Dynamo
14 replies to this thread. Most Recent
Encoding links in emails
Are there any suitable methods of preparing mail link (as seen and clicked on is an email client) to be encoded in some way?
i.e. I’m sending some variables to a php page when clicked from within an email - this is so the users does not see that actual variables in the URL bar. One variable is a price, it would be very easy for someone to simply change the price in the URL bar. If its encoded in some way then it makes thing a bit harder to tamper with.
Why not just check the variable values that have been sent and then divert the user (maybe to an Illegal action page) if they do not match a ‘legal’ configuration.
To be honest I find this is a basic part of error checking when dealing with sending values in a URL, I know some configurations will still match but it does cut the chances of someone causing a problem if they do this.
HTH
On Nov 10, 2008, at 2:37 PM, WebWorker wrote:
Are there any suitable methods of preparing mail link (as seen and clicked on is an email client) to be encoded in some way?
i.e. I’m sending some variables to a php page when clicked from within an email - this is so the users does not see that actual variables in the URL bar. One variable is a price, it would be very easy for someone to simply change the price in the URL bar. If its encoded in some way then it makes thing a bit harder to tamper with.
Freeway, PHP and MySQL examples
But then its too late, I would like to email an encoded link, which takes the user back to a php page on a site.
The whole point is not seeing the contents of the link (i.e. easily changeable). So its Like an encoded Paypal email link.
Question is, if the hyperlink is encoded in the email sent to the client, it needs un-encoding at the web site.
Is there a simple method to do this?
If your link is created through a php script then running the variable contents through urlencode() would make the url GET friendly but then you will need to decode the variable contents or the URL at the receiving end, if you say it is too late to do error checking at the receiving end then I take it you have no access to that page? so you maybe couldn’t use urldecode() there unless it has been built in at that end… anyway, this will not * ENCODE * the URL as such and it won’t stop anyone from altering the URL, nor would encoding it in any way, this is why it is a good option to error check but then you need access to the receiving end to do this, could you not sent the URL to another script, do your error checking there and if the contents are as expected send it on to the final destination by a redirect if permitted by the people who have the destination page?
For example, this may not be exactly what you are doing but the principal is the same: if someone selects some options from your site then they press an OK button this can enter the selected contents, prices, total into a database along with a uniquely generated number, this number can be added to the URL along with a checking/ processing script for the link destination: e.g. http://mydomain.com/check.php?pid=267&un=18846735622 when the user clicks the link the script loads, checks the unique number and the database entry ID which if OK and match then sends the user to the next process which could be divert or a confirm page.
DTH
On Nov 10, 2008, at 3:18 PM, WebWorker wrote:
Question is, if the hyperlink is encoded in the email sent to the client, it needs un-encoding at the web site.
Is there a simple method to do this?
Freeway, PHP and MySQL examples
The pages the data is being sent to although I have access to, its someone elses script, so I don’t want to mess too much with it. But I think see where you’re going with this…
The main issue is using GET whereby someone can see the data in the link. But if I send some data using urlencode() to a separate page, which checks then POST’s the data on correctly and hidden to the main php script.
Is that right?
On 10 Nov 2008, 1:19 pm, WebWorker wrote:
Question is, if the hyperlink is encoded in the email sent to the client, it needs un-encoding at the web site.
Is there a simple method to do this?
If you’re sending out these links in an e-mail, you won’t need to do anything special. If the link is encoded using urlencode() before you put it into the e-mail, then clicking on it from the e-mail will (typically) cause the default Web application to load the URL. Anything which is url-encoded that is sent to a Web server will be transparently decoded by the server, with no effort required on your part. This URL:
example.com/get.php?foo=your+string+here
will arrive at the server and be immediately available to PHP like this:
print $_GET['foo']; //returns 'your string here'
What you may be thinking of that does need special handling is rawurlencode(). You would use that method to encode your link if you wanted to pass characters that have special meaning in the context of a URL, like @ or / or #. When those arrive at the server, they will need to be decoded using rawurldecode().
example.com/get.php?foo=www.example.org%2Ffoo.php%3Fbar%3Dbaz
$_GET['foo'] == 'www.example.org%2Ffoo.php%3Fbar%3Dbaz'
rawurldecode($_GET['foo']) == 'www.example.org/foo.php?bar=baz'
It’s very important to only use this method on the portions of the URL that you want to pass through without being recognized as a part of a URL — so you wouldn’t run your entire link through that or it would stop being a link. Only the variable value should be encoded.
Walter
Freeway user since 1997
This would explain the example I’ve seen from a supplier of mine (basicly is sending a simple PRO-FORMA invoice) which I was thinking of re-creating for another purpose.
