Hey all, I don't want to show the dynamic ID value in the URL
string, so I am doing an encrypt() on the page with the link, and a
decrypt() on the page showing the details.
I have this working; I only need help detecting if the user
manipulated the URL string
The set-up:
APPLICATION.CFM
<cfset VARIABLES.algorithm = "AES">
<cfset VARIABLES.encoding = "hex">
<cfset VARIABLES.key =
GenerateSecretKey(VARIABLES.algorithm)>
<cfset REQUEST.phrase = "454d5a4daSAASSDASD==_+Test">
I outputted VARIABLES.key to get the value which I hardcode for
REQUEST.phrase. I then pass REQUEST.phrase in place of the "key"
attribute in encrypt/decrypt. I am doing it this way because of an
issue noted here:
http://forums.hostmysite.com/about4161.html
PAGE1.CFM
<cfset VARIABLES.enc = Encrypt('#query.MAIN_ID#',
REQUEST.phrase, VARIABLES.algorithm, VARIABLES.encoding)>
<pre>#REQUEST.phrase#</pre>
<a href="page2.cfm?LID=#VARIABLES.enc#">view</a>
PAGE2.CFM
<cfset dec = Decrypt('#URL.LID#', REQUEST.phrase,
VARIABLES.algorithm, VARIABLES.encoding)>
On PAGE2.CFM, I do something like this:
<cfif isdefined("#URL.LID#") and URL.LID NEQ "">
<cfquery name="" datasource="">...</cfquery>
<cfelse>
OOOPPPPPPSSSS!!
</cfif>
What I'd like to do is have another check to see if the user
changed the #URL.LID# value, if the user did then redirect them to
the main page. Is that possible?
If I change the value in LID variable in the URL, I get this
error message:
There has been an error while trying to encrypt or decrypt your
input string: Given final block not properly padded.
I get that error because the "key" on first page is not same
as the "key" on display page. Is there a way to have another check
for this? Or, am I just wasting my time?