CodeIgniter URL Friendly/Safe Encodes

Hi there everyone

Encoding is very useful in different parts of developing and programming a website . You may need encoded string to increase security in communication between your program files or even some user inputs to interact with your program .

One of the most useful case for me is when a user is trying to register , or just hit the forget password button . Usually a link is generated with some identifying elements and the user is being asked to check his/her mailbox and click on the link to validate his/her email . Now generating a URL with plain identifying element may cause serious security matters and we don’t want that . That’s why we need encoded string to be passed through the URL.

Luckily , CodeIgniter has some awesome feature (class) to create and encode strings . Don’t worry , You can also decode them using the same tool.

Here is the link how to use this class to encode or decode strings . Don’t forget to setup a strong encryption key in your “config.php” to maximize your security with encryption class .

https://ellislab.com/codeigniter/user-guide/libraries/encryption.html

https://codeigniter.com/userguide3/libraries/encryption.html

While I was using this class I encountered problem using it for the case we discussed above . Emails and URIs .

Using encryption class of CodeIgniter will produces strings with special characters which is totally fine with internal uses but not for the URLs(URIs) . Characters like ‘+’, ‘/’, ‘=’ are reserved in browsers to perform special functions and using them in your URIs will mess things up and as a result you will not get what you expect or just an ugly error page .

To avoid this problem , you can use extended class like the one here :

https://ellislab.com/forums/viewthread/109429/

But if you are looking for a simple hand-made solution here is what I did to fix this problem in my application .

First of all , you should encrypt your string as usual , then you add one step to eliminate bad characters inside your encrypted string which are :

‘+’, ‘/’, ‘=’

You should replace these characters with some other special characters that will not effect the browser logic in loading pages .

Here is an example :

</pre>
this->load->library('encrypt');
$enc_username=$this->encrypt->encode($username);
$enc_username=str_replace(array('+', '/', '='), array('-', '_', '~'), $enc_username);
<pre>

In this example we replaced + , / , = characters with – , _ , ~

To decode this string I’ve used this code :

</pre>
$this->load->library('encrypt');
$dec_username=str_replace(array('-', '_', '~'), array('+', '/', '='), $enc_username);
$dec_username=$this->encrypt->decode($dec_username);
<pre>

Here , again with change back the string to its original form , then perform decode using CodeIgniter encryption class .You can do this either in your controller or in the model . Your logic and your choice.

Simple enough and useful . The extended classes on the internet just are doing the same . You just need to deal with installing the extended class , which sometimes may be much harder than adding 4 lines into your application .

Have a nice day

This entry was posted by Matin on Sunday, September 28th, 2014 at 8:24 pm and is filed under Tutorials, Web/HTTP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.