Solved

AARRHHGG!!!!  PHP Strings not equal when equal...

Posted on 2013-05-15
8
444 Views
Last Modified: 2013-05-16
I have been pulling my hair out today.

I'm making a system that uses some encryption.  I have a 12 character string, and I encrypt it, pass it about a bit and then decrypt it.

When I look the the unencrypred and the destructed fields, they look the same, an if == fails.

Here's the result of a var_dump:

string(16) "udcKlnbI01kN"
string(12) "udcKlnbI01kN"

It looks like it's saying one string is 12 characters long and the other is 16!!!

The first one is the decrypted version, and the shorter? one is the original.


HELP!

Cris.
0
Comment
Question by:CrisThompsonUK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 6

Expert Comment

by:worm-getter
ID: 39168773
0
 
LVL 13

Assisted Solution

by:haloexpertsexchange
haloexpertsexchange earned 125 total points
ID: 39168792
you probably have some invisible characters attached to the longer string, try trimming it before you do a compare.
0
 
LVL 35

Accepted Solution

by:
gr8gonzo earned 250 total points
ID: 39169743
It sounds like you're using a 128-bit block cipher for encryption/decryption, like AES-128. Block ciphers work by dealing with data that is in specifically-sized chunks of bytes, like:

16 bytes + 16 bytes + 16 bytes, etc...

So if you have data that is shorter than the block size itself, it pads the string (usually with null bytes) until the string reaches the block size.

Use trim() on the string to remove the extra characters and then compare the trimmed strings.
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 14

Assisted Solution

by:Phil Phillips
Phil Phillips earned 125 total points
ID: 39170101
If you're going to use the decryption function in multiple places, I would even go a step further and add the trim as part of the function.  That way, you don't have to remember to always to it!

Something like:
function decrypt(...) {
  //Decrypt code puts decrypted string into $result
  return trim($result, "\0");
}

Open in new window

0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39170125
You might want to check the character encoding carefully -- is one ISO-8859-1 and the other UTF-8?  You might want to use "view source" to check the data (browsers suppress multiple blanks and EOL characters).  This little code sample might be helpful.  I know it works in a way that makes sense.

<?php // RAY_encrypt_decrypt.php
error_reporting(E_ALL);

// MAN PAGE: http://php.net/manual/en/ref.mcrypt.php

class Encryption
{
    protected $key;
    protected $eot;
    protected $ivs;
    protected $iv;

    public function __construct($key='quay', $eot='___EOT')
    {
        // SET KEY, DELIMITER, INITIALIZATION VECTOR - MUST BE KNOWN TO BOTH PARTS OF THE ALGORITHM
        $this->key = $key;
        $this->eot = $eot;
        $this->ivs = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
        $this->iv  = mcrypt_create_iv($this->ivs);
    }

    public function encrypt($text)
    {
        // APPEND END OF TEXT DELIMITER
        $text .= $this->eot;

        // ENCRYPT THE DATA
        $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // MAKE IT base64() STRING SAFE FOR STORAGE AND TRANSMISSION
        return base64_encode($data);
    }

    public function decrypt($text)
    {
        // DECODE THE DATA INTO THE BINARY ENCRYPTED STRING
        $text = base64_decode($text);

        // DECRYPT THE STRING
        $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // REMOVE END OF TEXT DELIMITER
        $data = explode($this->eot, $data);
        return $data[0];
    }
}

// INSTANTIATE THE CLASS
$c = new Encryption();

// INITIALIZE VARS FOR LATER USE IN THE HTML FORM
$encoded = '';
$decoded = '';

// IF ANYTHING WAS POSTED SHOW THE DATA
if (!empty($_POST["clearstring"]))
{
    $encoded = $c->encrypt($_POST["clearstring"]);
    echo "<br/>{$_POST["clearstring"]} YIELDS ENCODED ";
    var_dump($encoded);
}

if (!empty($_POST["cryptstring"]))
{
    $decoded = $c->decrypt($_POST["cryptstring"]);
    echo "<br/>{$_POST["cryptstring"]} YIELDS DECODED ";
    var_dump($decoded);
}

$form = <<<FORM
<form method="post">
<input name="clearstring" value="$decoded" />
<input type="submit" value="ENCRYPT" />
<br/>
<input name="cryptstring" value="$encoded" />
<input type="submit" value="DECRYPT" />
</form>
FORM;

echo $form;

Open in new window

0
 

Author Closing Comment

by:CrisThompsonUK
ID: 39170689
Thanks everyone.

Points for the answer, and the explanation.

Cris.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39171005
What was wrong and what fixed it?   Thanks, ~Ray
0
 

Author Comment

by:CrisThompsonUK
ID: 39171251
Great Gonzo and Halo got in first:

The encryption routine was padding with invisible characters, so I just needed to TRIM the results!!!

Simple.
0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question