[IDcrypt]

Link	IDcrypt
Author	Pier Kuipers
Category	Encryption
Version	8.x
License	Public Domain
Posted	29 Jan 2007
Updated	29 Jan 2007
More by this author...

Description

This tag was written to deal with "scraping" attacks where bots keep requesting the same page with incremental id parameters, corresponding to mysql id columns. Rather than introducing a new column with a unique id, this tag will "intelligently" blowfish encrypt or decrypt existing id values.

Sample Usage

[local('myID' = (action_param('id')))]
[IDcrypt(#myID)]

[IDcrypt('35446')] -> j4b50f315238d68df

[IDcrypt('j4b50f315238d68df')] -> 35446

Source Code

Click the "Download" button below to retrieve a copy of this tag, including the complete documentation and sample usage shown on this page. Place the downloaded ".inc" file in your LassoStartup folder, restart Lasso, and you can begin using this tag immediately.

[

define_tag:'IDcrypt',
	-description='Encrypts or Decrypts integer values',
	-required='value',
	-optional='seed';
	
// if id values need to be retrieved from bookmarked urls, the tag's built-in seed value must be used,
// or the seed value used must be guaranteed to be the same as when the value was encrypted!		

	local('cryptvalue' = string);
	!local_defined('seed') ? local('seed' = '12s34Xz33');
	Local('RandChars' = 'AaBbCcDdEeFfGgHhiJjKkLmNnoPpQqRrSsTtUuVvWwXxYyZz');
	Local('anyChar' = (#RandChars -> (Get:(Math_Random: -Min=1, -Max=(#RandChars->Size)))));
// taken from Bil Corry's [lp_string_getNumeric]
	local('numericValue' = (string_findregexp((string: #value), -find='\\d')->(join:'')));
	
	if(
		(#numericValue == (integer(#value))) 
		&& 
		(((string(#value))->length) == ((string(#numericValue)) -> length))
	);
// alpha character is inserted at beginning of encrypted string in case value needs to be
// cast to a javascript variable, which cannot start with a number		
		#cryptvalue = (#anyChar + (Encrypt_Blowfish(#value, -seed=#seed)));
	else(
		((((string(#value))->length) - 1) % 2 == 0)
		&&
		(((string(#value))->length) > 16)
	);
		#cryptvalue = (decrypt_blowfish((String_Remove: #value, -StartPosition=1, -EndPosition=1),-Seed=#seed));
	else;
		#cryptvalue = 0;
	/if;
	
	if(String_IsAlphaNumeric(#cryptvalue));
		return(#cryptvalue);
	else;
// successfully decrypted values resulting in lots of strange characters are probably
// the result of someone guessing a value		
		return(0);
	/if;

/define_tag;

]

Related Tags

lp_string_getNumeric

Comments

No comments

Please log in to comment

[IDcrypt]

Link	IDcrypt
Author	Pier Kuipers
Category	Encryption
Version	8.x
License	Public Domain
Posted	29 Jan 2007
Updated	29 Jan 2007
More by this author...

Description

Sample Usage

[local('myID' = (action_param('id')))] [IDcrypt(#myID)] [IDcrypt('35446')] -> j4b50f315238d68df [IDcrypt('j4b50f315238d68df')] -> 35446

Source Code

[

define_tag:'IDcrypt',
	-description='Encrypts or Decrypts integer values',
	-required='value',
	-optional='seed';
	
// if id values need to be retrieved from bookmarked urls, the tag's built-in seed value must be used,
// or the seed value used must be guaranteed to be the same as when the value was encrypted!		

	local('cryptvalue' = string);
	!local_defined('seed') ? local('seed' = '12s34Xz33');
	Local('RandChars' = 'AaBbCcDdEeFfGgHhiJjKkLmNnoPpQqRrSsTtUuVvWwXxYyZz');
	Local('anyChar' = (#RandChars -> (Get:(Math_Random: -Min=1, -Max=(#RandChars->Size)))));
// taken from Bil Corry's [lp_string_getNumeric]
	local('numericValue' = (string_findregexp((string: #value), -find='\\d')->(join:'')));
	
	if(
		(#numericValue == (integer(#value))) 
		&& 
		(((string(#value))->length) == ((string(#numericValue)) -> length))
	);
// alpha character is inserted at beginning of encrypted string in case value needs to be
// cast to a javascript variable, which cannot start with a number		
		#cryptvalue = (#anyChar + (Encrypt_Blowfish(#value, -seed=#seed)));
	else(
		((((string(#value))->length) - 1) % 2 == 0)
		&&
		(((string(#value))->length) > 16)
	);
		#cryptvalue = (decrypt_blowfish((String_Remove: #value, -StartPosition=1, -EndPosition=1),-Seed=#seed));
	else;
		#cryptvalue = 0;
	/if;
	
	if(String_IsAlphaNumeric(#cryptvalue));
		return(#cryptvalue);
	else;
// successfully decrypted values resulting in lots of strange characters are probably
// the result of someone guessing a value		
		return(0);
	/if;

/define_tag;

]

Related Tags

Comments

No comments

Please log in to comment

Your Cart

LassoSoft >

LassoDocs >

LassoTalk >

[IDcrypt]

Description

Sample Usage

Source Code

Related Tags

Comments

Please log in to comment

[IDcrypt]

Description

Sample Usage

Source Code

Related Tags

Comments

Please log in to comment

LassoSoft Inc. > Home