Reverse obfuscating plain text string urls in PHP

Question

I'm trying to figure out a way to program a function that will de-obfuscate a plain text url.

Something like this:

<input type="hidden" value="kjgajkwe@#jktGAkjgWjkajskd" name="obsfucatedString" />

Then in the processing of that form I want to De-Obsfucate it:

$url = deObfuscate($_POST['obsfucatedString']);
so $url would become something like:
$url = 'http://domain.com/filename.zip';

Is something like that even possible?

I'm trying to hide the url from plain programmer sight.

I guess I would need to write something that would obsfucate the string as well

so

$obsfucatedStringURL = obsfucate('http://domain.com/filename.zip');

Answer 1

Encrypt the URL with a password stored on the server (a good algorithm to use is AES), then decrypt it when you need to obtain the value. A problem with this is that the encrypted string will not be composed of printable characters. To get around this, use base64_encode() to convert the binary encoded string to printable characters that can be added as a value in the <input> field, then use base64_decode() to get back the original value on the server.

Answer 2

There are many ways of encoding and reversing a plain text string. An simple way to obfuscate your string is by using the str_rot13 function once to encode and once again to decode (note: this will not give you any cryptographic security). I'd suggest encrypting using AES using a secret stored on the server to encrypt and decrypt. The following thread's answer defines functions for encrypting/decrypting that you can use.

PHP AES encrypt / decrypt

Another approach that might be worth considering vs. obfuscation is to store the URL server side as part of the user's session or persisted in a database. Then instead of sending an obfuscated string down, use a key that performs a lookup to retrieve the URL.