CFLib.org – Common Function Library Project

URLDecrypt(nKey[, QueryString])

Last updated October 8, 2002

author

Timothy Heald

Version: 3 | Requires: CF5 | Library: SecurityLib

Description:
This is actually two functions. The first urlEncrypt("name=value&name=value&name=value",key) you use when you would have a link or an action that you would be setting url variables in. The second urlDecrypt(key) you use on whatever page you are calling, or using as the form action page.

Return Values:
Writes to the URL scope.

Example:

Create an encrypted query string. Normally this
would not be hard coded.

<CFSET Name = "Ray">
<CFSET Age = 28>
<CFSET Key = "MySecretBlah348123190">
<CFSET QS = "name=#Name#&age=#Age#">
<CFSET QS = URLEncrypt(QS,key)>
<CFOUTPUT>
QueryString is #QS#<P>
</CFOUTPUT>
<CFSET URLDecrypt(Key,QS)>
Dump of URL scope:
<CFDUMP VAR="#URL#">

Parameters:

Name Description Required
nKey The encryption key to use. Yes
QueryString Defaults to CGI.Query_String No

Full UDF Source:

/**
 * Add security by encrypting and decrypting URL variables. See URLEncrypt.
 * Mod by David Heard - added decode
 * 
 * @param nKey 	 The encryption key to use. (Required)
 * @param QueryString 	 Defaults to CGI.Query_String (Optional)
 * @return Writes to the URL scope. 
 * @author Timothy Heald (theald@schoollink.net) 
 * @version 3, October 9, 2002 
 */
function urlDecrypt(key){
	var queryString = cgi.path_info;
	var scope = "url";
	var stuff = "";
	var oldcheck = "";
	var newcheck = "";
	var i = 0;
	var thisPair = "";
	var thisName = "";
	var thisValue = "";

	// see if a scope is provided if it is set it otherwise set it to url
	if(arrayLen(arguments) gt 1){
		scope = arguments[2];
	}

	if ((right(queryString,3) neq "htm") or (findNoCase("&",queryString) neq 0) or (findNoCase("=",queryString) neq 0)){
		stuff = '<FONT color="red">not encrypted, or corrupted url</FONT>';
	} else {
	
		// remove /index.htm
		querystring = replace(queryString, right(queryString,10),'');
		
		// remove the leading slash
		querystring = replace(queryString, left(queryString,1),'');
		
		// grab the old checksum
           if (len(querystring) GT 2) {
               oldcheck = right(querystring, 2);
               querystring = rereplace(querystring, "(.*)..", "\1");
           } 
           
           // check the checksum
           newcheck = left(hash(querystring & key),2);
           if (newcheck NEQ oldcheck) {
               return querystring;
           }
           
           //decrypt the passed value
		queryString = cfusion_decrypt(queryString, key);
		
			// set the variables
			for(i = 0; i lt listLen(queryString, '&'); i = i + 1){
				
				// Break up the list into seprate name=value pairs
				thisPair = listGetAt(queryString, i + 1, '&');
				
				// Get the name
				thisName = listGetAt(thisPair, 1, '=');
				
				// Get the value
				thisValue = listGetAt(thisPair, 2, '=');
				
				// Set the name with the scope
				thisName = scope & '.' & thisName;
				
				// Set the variable
				setVariable(thisName, thisValue);
			}
		
	}
	
	return stuff;
}
blog comments powered by Disqus

Search CFLib.org


Latest Additions

Kevin Cotton added
date2ExcelDate
May 5, 2016

Raymond Camden added
CapFirst
April 25, 2016

Chris Wigginton added
loremIpsum
January 18, 2016

Gary Stanton added
calculateArrival...
November 19, 2015

Sebastiaan Naafs - van Dijk added
getDaysInQuarter
November 13, 2015

Created by Raymond Camden / Design by Justin Johnson