In framework file : CButtonColumn.php
-
change the updateButtonUrl variable,
public $updateButtonUrl=‘Yii::app()->controller->createUrl(“update”,array(“id”=>base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5(“testKey”), $data->primaryKey, MCRYPT_MODE_CBC, md5(md5(“testKey”))))))’;
-
Use the public function actionUpdate($id)
{
$id =rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5("testKey"), base64_decode($id), MCRYPT_MODE_CBC, md5(md5("testKey"))), "\0");
echo $id;exit;
lubosdz
(Lubosdz)
2
looks like you are going to kill a fly with a big hammer:-)
you could use performance-wiser 2-way algoritm to disguise submitted id, such as
idEncoded = base64_encode(str_rot13(id));
idDecoded = base64_decode(str_rot13(idEncoded));
or a simple character substitution…
Since ID as primary key is very short,it can be easily broken down within few seconds with brutal force guess.
Using str_rot13 (or character substitution) is roughly 130x faster
(cca 0.524 secs agains 0.003 secs for 1000 loops)
Cheers
Lubos
Hi,
i have try to below code … but cannot decrypt…
Hi all,
i am also using the encryption… but it doesn’t work properly
le_top
(Ext Yiiframework Com)
5
idDecoded = str_rot13(base64_decode(idEncoded));
is surely better.