They have https://domain.com/payment/options.php?name=encodedbit&another=encodedbit&onemore=lastencodedbit
On Nov 10, 2008, at 3:59 PM, WebWorker wrote:
The pages the data is being sent to although I have access to, its someone elses script, so I don’t want to mess too much with it. But I think see where you’re going with this…
The main issue is using GET whereby someone can see the data in the link. But if I send some data using urlencode() to a separate page, which checks then POST’s the data on correctly and hidden to the main php script.
Is that right?
No it will not be hidden, urlencode() just makes some alterations to what is passed through it, e.g. a space such as: if you go will be converted to if+you+go rather than if20%you20%gp which could cause a problem at the receiving end.
BTW, I have found that urlencode() is ot always automatically decoded at the server end and have always found it safer to use urldecode() if urlencode() is used, maybe this may be relative to how the server is configured.
Freeway, PHP and MySQL examples
No it will not be hidden, urlencode() just makes some alterations to what is passed through it, e.g. a space such as: if you go will be converted to if+you+go rather than if20%you20%gp which could cause a problem at the receiving end.
If you really want to truly hide the data you pass and then use it again on your server, then you will need to use an encryption method, not an encoding method. This is not easy
But I suspect what you want to do is to send out a link that uniquely identifies the recipient to your Web server without explaining how it does this to the observer (as opposed to, say, get.php?id=123 or something “guessable” like that.)
One easy way to do this is with the MD5 method. MD5 (message digest 5) is a one-way hash that can be used to sign a message. It virtually guarantees that a message has not been tampered with because (within reason) no two combinations of characters will yield the same MD5 digest. And if you throw in some known garbage string (often referred to as a “salt”) then you can subtract that from the result when calculating your match:
define('SALT','asdf845cj^');
$key = md5(SALT,$email);
$link_for_email = 'http://' . 'www.myserver.com/get.php?id=' . $key;
The result of this will be a 32-character alphanumeric code which cannot be reverse-engineered and which will be repeatable — given the same input, MD5 always returns the same output code. But you can’t apply any transform to an MD5 which will cause it to return the input, because the original data is not encoded in the output.
Back in your server, you could dig this out like so:
$sql = 'SELECT * FROM people WHERE MD5(CONCAT("' . SALT . '",email)) = "' . mysql_real_escape_string($_GET['id']) '"';
And you will know that the right person is being selected, while your public audience will not be able to tell how you know.
Walter
Freeway user since 1997
Let me point out that the example I just gave contains the seeds of its own destruction, because the e-mail would be enclosed in the message in plain-text (it’s one of the message headers) so it would be a spectacularly bad choice of key. Better to use something harder, like
CONCAT(id,email,zip_code,mother_maiden_name,SALT),
where there’s lots of different data, mashed together in an order of your choosing. Otherwise, given a large enough sample of these messages, your salt could be deduced pretty simply by brute-force techniques, and in the example I gave, the salt is the only actual secret.
Walter
Freeway user since 1997
you just need to bare in mind that none of this information we have given stops the user from playing around with the URL.
On Nov 10, 2008, at 5:18 PM, WebWorker wrote:
Thanks i’ll have a play around and see how it goes.
Freeway, PHP and MySQL examples
On 10 Nov 2008, 3:51 pm, Mike B wrote:
you just need to bare in mind that none of this information we have given stops the user from playing around with the URL.
On Nov 10, 2008, at 5:18 PM, WebWorker wrote:
Thanks i’ll have a play around and see how it goes.
Right. But if they play around with a hash like MD5, they will need to have some serious time on their hands!
Walter
Freeway user since 1997
Just as a FYI, this is how Mals secures text links. The links generate a MD5 checksum that can be verified on the server. If the values of the order are manually changed (the price, shipping etc) then the hash code will be incorrect and the server refuses the order. As Walter suggests something like this could help in your project as well. Regards, Tim.
Quoting waltd <email@hidden>:
Let me point out that the example I just gave contains the seeds of its own destruction, because the e-mail would be enclosed in the message in plain-text (it’s one of the message headers) so it would be a spectacularly bad choice of key. Better to use something harder, like
CONCAT(id,email,zip_code,mother_maiden_name,SALT),where there’s lots of different data, mashed together in an order of your choosing. Otherwise, given a large enough sample of these messages, your salt could be deduced pretty simply by brute-force techniques, and in the example I gave, the salt is the only actual secret.
Walter Extend Freeway the way you want with FreewayActions.com http://www.freewayactions.com
