How can I do hashing url paramaters in Laravel? I know the Hash::make method, but that's a method for passwords (those hashes are not very url-friendly). Does Laravel have a beter alternative, so I can hash parameters like http://url?key=2jd8dka72
Asked
Active
Viewed 8,422 times
3
-
your example url is also not a friendly url? – delboy1978uk Aug 18 '17 at 15:19
-
yes thats an example url how it has to be. But a Laravel Hash::make() hash is like: %242y%2410%246nROENnpBmwDaxElOMs9402eQIEVBlJTMxjUO6726caxwbbvxNI6m – angelique000 Aug 18 '17 at 15:20
-
so just a short hash? – delboy1978uk Aug 18 '17 at 15:22
-
Have a look here https://stackoverflow.com/questions/4567089/hash-function-that-produces-short-hashes – delboy1978uk Aug 18 '17 at 15:23
-
1also, what are your priorities. Cryptographic security? Minimal collisions? Speed? – Elle H Aug 18 '17 at 15:24
-
i assume zero collisions or its pretty useless – delboy1978uk Aug 18 '17 at 15:24
-
not only short, but espcially url-friendly (no % chacters). But more a method like the wordpress wp_nonce() method. – angelique000 Aug 18 '17 at 15:24
-
1what is the use case? – delboy1978uk Aug 18 '17 at 15:24
-
2An use case: a user can send a mail to another user with an url: http://url?send_mail_to_user=15&key=kah38sja (where 'key' is a hash of 15). In the send_mail() function I can verify the key and user_id. – angelique000 Aug 18 '17 at 15:28
2 Answers
8
you can use Laravel Encrypt function for that .
put
use Illuminate\Support\Facades\Crypt;
in header section and than use Crypt::encrypt($param) to encrypt param and Crypt::decrypt($param) to decrypt it.
Lakshay Jain
- 446
- 1
- 3
- 17
1
Just add base64 encoding to make it more friendly looking.
use Hash;
...
$id = 15;
$key = base64_encode(Hash::make($id));
echo "http://someurl?send_mail_to_user=$id&key=$key";
When you check it:
use Hash;
...
$keyDecoded = base64_decode($request->key);
if(Hash::check($request->id, $keyDecoded)) {
// checked
}
Another way is to use some complicated function like a large number at another base. But it is not secured (just security through obscurity):
echo base_convert($id * 250 + 5675675, 10, 33); // converts 15 to 4q18q
echo ((base_convert('4q18q', 33, 10) - 5675675) / 250); // converts back, but this one is not being used
// checking:
if(base_convert($request->id * 250 + 5675675, 10, 33) === $request->key) {
// checked
}
shukshin.ivan
- 11,075
- 4
- 53
- 69
-
yes I know. But I don't understand why Laravel doesn't have a default function for this. How do other laravel sites hash url parameters? – angelique000 Aug 18 '17 at 15:43
-
As for password reset token, it is generated with `str_random` and stored in another field of an entity, so it is passed as a friendly string: `reset password via link http://site.ru/password/reset/df06d70b6257690941b4130e5b293932cdb47061593aa0716e79987cad71bd78` You store just an id, password restoring stores two fields: id and token. – shukshin.ivan Aug 18 '17 at 15:47
-
Laravel has encryption class Illuminate\Support\Facades\Crypt to do all this for us. – Lakshay Jain Aug 18 '17 at 15:54
-
He needs to pass a friendly looking string and to check it then. I've introduced two ways. Does it really deserve two downs? What's up? – shukshin.ivan Aug 18 '17 at 15:57
-
It is not strictly defined to use crypting. Hashing suits his purposes as well. – shukshin.ivan Aug 18 '17 at 15:59
-
-
`base_convert` and `base64_encode` too. It's a bad practice, to downvote another answer that does solve the problem just because it differs from yours. – shukshin.ivan Aug 18 '17 at 17:15
-
I have upvoted your answer. In my opinion your answer is the best answer for my question, I have not seen any better solutions. – angelique000 Aug 22 '17 at 10:12