know if anyone knows about it...
Reply
#6

Don't know. Try it out and let us know.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB