Solved

AARRHHGG!!!!  PHP Strings not equal when equal...

Posted on 2013-05-15
8
423 Views
Last Modified: 2013-05-16
I have been pulling my hair out today.

I'm making a system that uses some encryption.  I have a 12 character string, and I encrypt it, pass it about a bit and then decrypt it.

When I look the the unencrypred and the destructed fields, they look the same, an if == fails.

Here's the result of a var_dump:

string(16) "udcKlnbI01kN"
string(12) "udcKlnbI01kN"

It looks like it's saying one string is 12 characters long and the other is 16!!!

The first one is the decrypted version, and the shorter? one is the original.


HELP!

Cris.
0
Comment
Question by:CrisThompsonUK
8 Comments
 
LVL 6

Expert Comment

by:worm-getter
ID: 39168773
0
 
LVL 13

Assisted Solution

by:haloexpertsexchange
haloexpertsexchange earned 125 total points
ID: 39168792
you probably have some invisible characters attached to the longer string, try trimming it before you do a compare.
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 250 total points
ID: 39169743
It sounds like you're using a 128-bit block cipher for encryption/decryption, like AES-128. Block ciphers work by dealing with data that is in specifically-sized chunks of bytes, like:

16 bytes + 16 bytes + 16 bytes, etc...

So if you have data that is shorter than the block size itself, it pads the string (usually with null bytes) until the string reaches the block size.

Use trim() on the string to remove the extra characters and then compare the trimmed strings.
0
 
LVL 12

Assisted Solution

by:Phil Phillips
Phil Phillips earned 125 total points
ID: 39170101
If you're going to use the decryption function in multiple places, I would even go a step further and add the trim as part of the function.  That way, you don't have to remember to always to it!

Something like:
function decrypt(...) {
  //Decrypt code puts decrypted string into $result
  return trim($result, "\0");
}

Open in new window

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39170125
You might want to check the character encoding carefully -- is one ISO-8859-1 and the other UTF-8?  You might want to use "view source" to check the data (browsers suppress multiple blanks and EOL characters).  This little code sample might be helpful.  I know it works in a way that makes sense.

<?php // RAY_encrypt_decrypt.php
error_reporting(E_ALL);

// MAN PAGE: http://php.net/manual/en/ref.mcrypt.php

class Encryption
{
    protected $key;
    protected $eot;
    protected $ivs;
    protected $iv;

    public function __construct($key='quay', $eot='___EOT')
    {
        // SET KEY, DELIMITER, INITIALIZATION VECTOR - MUST BE KNOWN TO BOTH PARTS OF THE ALGORITHM
        $this->key = $key;
        $this->eot = $eot;
        $this->ivs = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
        $this->iv  = mcrypt_create_iv($this->ivs);
    }

    public function encrypt($text)
    {
        // APPEND END OF TEXT DELIMITER
        $text .= $this->eot;

        // ENCRYPT THE DATA
        $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // MAKE IT base64() STRING SAFE FOR STORAGE AND TRANSMISSION
        return base64_encode($data);
    }

    public function decrypt($text)
    {
        // DECODE THE DATA INTO THE BINARY ENCRYPTED STRING
        $text = base64_decode($text);

        // DECRYPT THE STRING
        $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // REMOVE END OF TEXT DELIMITER
        $data = explode($this->eot, $data);
        return $data[0];
    }
}

// INSTANTIATE THE CLASS
$c = new Encryption();

// INITIALIZE VARS FOR LATER USE IN THE HTML FORM
$encoded = '';
$decoded = '';

// IF ANYTHING WAS POSTED SHOW THE DATA
if (!empty($_POST["clearstring"]))
{
    $encoded = $c->encrypt($_POST["clearstring"]);
    echo "<br/>{$_POST["clearstring"]} YIELDS ENCODED ";
    var_dump($encoded);
}

if (!empty($_POST["cryptstring"]))
{
    $decoded = $c->decrypt($_POST["cryptstring"]);
    echo "<br/>{$_POST["cryptstring"]} YIELDS DECODED ";
    var_dump($decoded);
}

$form = <<<FORM
<form method="post">
<input name="clearstring" value="$decoded" />
<input type="submit" value="ENCRYPT" />
<br/>
<input name="cryptstring" value="$encoded" />
<input type="submit" value="DECRYPT" />
</form>
FORM;

echo $form;

Open in new window

0
 

Author Closing Comment

by:CrisThompsonUK
ID: 39170689
Thanks everyone.

Points for the answer, and the explanation.

Cris.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39171005
What was wrong and what fixed it?   Thanks, ~Ray
0
 

Author Comment

by:CrisThompsonUK
ID: 39171251
Great Gonzo and Halo got in first:

The encryption routine was padding with invisible characters, so I just needed to TRIM the results!!!

Simple.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
This article discusses how to create an extensible mechanism for linked drop downs.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now