Url Management -Edit Id Encrytion In Cgridview

In framework file : CButtonColumn.php

  1. change the updateButtonUrl variable,

    public $updateButtonUrl=‘Yii::app()->controller->createUrl(“update”,array(“id”=>base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5(“testKey”), $data->primaryKey, MCRYPT_MODE_CBC, md5(md5(“testKey”))))))’;

  2. Use the public function actionUpdate($id)

    {

$id =rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5("testKey"), base64_decode($id), MCRYPT_MODE_CBC, md5(md5("testKey"))), "\0");

echo $id;exit;

looks like you are going to kill a fly with a big hammer:-)

you could use performance-wiser 2-way algoritm to disguise submitted id, such as


idEncoded = base64_encode(str_rot13(id));

idDecoded = base64_decode(str_rot13(idEncoded));



or a simple character substitution…

Since ID as primary key is very short,it can be easily broken down within few seconds with brutal force guess.

Using str_rot13 (or character substitution) is roughly 130x faster

(cca 0.524 secs agains 0.003 secs for 1000 loops)

Cheers

Lubos

Hi,

i have try to below code … but cannot decrypt…

Hi all,

i am also using the encryption… but it doesn’t work properly


idDecoded = str_rot13(base64_decode(idEncoded));

is surely better.