Giters

krowinski / tinyID

Shorten and obfuscate IDs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

idobfuscateshortididsphpdatabase-idsencodinghashcomposer-packagestinyid

Shorten and obfuscate IDs

PHP Tests Latest Stable Version Total Downloads License Scrutinizer Code Quality Code Coverage

SYNOPSIS

    use TinyID\TinyID;
    
    include __DIR__ . '/../vendor/autoload.php';
    
    // dictionary must consist of at least two UNIQUE unicode characters.
    $tinyId = new TinyID('2BjLhRduC6Tb8Q5cEk9oxnFaWUDpOlGAgwYzNre7tI4yqPvXm0KSV1fJs3ZiHM');
    
    var_dump($tinyId->encode('48888851145')); // will print 1FN7Ab
    var_dump($tinyId->decode('1FN7Ab')); // will print '48888851145'

DESCRIPTION

Using real IDs in various places - such as GET links or API payload - is generally a bad idea:

  • It may reveal some sensitive information about your business, such as growth rate or amount of customers.
  • If someone finds unprotected resource link, where you forgot to check if passed resource ID really belongs to currently logged-in user, he will be able to steal all of your data really fast just by incrementing ID in links.
  • Big numbers may cause overflows in places where length is limited, such as SMS messages.

With the help of this module you can shorten and obfuscate your IDs at the same time.

METHODS

new TidyID('qwerty')

Key must consist of at least two unique unicode characters.

The longer the dictionary - the shorter encoded ID.

Encoded ID will be made exclusively out of characters from the key. This very useful property allows to adapt your encoding to the environment. For example in SMS messages you may restrict key to US ASCII to avoid available length reduction caused by conversion to GSM 03.38 charset. Or if you want to use such ID as file/directory name in case-insensitive filesystem you may want to use only lowercase letters in the key.

encode('123')

Encode positive integer into a string.

Note that leading 0s are not preserved, encode('123') is the same as encode('00123').

Used algorithm is a base to the length of the key conversion that maps to distinct permutation of characters. Do not consider it a strong encryption, but if you have secret and long and well shuffled key it is almost impossible to reverse-engineer real ID.

decode('rer')

Decode string back into a positive integer.

TRICKS

If you provide sequential characters in key you can convert your numbers to some weird numeric systems, for example base18:

    var_dump((new TinyID('0123456789ABCDEFGH'))->encode('48888851145')); // '47F709HFF'

Or you can go wild just for the fun of it.

    var_dump((new TinyID('๐Ÿ˜€๐Ÿ˜๐Ÿ˜‚๐Ÿ˜ƒ๐Ÿ˜„๐Ÿ˜…๐Ÿ˜†๐Ÿ˜‡๐Ÿ˜ˆ๐Ÿ˜‰๐Ÿ˜Š๐Ÿ˜‹๐Ÿ˜Œ๐Ÿ˜๐Ÿ˜Ž๐Ÿ˜๐Ÿ˜๐Ÿ˜‘๐Ÿ˜’๐Ÿ˜“๐Ÿ˜”๐Ÿ˜•๐Ÿ˜–๐Ÿ˜—๐Ÿ˜˜๐Ÿ˜™๐Ÿ˜š๐Ÿ˜›๐Ÿ˜œ๐Ÿ˜๐Ÿ˜ž๐Ÿ˜Ÿ๐Ÿ˜ ๐Ÿ˜ก๐Ÿ˜ข๐Ÿ˜ฃ๐Ÿ˜ค๐Ÿ˜ฅ๐Ÿ˜ฆ๐Ÿ˜ง๐Ÿ˜จ๐Ÿ˜ฉ๐Ÿ˜ช๐Ÿ˜ซ๐Ÿ˜ฌ๐Ÿ˜ญ๐Ÿ˜ฎ๐Ÿ˜ฏ๐Ÿ˜ฐ๐Ÿ˜ฑ๐Ÿ˜ฒ๐Ÿ˜ณ๐Ÿ˜ด๐Ÿ˜ต๐Ÿ˜ถ๐Ÿ˜ท๐Ÿ˜ธ๐Ÿ˜น๐Ÿ˜บ๐Ÿ˜ป๐Ÿ˜ผ๐Ÿ˜ฝ๐Ÿ˜พ๐Ÿ˜ฟ'))->encode(48888851145)); // '๐Ÿ˜ญ๐Ÿ˜ข๐Ÿ˜€๐Ÿ˜Š๐Ÿ˜ซ๐Ÿ˜‰'

COMPATIBLE COUNTERPARTS

Examples are in example dir.

About

Shorten and obfuscate IDs

idobfuscateshortididsphpdatabase-idsencodinghashcomposer-packagestinyid

License:MIT License

Languages

Language:PHP 100.0%