When passing variables in a link to a PHP file, how do I account for spaces in the link?

ErnieAlex · December 5, 2019, 5:07am

Well, Zoldos, I will throw out another idea…

I have one site that does a sort of system that might be what you want. It allows for a reset of the password by sending an email to the user with an encoded link like Astonecipher showed you. Basically, what he was saying is that you can use the base64_encode() function to create a more hidden value for the link that you send to the user in the email. In other words, he showed you if you decode the link, it shows you an array or in this case a json_decode array with [name] and [email] as the outputs. To create the inputs, you basically just do the opposite. base64_encode(json_encode(“your full link string”)) and it will create a link like Astone showed you. Then, you pass that as the link inside the user’s email. Hackers can not duplicate that and you can validate it in several ways so hackers can not send fake data. The user will get an email with a link that is like Astone showed you, but, of course they would see “Click-Here” or something like that.
Not sure if all that makes sense. Just trying to explain what he meant in more detail.

Astonecypher, perhaps you can give him the ENCODE part so he can understand it better…

zoldos · December 5, 2019, 5:48am

Yes, I see what you are saying. I have no idea how to do it tho. hehe And the encode/decode works in PHP?

astonecipher · December 5, 2019, 1:07pm

Sure @ErnieAlex!

Example code:

$email = "[email protected]";
$username = "astonecipher";

$link = base64_encode(json_encode(["email"=> $email, "username" => $username]));
$message = "https://xxxxx.net/index.php?link=$link";

echo $message;

benanamen · December 5, 2019, 5:15pm

I see what you did there and raise you one snippet.

$email = "[email protected]";
$username = "astonecipher";

$link = "email2=$email&user=$username";

echo  $str= bin2hex($link);
echo '<br>';
echo hex2bin($str);

ErnieAlex · December 5, 2019, 5:59pm

Zoldos, what these great programmers are explaining is that you can “encode” your email and username combo which is basically just a string. There are many ways to encode this data so the general user can not see the plain text. Either of the ways just shown will work well for you and hide the data in an encoded way. Since general users are not hackers, it is safe to send the data this way.

Hope that helps clear up what they are telling you…

zoldos · December 5, 2019, 11:30pm

Hmmm…looks interesting, but I decided to use my code as is. It works great for my purposes, and is secure IMO. Thanks so much!