PHP Help

system · April 8, 2014, 11:37pm

I have been provided with these instructions and have shown what I’ve managed to do so far - but am getting stuck due to my basic php ability, so any help greatly appreciated! Thank you in advance!:

The instructions:
First you need to concatenate the current date/time and your campaign identifier together in a pipe separated string. The current date/time (17/03/2014 11:05:31 in this worked example) must be in the format dd/MM/yyyy and your campaign identifier is always 1234 which gives you the following string:
17/03/2014 11:05:31|1234

This string is then encrypted using the encryption key 1234567890123456 with the following encryption function (I have changed the key for security):
[php]<?php
function Encrypt($key, $text) {
$text = utf8_encode ($text);
$td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, ‘’, MCRYPT_MODE_CBC, ‘’);
$iv = $key;
$ks = 256;
$key = $key;
$text_add = strlen($text)%16;
for($i=$text_add; $i<16; $i++) {
$text .= chr(16-$text_add);
}

mcrypt_generic_init($td, $key, $iv);
$encrypted = mcrypt_generic($td, $text);
mcrypt_generic_deinit($td);
$hexencrypted = bin2hex($encrypted);
$text_add = 32 - strlen($hexencrypted)%32;
if($text_add != 32) {
    for($i=0; $i<$text_add; $i++) {
         $hexencrypted = "0" . $hexencrypted;
    }

}
return strtoupper($hexencrypted);
}
?>[/php]

This function should return the following encrypted string:
1234567890123456789012345678901234567890123456789012345678901234 (I have changed for security)

This data then needs to be posted to the url https://www.highstreetsaving.co.uk/OPAGU/FLXHS/Login within a field named CT.

For example:

[code]

[/code] As the datestamp expires the link you will need to pass the current date/time to actually gain access to the site.

Here is what I have managed to do so far - but my very basic knowledge of php means I’m getting stuck, so any help greatly appreciated!
[php]

<?php $format = 'd/m/Y H:i:s'; date_default_timezone_set('Europe/London'); $text = DateTime::createFromFormat($format, '17/03/2014 11:05:31'); echo $text->format('d/m/Y H:i:s') . "|1234"; ---> using this to test the string is correct function Encrypt($key, $text) { $text = utf8_encode ($text); $td = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, ''); $iv = $key; $ks = 256; $key = $key; $text_add = strlen($text)%16; for($i=$text_add; $i<16; $i++) { $text .= chr(16-$text_add); } mcrypt_generic_init($td, $key, $iv); $encrypted = mcrypt_generic($td, $text); mcrypt_generic_deinit($td); $hexencrypted = bin2hex($encrypted); $text_add = 32 - strlen($hexencrypted)%32; if($text_add != 32) { for($i=0; $i<$text_add; $i++) { $hexencrypted = "0" . $hexencrypted; } } return strtoupper($hexencrypted); } ?> [/php]

awl19 · April 9, 2014, 5:16pm

Is $hexencrypted the final product you want to be sent in the form? If so, just change this:
[php][/php]
To this:
[php][/php]

Strider64 · April 9, 2014, 8:01pm

Then you would do something like this:

[php]if ( isset($_POST[‘CT’)) {
// Decrypt and check the encryption, if condition is met proceed…
pseudo code
if condition is met continue
else kick back start to login or what have you…
}[/php]

I’m assuming if the date/time has expired you would want to kick back to the submit (or login form) or proceed if it hasn’t, that is where I’m a little confused on what is required. I think the only reason why you encrypting is that people, who even have a basic knowledge of HTML can see the hidden tag and obviously you don’t want that.