[SOLUTION] AARRHHGG!!!! PHP Strings not equal when equal...

Course Of The Month

2 days, 18 hours left to enroll

View June's Free Course

Become a Premium Member and unlock a new, free course in leading technologies each month.

I have been pulling my hair out today.

I'm making a system that uses some encryption. I have a 12 character string, and I encrypt it, pass it about a bit and then decrypt it.

When I look the the unencrypred and the destructed fields, they look the same, an if == fails.

Here's the result of a var_dump:

string(16) "udcKlnbI01kN"
string(12) "udcKlnbI01kN"

It looks like it's saying one string is 12 characters long and the other is 16!!!

The first one is the decrypted version, and the shorter? one is the original.

HELP!

Cris.

you probably have some invisible characters attached to the longer string, try trimming it before you do a compare.

It sounds like you're using a 128-bit block cipher for encryption/decryption, like AES-128. Block ciphers work by dealing with data that is in specifically-sized chunks of bytes, like:

16 bytes + 16 bytes + 16 bytes, etc...

So if you have data that is shorter than the block size itself, it pads the string (usually with null bytes) until the string reaches the block size.

Use trim() on the string to remove the extra characters and then compare the trimmed strings.

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

If you're going to use the decryption function in multiple places, I would even go a step further and add the trim as part of the function. That way, you don't have to remember to always to it!

Something like:

function decrypt(...) {
  //Decrypt code puts decrypted string into $result
  return trim($result, "\0");
}

Open in new window

You might want to check the character encoding carefully -- is one ISO-8859-1 and the other UTF-8? You might want to use "view source" to check the data (browsers suppress multiple blanks and EOL characters). This little code sample might be helpful. I know it works in a way that makes sense.

<?php // RAY_encrypt_decrypt.php
error_reporting(E_ALL);

// MAN PAGE: http://php.net/manual/en/ref.mcrypt.php

class Encryption
{
    protected $key;
    protected $eot;
    protected $ivs;
    protected $iv;

    public function __construct($key='quay', $eot='___EOT')
    {
        // SET KEY, DELIMITER, INITIALIZATION VECTOR - MUST BE KNOWN TO BOTH PARTS OF THE ALGORITHM
        $this->key = $key;
        $this->eot = $eot;
        $this->ivs = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
        $this->iv  = mcrypt_create_iv($this->ivs);
    }

    public function encrypt($text)
    {
        // APPEND END OF TEXT DELIMITER
        $text .= $this->eot;

        // ENCRYPT THE DATA
        $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // MAKE IT base64() STRING SAFE FOR STORAGE AND TRANSMISSION
        return base64_encode($data);
    }

    public function decrypt($text)
    {
        // DECODE THE DATA INTO THE BINARY ENCRYPTED STRING
        $text = base64_decode($text);

        // DECRYPT THE STRING
        $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // REMOVE END OF TEXT DELIMITER
        $data = explode($this->eot, $data);
        return $data[0];
    }
}

// INSTANTIATE THE CLASS
$c = new Encryption();

// INITIALIZE VARS FOR LATER USE IN THE HTML FORM
$encoded = '';
$decoded = '';

// IF ANYTHING WAS POSTED SHOW THE DATA
if (!empty($_POST["clearstring"]))
{
    $encoded = $c->encrypt($_POST["clearstring"]);
    echo "<br/>{$_POST["clearstring"]} YIELDS ENCODED ";
    var_dump($encoded);
}

if (!empty($_POST["cryptstring"]))
{
    $decoded = $c->decrypt($_POST["cryptstring"]);
    echo "<br/>{$_POST["cryptstring"]} YIELDS DECODED ";
    var_dump($decoded);
}

$form = <<<FORM
<form method="post">
<input name="clearstring" value="$decoded" />
<input type="submit" value="ENCRYPT" />
<br/>
<input name="cryptstring" value="$encoded" />
<input type="submit" value="DECRYPT" />
</form>
FORM;

echo $form;

Open in new window

Thanks everyone.

Points for the answer, and the explanation.

Cris.

What was wrong and what fixed it? Thanks, ~Ray

Great Gonzo and Halo got in first:

The encryption routine was padding with invisible characters, so I just needed to TRIM the results!!!

Simple.

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

8 Comments

LVL 6

Expert Comment

by:worm-getter

ID: 391687732013-05-15

this is a good place to start:

http://www.ibm.com/developerworks/opensource/library/os-php-encrypt/

good luck.

LVL 13

Assisted Solution

by:haloexpertsexchange

haloexpertsexchange earned 125 total points

ID: 391687922013-05-15

LVL 35

Accepted Solution

by:gr8gonzo

gr8gonzo earned 250 total points

ID: 391697432013-05-15

LVL 14

by:Phil Phillips

Phil Phillips earned 125 total points

ID: 391701012013-05-15

LVL 110

by:Ray Paseur

ID: 391701252013-05-15

Author Closing Comment

by:CrisThompsonUK

ID: 391706892013-05-16

ID: 391710052013-05-16

Author Comment

ID: 391712512013-05-16

Course Of The Month

AARRHHGG!!!! PHP Strings not equal when equal...

Welcome to Experts Exchange

Featured Post

Suggested Courses

695 members asked questions and received personalized solutions in the past 7 days.

Enjoyed your answer?

Keep in touch with Experts Exchange

Live Consultants