Using base64 encoded string URL

Question

Possible Duplicate:
Passing base64 encoded strings in URL

I am working on creating a url that will be sent to user. User then clicks the url and this URL tells me who the user is.

So all the data I have added to this link using base64 encode. However when user clicks the link he gets redirected to 404 page since encoded url has '/' in it and zend framework router does not find any routes for it.

Any way I can suppress the '/'? I tried htmlentities but it did not work.

Replace `/` with something different, e.g. `!`. Then do the opposite again before decoding it. See http://en.wikipedia.org/wiki/Base64 - you might want to do something similar because of `+` as well. Your problem is independent to zend framework so I removed it from the title. See as well here for some pointers: http://www.ruby-forum.com/topic/167232 — hakre, Oct 22 '12 at 14:16
@hakre I'm not sure this can't be solved with a zend specific soulution. If you tell the router to accept whatever comes after e.g. /controller/method/ as an argument, ignoring any special characters it could work. I don't have any experience with zend, but this would work with most other frameworks that lets you write custom routes. — Jørgen R, Oct 22 '12 at 14:25
@jurgemaister: Yes, technically I'm pretty sure you're right but not for the `+` character. Also this *might* break relative paths (if used). I suggest to make the data into one clear package first, then deal with it. More conservative maybe. But actually more save I'd say and not special solution you need to tweak routing much but something that "just works". — hakre, Oct 22 '12 at 14:27

Richard Parnaby-King · Accepted Answer · 2012-10-22T14:55:07.863

I strongly recommend Joe Riggs' Create URL Safe Encrypted String.

The supplied code is in procedural, but is extremely simple to convert to OO. I have used it to do what you are doing in which some information (usually a hash of the user's email and id) is encoded/encrypted for the user to click on to activate their account.

The functions you want to look at are url_base64_decode and url_base64_encode, in which certain characters are rewritten to be url safe (for example, removing / and replacing it with ~).

[edit]

Here is a codepad of my class based on the above code: http://codepad.org/lzevA4k1

Usage:

$cryptUtil = new RPK_Crypt();
$string = 'Unencrypted string';
$eString = $cryptUtil->encrypt($string);
$dString = $cryptUtil->decrypt($eString);
var_dump($dString == $string); //true

Here's a working path https://joe-riggs.com/blog/php-create-url-safe-encrypted-string/ — Dexter, Aug 26 '23 at 01:13

Carlos · Answer 2 · 2012-10-22T14:25:15.853

-1

I think that you need URL encoding for chars +, / and =. Try using urlencode() on your Base64 encoded parameter.

PS: By the way, these will be the changes: + => %2B, / => %2F and = => %25

edited Oct 22 '12 at 14:25

answered Oct 22 '12 at 14:19

Carlos

4,949
2
20
37

The 404 comes long before you could ever decode I'd say. – hakre Oct 22 '12 at 14:20
@hakre the URL you send to the user has to be encoded. – Jørgen R Oct 22 '12 at 14:20
1

If the base64 string is part of the path, triplet encodings or not, this just does not work. See as well the duplicate question: http://stackoverflow.com/q/1374753/367456 . – hakre Oct 22 '12 at 14:23

Using base64 encoded string URL

2 Answers2