0

I'm trying to find out if there is a way to obfuscate the PHP output (html stuff).

basically, I have a few hidden inputs and they have some PHP outputs in them...

Example:

<input type="hidden" name="myinput" value="<?php echo $variable; ?>" />

is there any way to obfuscate its value in the users browser but still readable server side so I can pass the input value between pages?

any suggestion and help would be appreciated.

EDIT: I did it like this:

$string = "my string to be be encrypted goes here";
$secret_key = "This is my secret key";

// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

// Encrypt $string
$encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $string, MCRYPT_MODE_CBC, $iv);

// Decrypt $string
$decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret_key, $encrypted_string, MCRYPT_MODE_CBC, $iv);

echo "Original string : " . $string . "<br />\n";
echo "Encrypted string : " . $encrypted_string . "<br />\n";
echo "Decrypted string : " . $decrypted_string . "<br />\n";
Improve this question
13
  • 2
    Why not encrypt the value on on1 page and decrypt on the other page? Commented Apr 6, 2016 at 7:53
  • @Daan, i did look into that and the only thing I came across was md5() which would make it impossible to decrypt it once its been encrypted! any suggestions? Commented Apr 6, 2016 at 7:55
  • 2
    md5() is a hashing function. Hashing isn't encryption. Commented Apr 6, 2016 at 7:59
  • You can use base64 encoding with any other cipher (md5 is one way algorithm). But why not using php sessions if both scripts are on the same machine? Commented Apr 6, 2016 at 8:01
  • @Daan, got ya... I think I've sorted it now with your suggestion. sweet. Commented Apr 6, 2016 at 8:02

1 Answer 1

Reset to default
1

Instead of returning the values as part of the form field; do not send them data at all! Save the data to a database table and link to the current user. Link the data with the user via any number of methods (User id, cookie, session, etc). when the form is submitted retrieve the secret and execute your business logic.

Side note: If you want the data to be secure you want to encrypt it, not hash, not encode; encrypt.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.