[code language=php]
// my_encode( )
$secret = ‘11111’;
function my_encode($data) {
$data = serialize($data);
$hash = md5($GLOBALS[‘secret’] . $data);
return array($data, $hash);
}
// my_decode( )
function my_decode($data, $hash) {
if (!empty($data) && !empty($hash)) {
if (md5($GLOBALS[‘secret’] . $data) == $hash) {
return unserialize($data);
} else {
error_log(“Validation Error: Data has been modified”);
return false;
}
}
return false;
}
TEST: $secret = ‘11111’;
// Load in and validate old dataif (! $data = my_decode($_GET[‘data’], $_GET[‘hash’])) {// crack attempt}// Process form (new form data is in $_GET)// Update $data$data[‘username’] = $_GET[‘username’];$data[‘stage’]++;unset($data[‘password’]);// Encode resultslist ($data, $hash) = pc_encode($data);// Store data and hash inside the form?> ” method=”get”>
…
value=””>
value=””>
[/code]