Need to encrypt a database field and use the value in a link to get to a 3rd party site

Question

Here's what we're trying to do:

1. We have a 3rd party website that we're trying to setup for single sign-on functionality. In order to do this, we need to embed the customer account number (we use the TAX/Vat Number field in "Account Information") in the URL going to the 3rd party site.
2. This number needs to be encrypted using 3DES
3. I would add this link somewhere on the customer account page. I do know how to add links to pages where I need them but this particular task is above my skill level.

The 3rd party documentation notes that: HTTP Post method is highly recommended (don't really know what this means)

My question is, how do I do this?

As I stated before, this is above my skill level and my company does not have the funds to source this out to someone else to take care of.

This is a time-sensitive implementation so I am having somewhat of a nervous breakdown under my desk about it. Anyone who helps will be rewarded with +2 internets. Thank you in advance.

Answer 1

I ended up figuring it out and it actually wasn't nearly as bad as I thought it would be. Thanks to Flyingmana for helping me get set in the right direction. I'm going explain as thoroughly as possible so other n00bs like me can learn.

I first created a function to encrypt as I needed and placed it in the index.php file:

function encryptionfunction($string)
{
$key = 'XXXXX'; // Had to be 24 in length for 3DES cipher
$iv = 'XXXXX'; // Had to be 8 in length

// Encrypt String
$encrypted_string = mcrypt_encrypt(MCRYPT_3DES, $key, $string, MCRYPT_MODE_CBC, $iv);
$encoded_string = base64_encode($encrypted_string);

return $iv . $encoded_string;
}

I know this probably isn't the best way to do user defined functions in Magento but I needed it done quickly.

Also, you may notice that the IV is not generated randomly per each request. This looks like a requirement in the documentation that it be a static value...based on what I read, this sounds kind of stupid as it is a security concern so I'll have to talk with the developers about this.

I was able to use the POST method as required by putting it in a form as can be seen below:

<form method="post" action="https://securewebsite/staticURLstuff<?php echo encryptionfunction($this->getCustomer()->getTaxvat()) ?>MOREURLSTUFF">
<div>
<button type="submit" title="Single Sign on Site" class="button">
<span><span>Single Sign on Site</span></span>
</div>
</form>

I have tested this multiple times and it appears to work. If someone more experienced sees any issues with what I did or inaccuracies in my explanation, please let me know. Thank you.

Answer 2

This Sure is not the best possible answer, but should help to get on the right track or be a base for others to make it a more detailed answer.

First, the mention of the HTTP Post method. This is a very important part, as it is about the basic nature how websites work. The most known HTTP methods are Get and Post, most used in context of forms and ajax. But Wikipedia sure can describe this a lot better http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Request_methods

For the encrypting you use mcrypt, which is already required by magento, so you can relay on its existence. if you search for the $cipher, its MCRYPT_3DES. The exact method you will use is mcrypt_encrypt.

For Step 3 I currently dont know how to answer, maybe there is some information still missing from your side.