I try to send variable through URL. So I use this CI method
$this->encrypt->encode($variable)
And i decode it in the destination. but it doesn't return a correct value. encoded value example :
pWI+q72keVNJtpaZgJdxfwuKtqM2VrNMGhpnknsrf/3dadh0x+lU70h9hgSwFzTWQAEclSfoSZ2J3/UOuLVwgA==
I realize there are too much special characters here such as +/= . And to allow these characters in URI will be unwise.
If that so, is this function can't be implemented to secure data sent through URL?
The output of encode is Base64 encoded encrypted data. To transmit this you have to encode it in a URI-safe format.
On the PHP base64 page those functions are proposed to
$base64 = $this->encrypt->encode($variable);
$urisafe = strtr($base64, '+/', '-_');
// or
$urisafe = strtr($base64, '+/=', '-_,');
Before decodeing you would have to reverse this:
$base64 = strtr($urisafe, '-_', '+/');
// or
$base64 = strtr($urisafe, '-_,', '+/=');
The first suggestion makes it compliant with the RFC 4648 Table 2 for URL safe encodings.
strtr replaces the offending characters with safe characters. In the above example during the encoding process + is replaced by - and / by _.
I know what makes the encryption didn't return a correct value. It's because of its special characters.
pWI+q72keVNJtpaZgJdxfwuKtqM2VrNMGhpnknsrf/3dadh0x+lU70h9hgSwFzTWQAEclSfoSZ2J3/UOuLVwgA==
what's sent in this value is only pWI+q72keVNJtpaZgJdxfwuKtqM2VrNMGhpnknsrf, it happen because of / special characters.
So if we want to send this encoded value we have to make it uri safe. We can use base64_encode() after decoding and base64_decode() before decoding. Like in this example :
To encode use
$id = '123';
$encrypted_id = $this->encrypt->encode($id);
$encrypted_id = base64_encode($encrypted_id);
//$url = 'www.trythis.com/site?id=' . $encrypted_id;
And to decode
$encrypted_id = $_GET['id'];
$encrypted_id = base64_decode($encrypted_id);
$decrypted_id = $this->encrypt->decode($encrypted_id);