[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

What am I doing wrong with these hash marks?

Posted on 2012-04-04
12
Medium Priority
?
242 Views
Last Modified: 2012-04-20
When I use this:

$voter_email="bruce@brucegust.com";
$key = "qP9wXOx+Dk0iVCmUQDEkLCf5";
$str= $voter_email.''.$key;
$digest = sha1($str, true);
$the_digest =  base64_encode($digest);
$road_digest=htmlentities($the_digest);

The subsequent string is Cd7cT2coaEI1R++ddSx/XX4sBHs=

Problem is, when I embed that into a URL, and grab it using a "GET," I lose the "++".

What am I doing wrong?

In other words, the URL will look like http://www.myserver.php?chk=Cd7cT2coaEI1R++ddSx/XX4sBHs=


But when I go to grab it using a $_GET['chk'], it gives me Cd7cT2coaEI1RddSx/XX4sBHs=


What am I doing wrong?
0
Comment
Question by:brucegust
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 17

Assisted Solution

by:sonawanekiran
sonawanekiran earned 500 total points
ID: 37809515
Use php functions urlencode and urldecode functions

http://php.net/manual/en/function.urlencode.php
0
 

Author Comment

by:brucegust
ID: 37809524
I'm trying to figure it out, but I'm coming up short. How do I use what it is you're suggesting?

I just tried the urlencode and wound up with a big mess.
0
 
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 500 total points
ID: 37809625
That should have worked.  Show us your 'big mess'.  As shown in the PHP docs, you only encode the query string, not the entire URL.  The '+' signs should have been replaced with '%2B'.  More info here: http://en.wikipedia.org/wiki/Percent-encoding
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 1000 total points
ID: 37809719
Plus signs in a URL should be decoded into blanks in the $_GET array element.  But that aside, it looks like your $key variable contains plus signs.  Double encoding has munged the data, perhaps?

I believe that base64_encode() may be all the encoding you need for binary-safe transport.  The additional call to htmlentities() may be superfluous.

See if this code snippet provides any useful ideas for your transport of encrypted data.
<?php // RAY_encrypt_decrypt.php
error_reporting(E_ALL);

// MAN PAGE: http://us.php.net/manual/en/ref.mcrypt.php

class Encryption
{
    protected $key;
    protected $eot;
    protected $ivs;
    protected $iv;

    public function __construct($key='quay', $eot='___EOT')
    {
        // SET KEY, DELIMITER, INITIALIZATION VECTOR - MUST BE KNOWN TO BOTH PARTS OF THE ALGORITHM
        $this->key = $key;
        $this->eot = $eot;
        $this->ivs = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
        $this->iv  = mcrypt_create_iv($this->ivs);
    }

    public function encrypt($text)
    {
        // APPEND END OF TEXT DELIMITER
        $text .= $this->eot;

        // ENCRYPT THE DATA
        $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // MAKE IT base64() STRING SAFE FOR STORAGE AND TRANSMISSION
        return base64_encode($data);
    }

    public function decrypt($text)
    {
        // DECODE THE DATA INTO THE BINARY ENCRYPTED STRING
        $text = base64_decode($text);

        // DECRYPT THE STRING
        $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // REMOVE END OF TEXT DELIMITER
        $data = explode($this->eot, $data);
        return $data[0];
    }
}

// INSTANTIATE THE CLASS
$c = new Encryption();

// INITIALIZE VARS FOR LATER USE IN THE HTML FORM
$encoded = '';
$decoded = '';

// IF ANYTHING WAS POSTED SHOW THE DATA
if (!empty($_POST["clearstring"]))
{
    $encoded = $c->encrypt($_POST["clearstring"]);
    echo "<br/>{$_POST["clearstring"]} YIELDS ENCODED ";
    var_dump($encoded);
}

if (!empty($_POST["cryptstring"]))
{
    $decoded = $c->decrypt($_POST["cryptstring"]);
    echo "<br/>{$_POST["cryptstring"]} YIELDS DECODED ";
    var_dump($decoded);
}

$form = <<<FORM
<form method="post">
<input name="clearstring" value="$decoded" />
<input type="submit" value="ENCRYPT" />
<br/>
<input name="cryptstring" value="$encoded" />
<input type="submit" value="DECRYPT" />
</form>
FORM;

echo $form;

Open in new window

HTH, ~Ray
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 37809798
base64_encode() won't be adequate because it includes the '+' and '/' characters which must be URLencoded.  http://en.wikipedia.org/wiki/Base64  And 'htmlentities()' could possibly put '&' in the query string which are supposed to designate the start of a name/value pair so you don't really want that.

I was wondering why you don't just take the hex output of sha() because it is perfectly safe consisting of 0-9 and a-f and doesn't need anymore encoding.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 37809828
I do not find any problem with using base64_encode() to create a URL string.  Please see:
http://www.laprbass.com/RAY_encrypt_decrypt_GET.php?clearstring=&cryptstring=XEnjL5CT6s%2BYgJgtiFsHqPg6wFS6JQ9gQT94nGoqfic%3D

This is just the same encrypt/decrypt script posted above, but with the POST method changed to the GET method so that the data is passed in the URL.  I tried a few different strings and did not encounter any character encoding issues.  The data seems to survive the round trip unscathed.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 37812685
But the string is URLencoded, Ray, that was the point.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 37812739
Dave: Yes, I think the browser or the server or something else handled the encoding for me.  It's not part of my script; that's 100% of the instructions in the earlier code snippet.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 37812824
Normally, an HTML form submission in the browser will do that for you.  But that means it can still be part of the problem if the author is constructing his own query string for something like curl() or another PHP function that accesses a file by HTTP.
0
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 1000 total points
ID: 37812882
Yes, I think that makes sense.  If it goes into the URL, it should be URLencoded().  But I don't think htmlentities() would be in play here.  Maybe when echoing output to the client browser...
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 37812974
You're right, htmlentities()  could cause problems if it added a '&' to the query string because that is a separator for name/value pairs.
0
 

Author Closing Comment

by:brucegust
ID: 37871773
Thanks, guys!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These days socially coordinated efforts have turned into a critical requirement for enterprises.
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question