Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

What am I doing wrong with these hash marks?

Posted on 2012-04-04
12
235 Views
Last Modified: 2012-04-20
When I use this:

$voter_email="bruce@brucegust.com";
$key = "qP9wXOx+Dk0iVCmUQDEkLCf5";
$str= $voter_email.''.$key;
$digest = sha1($str, true);
$the_digest =  base64_encode($digest);
$road_digest=htmlentities($the_digest);

The subsequent string is Cd7cT2coaEI1R++ddSx/XX4sBHs=

Problem is, when I embed that into a URL, and grab it using a "GET," I lose the "++".

What am I doing wrong?

In other words, the URL will look like http://www.myserver.php?chk=Cd7cT2coaEI1R++ddSx/XX4sBHs=


But when I go to grab it using a $_GET['chk'], it gives me Cd7cT2coaEI1RddSx/XX4sBHs=


What am I doing wrong?
0
Comment
Question by:brucegust
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 17

Assisted Solution

by:sonawanekiran
sonawanekiran earned 125 total points
ID: 37809515
Use php functions urlencode and urldecode functions

http://php.net/manual/en/function.urlencode.php
0
 

Author Comment

by:brucegust
ID: 37809524
I'm trying to figure it out, but I'm coming up short. How do I use what it is you're suggesting?

I just tried the urlencode and wound up with a big mess.
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 125 total points
ID: 37809625
That should have worked.  Show us your 'big mess'.  As shown in the PHP docs, you only encode the query string, not the entire URL.  The '+' signs should have been replaced with '%2B'.  More info here: http://en.wikipedia.org/wiki/Percent-encoding
0
Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
ID: 37809719
Plus signs in a URL should be decoded into blanks in the $_GET array element.  But that aside, it looks like your $key variable contains plus signs.  Double encoding has munged the data, perhaps?

I believe that base64_encode() may be all the encoding you need for binary-safe transport.  The additional call to htmlentities() may be superfluous.

See if this code snippet provides any useful ideas for your transport of encrypted data.
<?php // RAY_encrypt_decrypt.php
error_reporting(E_ALL);

// MAN PAGE: http://us.php.net/manual/en/ref.mcrypt.php

class Encryption
{
    protected $key;
    protected $eot;
    protected $ivs;
    protected $iv;

    public function __construct($key='quay', $eot='___EOT')
    {
        // SET KEY, DELIMITER, INITIALIZATION VECTOR - MUST BE KNOWN TO BOTH PARTS OF THE ALGORITHM
        $this->key = $key;
        $this->eot = $eot;
        $this->ivs = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
        $this->iv  = mcrypt_create_iv($this->ivs);
    }

    public function encrypt($text)
    {
        // APPEND END OF TEXT DELIMITER
        $text .= $this->eot;

        // ENCRYPT THE DATA
        $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // MAKE IT base64() STRING SAFE FOR STORAGE AND TRANSMISSION
        return base64_encode($data);
    }

    public function decrypt($text)
    {
        // DECODE THE DATA INTO THE BINARY ENCRYPTED STRING
        $text = base64_decode($text);

        // DECRYPT THE STRING
        $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // REMOVE END OF TEXT DELIMITER
        $data = explode($this->eot, $data);
        return $data[0];
    }
}

// INSTANTIATE THE CLASS
$c = new Encryption();

// INITIALIZE VARS FOR LATER USE IN THE HTML FORM
$encoded = '';
$decoded = '';

// IF ANYTHING WAS POSTED SHOW THE DATA
if (!empty($_POST["clearstring"]))
{
    $encoded = $c->encrypt($_POST["clearstring"]);
    echo "<br/>{$_POST["clearstring"]} YIELDS ENCODED ";
    var_dump($encoded);
}

if (!empty($_POST["cryptstring"]))
{
    $decoded = $c->decrypt($_POST["cryptstring"]);
    echo "<br/>{$_POST["cryptstring"]} YIELDS DECODED ";
    var_dump($decoded);
}

$form = <<<FORM
<form method="post">
<input name="clearstring" value="$decoded" />
<input type="submit" value="ENCRYPT" />
<br/>
<input name="cryptstring" value="$encoded" />
<input type="submit" value="DECRYPT" />
</form>
FORM;

echo $form;

Open in new window

HTH, ~Ray
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 37809798
base64_encode() won't be adequate because it includes the '+' and '/' characters which must be URLencoded.  http://en.wikipedia.org/wiki/Base64  And 'htmlentities()' could possibly put '&' in the query string which are supposed to designate the start of a name/value pair so you don't really want that.

I was wondering why you don't just take the hex output of sha() because it is perfectly safe consisting of 0-9 and a-f and doesn't need anymore encoding.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 37809828
I do not find any problem with using base64_encode() to create a URL string.  Please see:
http://www.laprbass.com/RAY_encrypt_decrypt_GET.php?clearstring=&cryptstring=XEnjL5CT6s%2BYgJgtiFsHqPg6wFS6JQ9gQT94nGoqfic%3D

This is just the same encrypt/decrypt script posted above, but with the POST method changed to the GET method so that the data is passed in the URL.  I tried a few different strings and did not encounter any character encoding issues.  The data seems to survive the round trip unscathed.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 37812685
But the string is URLencoded, Ray, that was the point.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 37812739
Dave: Yes, I think the browser or the server or something else handled the encoding for me.  It's not part of my script; that's 100% of the instructions in the earlier code snippet.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 37812824
Normally, an HTML form submission in the browser will do that for you.  But that means it can still be part of the problem if the author is constructing his own query string for something like curl() or another PHP function that accesses a file by HTTP.
0
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 37812882
Yes, I think that makes sense.  If it goes into the URL, it should be URLencoded().  But I don't think htmlentities() would be in play here.  Maybe when echoing output to the client browser...
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 37812974
You're right, htmlentities()  could cause problems if it added a '&' to the query string because that is a separator for name/value pairs.
0
 

Author Closing Comment

by:brucegust
ID: 37871773
Thanks, guys!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question