2 Replies Latest reply on Jul 24, 2007 10:26 AM by AlwaysWannaLearn

    Detect if URL variable was changed

      Hey all, I don't want to show the dynamic ID value in the URL string, so I am doing an encrypt() on the page with the link, and a decrypt() on the page showing the details.

      I have this working; I only need help detecting if the user manipulated the URL string

      The set-up:
      <cfset VARIABLES.algorithm = "AES">
      <cfset VARIABLES.encoding = "hex">
      <cfset VARIABLES.key = GenerateSecretKey(VARIABLES.algorithm)>
      <cfset REQUEST.phrase = "454d5a4daSAASSDASD==_+Test">
      I outputted VARIABLES.key to get the value which I hardcode for REQUEST.phrase. I then pass REQUEST.phrase in place of the "key" attribute in encrypt/decrypt. I am doing it this way because of an issue noted here: http://forums.hostmysite.com/about4161.html

      <cfset VARIABLES.enc = Encrypt('#query.MAIN_ID#', REQUEST.phrase, VARIABLES.algorithm, VARIABLES.encoding)>
      <a href="page2.cfm?LID=#VARIABLES.enc#">view</a>

      <cfset dec = Decrypt('#URL.LID#', REQUEST.phrase, VARIABLES.algorithm, VARIABLES.encoding)>

      On PAGE2.CFM, I do something like this:
      <cfif isdefined("#URL.LID#") and URL.LID NEQ "">
      <cfquery name="" datasource="">...</cfquery>

      What I'd like to do is have another check to see if the user changed the #URL.LID# value, if the user did then redirect them to the main page. Is that possible?

      If I change the value in LID variable in the URL, I get this error message:
      There has been an error while trying to encrypt or decrypt your input string: Given final block not properly padded.

      I get that error because the "key" on first page is not same as the "key" on display page. Is there a way to have another check for this? Or, am I just wasting my time?