Php – Simple encryption in PHP


I'm building a with-source system which I am giving out on the 'net for providing adoptable virtual pets. The system will be owned mainly by kids. Since I want it to be usable for absolute beginner programmers, there are several complexity constraints on my system: It can't use libraries that don't commonly ship with PHP, and it can't touch a database or write to other permanent storage.

When each pet is adopted, the visitor will randomly get given one of a series of slightly different variations of that pet. The variations initially look the same, but grow up over time to become different pets. The visitor will be given a short code in HTML which links to the image of their pet. Since there is no permanent storage available server-side, the user's image link must contain all of the information to determine which pet variation they ended up getting.

At the moment, the URL just contains the ID of the pet and the ID of the variation that the user got. The problem with this is that, by comparing codes with each other, the users can figure out who amongst them ended up with the same variation. Since some variations are rarer than others, users can spot the rare variations easily before the difference is even visually apparent.

What I would like is an encryption system for the details in the URL. Something that obscures the variation ID so that each user gets a different URL with high probability. I thought of using the variation ID (3 or 4 bits) as the low bits or high bits of a large random number, but the users will spot the pattern in this. Ideally the encryption system would be parametrized so that each installation of my system would use a slightly different encryption.

PHP's mcrypt library would probably have something useful in it, but it doesn't seem to be very common amongst hosters.

Is there a simple, parametrized, obfuscation/encryption I can use here?

Best Solution

You are looking for "one time padding" encryption. It takes a key and does modulus addition to characters to create the encrypted string.

function ecrypt($str){
  $key = "abc123 as long as you want bla bla bla";
  for($i=0; $i<strlen($str); $i++) {
     $char = substr($str, $i, 1);
     $keychar = substr($key, ($i % strlen($key))-1, 1);
     $char = chr(ord($char)+ord($keychar));
  return urlencode(base64_encode($result));

function decrypt($str){
  $str = base64_decode(urldecode($str));
  $result = '';
  $key = "must be same key as in encrypt";
  for($i=0; $i<strlen($str); $i++) {
    $char = substr($str, $i, 1);
    $keychar = substr($key, ($i % strlen($key))-1, 1);
    $char = chr(ord($char)-ord($keychar));
return $result;

So that's simple string encryption. What I would do is serialize the array of the user's parameters and pass it as a variable in the link:

$arr = array(
  'favorite_food'=>"cat poop",
$param_string = encrypt(serialize($arr));

$link = "/load_pet.php?params=$param_string";

In load_pet.php you should do the opposite:

$param_string = $_GET["params"];
$params = unserialize(decrypt($param_string));