tags:

views:

80

answers:

3
+1  Q: 

Creating a global variable on the fly. [PHP ENCRYPTION]

Is there a way to dynamically create constant variables on the fly?

The idea is that upon logging into the system, a user would be asked to upload a small text file that would be fread, and assigned to a var that would be accessible throughout the system.

If this is possible, just to be clear, would this variable then only be accessible to that user and only while the session is alive?

Security being the main concern here, would it be more practical to store the var in a session variable?

The plan:

Data in the db will be encrypted via mcrypt, and the key will be stored on USB thumbdrives. The user will insert the thumbdrive when going to access the system. Upon logging in, the app will prompt the user to upload the key. They will navigate to the thumbdrive and key. Via fopen and fread, the key will be assigned to a global var which will then allow access to encrypted data, and will be used to encrypt new info being entered to the db. When the user logs out, or session times out, the global var will become empty.

Thanks!

NB: the var would need to be persistent and accessible through many pages and cookies are out.

+2  A: 

The best solution for you would probably be to store it in the Session variable, this seems to me to be the best way to manage this kind of data, though it might depend on how big the file is.

luke  2010-05-09 02:03:01
I guess my problem with session vars is cookies. I'd prefer it if the only time the key is accessible to the system is when there is a live session.
stormdrain  2010-05-09 02:24:47
You don't need to use cookies for sessions. You can also embed the session ID into your URLs. This makes sure that the session is lost as soon as the user navigates away.
wump  2010-05-09 02:38:15
A:  
<?php

function first() {
 global $foo;
 $foo = 'bar';    
}

function second() {
global $foo;
echo $foo;
}

first();
second();

?>

Just put the global keyword in and you can stick anything you like in global scope. Although as luke said, it sounds like you should use the automatic session variable. http://www.php.net/manual/en/reserved.variables.session.php

hippiejake  2010-05-09 02:06:04
Makes sense. Would the global be persistent, though? i.e. after the user navigates away from the page where the upload/fopen/fread takes place would the var still be accessible?
stormdrain  2010-05-09 02:23:06
A: 

I've decided that the following solution will work:

When a user logs onto the system they will be prompted to upload their key. The upload script will assign a unique and random filename and place the file into a temporary directory.

The path to the file will be set into a session variable. When needed, the path will be called from the session var, and file_get_contents() will be used to retrieve the key.

When the session is ended or times out, the session variable will be deleted and the file itself will be removed via unlink().

Thanks!

stormdrain  2010-05-09 17:05:10

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases