Is it possible to pass an array as a parameter in sc_redir

Larryh1115 · May 7, 2020, 8:10pm

Hi
Is it possible to to pass an array as a parameter in sc_redir?

My thoughts for added security.

In app1:
I sc_encode() each variable that I’m going to pass in sc_redir
I then create an array (say $param1) containing all of the encode variables
I then do the sc_redir(app2,param1=$param1) (where app2 = an sc app on another server)

Then in app2
I receive in $param1=[param1]
sc_decode($param1)
then read into the various $ variables the respective values from array $param1.

Problem if doable?
Don’t know how to create initial array $param1 in app1
Not 100% certain how extract the various values in app2

Please can someone give me guidance asap

Thanks so much

Larry

robydago · May 7, 2020, 9:04pm

Not 100% sure, but something like this should work:

app1:


$p_arr = array(
      "par1_name" => "par1_val",
      "par2_name" => "par2_val",
      "par3_name" => "par3_val"
);
$p_ser = serialize( $p_arr );
$p_enc = sc_encode( $p_ser  );
sc_redir( app2 , redir_pars=$p_enc );

app2:


$p_ser = sc_decode( [redir_pars] );
$p_arr = unserialize( $p_ser );
extract( $p_arr );

// print "par1_val"
echo $par1_name;

// print "par2_val"
echo $par2_name;

// print "par3_val"
echo $par3_name;

Larryh1115 · May 7, 2020, 9:04pm

Thanks Roby. Works like a dream.

This way anyone trying to screen-scrapping or any other only get garbled info.
I’m then also using a simple but effective tool to obfuscate the php code (http://fopo.com.ar/)

Larryh1115 · May 7, 2020, 9:04pm

Unfortunately it did not work from 1 server to another.
It works perfectly when the x2 apps are on the same server
However, affter some nasty trial and error I managed to work away around the issue.
essentially it was the sc_redir that was ultimately causing the issue.

The only draw back I see in my final answer is that you absolutely have to know the order of your parameters being passed, and when you explode out the string load up your variables accordingly.

The solution:

App1 (create an encoded string of all your parameters, separating them with a special character):
$test1=“123”;
$test2=“780A”;
$url="…/app2/app2.php"; // location of where app2 is
$p_enc=$test1."-".$test2."-"; // DO NOT use a comma to separate, use another character like a “-”
$p_enc1=sc_encode( $p_enc );
$url1=$url."?p_renc=".$p_enc1; //// This is absolutely key to making it work
sc_redir($url1);

App2:
$p_renc1=[p_renc];
//print_r($p_renc);
$p_renc2=sc_decode($p_renc1);
print_r(explode(’-’,$p_renc2,0)); /// create the array here in App2 not in App1
print_r(explode(’-’,$p_renc2,-1));

robydago · May 7, 2020, 9:05pm

Larry,

maybe the issue is that the serialize() + sc_decode() output is not URL friendly.

So you could try to add urlencode/urldecode to the mix, like this:

app1:


$url="........./app2/app2.php"; // location of where app2 is
$p_arr = array(
      "par1_name" => "par1_val",
      "par2_name" => "par2_val",
      "par3_name" => "par3_val"
);
$p_ser = serialize( $p_arr );
$p_enc = sc_encode( $p_ser  );
[B]$p_url = urlencode( $p_enc  );[/B]
sc_redir( $url .'?p_renc='. $p_url );

app2:

[B]$p_enc = urldecode( [p_renc] );[/B]
$p_ser = sc_decode( $p_enc );
$p_arr = unserialize( $p_ser );
extract( $p_arr );

// print "par1_val"
echo $par1_name;

// print "par2_val"
echo $par2_name;

// print "par3_val"
echo $par3_name;