php crypt function

David P. Schwartz davids@desertigloo.com
Mon, 01 Jan 2001 19:52:30 -0700 

sinck@ugive.com wrote:

> \_ I need something I can use in a URL link.
> \_
> \_ http://www.myserver.com/phpscript.php?arg1=lkjlkjlkjlkjlkjlkjsdfsdfsdfsdfsdfsdf&arg2=LKJLKJLKJLKJLKJLKJSDFSDFSDFSDFSDFSDF
> \_
> \_ How does it look?
> A bit longish....

that's my point.

> \_ Some browsers
> Did you mean "mail user agents" here?  Like outlook?  The rest of my
> discussion assumes so.

well, both actually.  But "mail user agents" fits.

> \_ truncate long URLs, some stretch them out so they're
> \_ still valid if you click on them.  Most users are too stupid
> You're on your way to becoming a BOFH.

BOFH? (probably not too good)

I ran into a guy recently who runs his email program so narrow that there wasn't room for this:

http://www.mysite.com/abcdefgh/myscript.php3?xyz=pp12345678901

When he clicked the link, the word-wrapping truncated the URL just after the '='.  He got an error mesage from the script.  I told him
he needs to make sure the entire URL is there.  He said, "Why don't you just make the thing shorter?  I don't want to have to muck with
stuff like this.  If it doesn't work, I'm not going to bother with it!"

I'm getting rid of the abcdefgh/ part (it was temporary anyway), and I've shortened the script names, but what more can I do?  An MD5
hash isn't going to make it any shorter.

> \_ notice if they're wrapped and they need to copy and paste into a
> \_ browser window.  Given the random nature of characters in the hash,
> \_ it's impractical to ask them to type them in by hand.
> \_
> \_ Any suggestions?
> Can you fold arg1 and arg2 into a single arg and go md5 on that?
> You could build your own hashing algorithm....

I'm already folding multiple args.

> Also, be aware of evil hashes that start with '3D'.  Why is that a
> problem, I hear you ask?  Well, consider what happens when you have:
>
> http://foo.com/foo.php?arg=3D234....
>
> Looks normal to me and you, but if you get it filtered through a
> quoted printable MUA through whatever means, you'll get it confused as
> http://foo.com/foo.php?arg=234.... or
> http://foo.com/foo.php?arg=3D3D2343... which is uncool.  (Because
> quoted printable uses = as an escape, and =3D is the escape for '='.)
> Trust me.

good point, thanks.  I typically use two alpha chars as the salt.

> \_ > aaaaaa two of us!  I knew I should have stayed away from the cloning
> \_ > lab photocopier.
> \_
> \_ Is that YOUR face I see when the bathroom mirror is all steamed up? :-)
> Yup, just me and Alice on this side of the looking glass.
>
> David
>

Would that make me something like ... the chesire cat?