David Golding


Obfuscate CakePHP Helper

By David Golding | Print This Post Print This Post

Sometimes you may need to obfuscate your HTML markup. I know for one of my projects, I needed to set up a PayPal redirect page and didn’t want the data to be manipulated by any users, so I opted to obfuscate the markup using JavaScript functions. Obfuscation is by no means a perfect method for encrypting HTML markup, but it certainly makes hacking your stuff a pain, and generally gets the job done.

A CakePHP Helper

To simplify obfuscation methods for Cake, I put together the Obfuscate helper, which you can see below. Using it is easy. Copy the contents of the helper into the

1
app/views/helpers/obfuscate.php

file, then include the helper in your controller, like so:

1
var $helpers = array('Obfuscate');

Then in the view, whatever you want to obfuscate, simply run:

1
$obfuscate->string('Markup to obfuscate');

The Helper’s Code

Here’s the code you’ll need to copy to

1
app/views/helpers/obfuscate.php

:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php

/* Based on Ian Willis' iScramble PHP script: z-host.com/php/iscramble */



class ObfuscateHelper extends Helper {



/**

 * Obfuscate::_rot13()

 * ++ performs ROT13 enconding on a given string

 * @param string $str   The string to encode

 * @access private

 */

    function _rot13($str) {

        $from = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

        $to = 'nopqrstuvwxyzabcdefghijklmNOPQRSTUVWXYZABCDEFGHIJKLM';

        return strtr($str, $from, $to);

    }

    

    /* Perform the equivalent of the JavaScript escape function */

/**

 * Obfuscate::_escape()

 * ++ Equivalent of the JavaScript escape function

 * @param string $plain The string to escape

 * @access private

 */

    function _escape($plain) {

        $escaped = "";

        $passChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789*@-_+./";

    

        for ($i = 0; $i < strlen($plain); $i++) {

            $char = $plain{$i};

            if (strpos($passChars, $char) === false) {

                $escaped .= sprintf("%%%02X", ord($char));

            } else {

                $escaped .= $char;

            }

        }

    

        return $escaped;

    }



/**

 * Obfuscate::string()

 * ++ Obfuscates a given string

 * @param string $plain The string to obfuscate

 * @param bool $longPwn Whether to use more JavaScript code for better obfuscation

 * @param bool $rot13   Whether to use ROT13 encoding; takes longer to decode, not recommended for long strings

 * @param string $sorry Markup to display if the user doesn't have JavaScript enabled in the browser 

 * @return  Obfuscated JavaScript code

 * @access public

 */

    function string($plain, $longPwd=false, $rot13=false, $sorry="<I>[Please Enable JavaScript]</I>") {

    

        $escaped = $this->_escape($plain);

        

        if ($rot13) {

            $escaped = $this->_rot13($escaped);

        }

    

        $numberOfColumns = 10;

        $numberOfRows = ceil(strlen($escaped) / $numberOfColumns);

        $scrambled = "";

        $escaped = str_pad($escaped, $numberOfColumns * $numberOfRows);

        $password = "";

        srand(time());

        

        for ($j = 0; $j < ($longPwd ? $numberOfRows : 1); $j++) {

            $availChars = substr("0123456789", 0, $numberOfColumns);

            for ($i = 0 ; $i < $numberOfColumns; $i++) {

                $char = $availChars{ rand(0, strlen($availChars)-1) };

                $password .= $char;

                $availChars = str_replace($char, "", $availChars);

            }

        }

    

        $scramblePassword = str_repeat($password, $longPwd ? 1 : $numberOfRows);    

        $scrambled = str_repeat(" ", $numberOfColumns * $numberOfRows);

        $k = 0;

        

        for ($i = 0; $i < $numberOfRows; $i++) {

            for($j = 0; $j < $numberOfColumns; $j++ ) {

                $scrambled{(((int)$scramblePassword{$k}) * $numberOfRows) + $i} = $escaped{$k};

                $k++;

            }

        }

    

        $javascript = "<SCRIPT>\n<!--\n";

        $javascript .= "var a='';var b='$scrambled';var c='$password';";

        

        if ($rot13) {

            $javascript .= "var d='';";

        }

        

        $javascript .= "for(var i=0;i<$numberOfRows;i++) for(var j=0;j<$numberOfColumns;j++) ";

    

        if ($rot13) {

            $javascript .= "{d=b.charCodeAt(";

        } else {

            $javascript .= "a+=b.charAt(";

        }

    

        if ($longPwd) {

            $javascript .= "(parseInt(c.charAt(i*$numberOfColumns+j))*$numberOfRows)+i); ";

        } else {

            $javascript .= "(parseInt(c.charAt(j))*$numberOfRows)+i);";

        }

    

        if ($rot13) {

            $javascript .= "if ((d>=65 && d<78) || (d>=97 && d<110)) d+=13; else if ((d>=78 && d<91) || (d>=110 && d<123)) d-=13;a+=String.fromCharCode(d);}";

        }

    

        $javascript .= "document.writeln(unescape(a));\n";

        $javascript .= "-->\n</SCRIPT>\n";

        $javascript .= "<NOSCRIPT>\n$sorry\n</NOSCRIPT>\n";

    

        return $javascript;

    }

}

?>

Comments

No Responses to “Obfuscate CakePHP Helper”


Submit Comment


Beginning CakePHP: From Novice to Professional by David Golding

Other Blogs

David Golding

A blog about CakePHP, web design, and grad studies in religion. © 2008, D. Golding