Obfuscate CakePHP Helper
Sometimes you may need to obfuscate your HTML markup. I know for one of my projects, I needed to set up a PayPal redirect page and didn’t want the data to be manipulated by any users, so I opted to obfuscate the markup using JavaScript functions. Obfuscation is by no means a perfect method for encrypting HTML markup, but it certainly makes hacking your stuff a pain, and generally gets the job done.
A CakePHP Helper
To simplify obfuscation methods for Cake, I put together the Obfuscate helper, which you can see below. Using it is easy. Copy the contents of the helper into the app/views/helpers/obfuscate.php file, then include the helper in your controller, like so:
var $helpers = array('Obfuscate');Then in the view, whatever you want to obfuscate, simply run:
$obfuscate->string('Markup to obfuscate');The Helper’s Code
Here’s the code you’ll need to copy to app/views/helpers/obfuscate.php:
<?php
/* Based on Ian Willis' iScramble PHP script: z-host.com/php/iscramble */
class ObfuscateHelper extends Helper {
/**
* Obfuscate::_rot13()
* ++ performs ROT13 enconding on a given string
* @param string $str The string to encode
* @access private
*/
function _rot13($str) {
$from = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$to = 'nopqrstuvwxyzabcdefghijklmNOPQRSTUVWXYZABCDEFGHIJKLM';
return strtr($str, $from, $to);
}
/* Perform the equivalent of the JavaScript escape function */
/**
* Obfuscate::_escape()
* ++ Equivalent of the JavaScript escape function
* @param string $plain The string to escape
* @access private
*/
function _escape($plain) {
$escaped = "";
$passChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789*@-_+./";
for ($i = 0; $i < strlen($plain); $i++) {
$char = $plain{$i};
if (strpos($passChars, $char) === false) {
$escaped .= sprintf("%%%02X", ord($char));
} else {
$escaped .= $char;
}
}
return $escaped;
}
/**
* Obfuscate::string()
* ++ Obfuscates a given string
* @param string $plain The string to obfuscate
* @param bool $longPwn Whether to use more JavaScript code for better obfuscation
* @param bool $rot13 Whether to use ROT13 encoding; takes longer to decode, not recommended for long strings
* @param string $sorry Markup to display if the user doesn't have JavaScript enabled in the browser
* @return Obfuscated JavaScript code
* @access public
*/
function string($plain, $longPwd=false, $rot13=false, $sorry="[Please Enable JavaScript]") {
$escaped = $this->_escape($plain);
if ($rot13) {
$escaped = $this->_rot13($escaped);
}
$numberOfColumns = 10;
$numberOfRows = ceil(strlen($escaped) / $numberOfColumns);
$scrambled = "";
$escaped = str_pad($escaped, $numberOfColumns * $numberOfRows);
$password = "";
srand(time());
for ($j = 0; $j < ($longPwd ? $numberOfRows : 1); $j++) {
$availChars = substr("0123456789", 0, $numberOfColumns);
for ($i = 0 ; $i < $numberOfColumns; $i++) {
$char = $availChars{ rand(0, strlen($availChars)-1) };
$password .= $char;
$availChars = str_replace($char, "", $availChars);
}
}
$scramblePassword = str_repeat($password, $longPwd ? 1 : $numberOfRows);
$scrambled = str_repeat(" ", $numberOfColumns * $numberOfRows);
$k = 0;
for ($i = 0; $i < $numberOfRows; $i++) {
for($j = 0; $j < $numberOfColumns; $j++ ) {
$scrambled{(((int)$scramblePassword{$k}) * $numberOfRows) + $i} = $escaped{$k};
$k++;
}
}
$javascript = "<SCRIPT>\n\n</SCRIPT>\n";
$javascript .= "<NOSCRIPT>\n$sorry\n</NOSCRIPT>\n";
return $javascript;
}
}
?>
Comments
Submit Comment
