AARRHHGG!!!! PHP Strings not equal when equal...

I have been pulling my hair out today.

I'm making a system that uses some encryption.  I have a 12 character string, and I encrypt it, pass it about a bit and then decrypt it.

When I look the the unencrypred and the destructed fields, they look the same, an if == fails.

Here's the result of a var_dump:

string(16) "udcKlnbI01kN"
string(12) "udcKlnbI01kN"

It looks like it's saying one string is 12 characters long and the other is 16!!!

The first one is the decrypted version, and the shorter? one is the original.


HELP!

Cris.
CrisThompsonUKAsked:
Who is Participating?
 
gr8gonzoConsultantCommented:
It sounds like you're using a 128-bit block cipher for encryption/decryption, like AES-128. Block ciphers work by dealing with data that is in specifically-sized chunks of bytes, like:

16 bytes + 16 bytes + 16 bytes, etc...

So if you have data that is shorter than the block size itself, it pads the string (usually with null bytes) until the string reaches the block size.

Use trim() on the string to remove the extra characters and then compare the trimmed strings.
0
 
worm-getterCommented:
0
 
haloexpertsexchangeCommented:
you probably have some invisible characters attached to the longer string, try trimming it before you do a compare.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Access It Now
 
Phil PhillipsDirector of DevOps & Quality AssuranceCommented:
If you're going to use the decryption function in multiple places, I would even go a step further and add the trim as part of the function.  That way, you don't have to remember to always to it!

Something like:
function decrypt(...) {
  //Decrypt code puts decrypted string into $result
  return trim($result, "\0");
}

Open in new window

0
 
Ray PaseurCommented:
You might want to check the character encoding carefully -- is one ISO-8859-1 and the other UTF-8?  You might want to use "view source" to check the data (browsers suppress multiple blanks and EOL characters).  This little code sample might be helpful.  I know it works in a way that makes sense.

<?php // RAY_encrypt_decrypt.php
error_reporting(E_ALL);

// MAN PAGE: http://php.net/manual/en/ref.mcrypt.php

class Encryption
{
    protected $key;
    protected $eot;
    protected $ivs;
    protected $iv;

    public function __construct($key='quay', $eot='___EOT')
    {
        // SET KEY, DELIMITER, INITIALIZATION VECTOR - MUST BE KNOWN TO BOTH PARTS OF THE ALGORITHM
        $this->key = $key;
        $this->eot = $eot;
        $this->ivs = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
        $this->iv  = mcrypt_create_iv($this->ivs);
    }

    public function encrypt($text)
    {
        // APPEND END OF TEXT DELIMITER
        $text .= $this->eot;

        // ENCRYPT THE DATA
        $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // MAKE IT base64() STRING SAFE FOR STORAGE AND TRANSMISSION
        return base64_encode($data);
    }

    public function decrypt($text)
    {
        // DECODE THE DATA INTO THE BINARY ENCRYPTED STRING
        $text = base64_decode($text);

        // DECRYPT THE STRING
        $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // REMOVE END OF TEXT DELIMITER
        $data = explode($this->eot, $data);
        return $data[0];
    }
}

// INSTANTIATE THE CLASS
$c = new Encryption();

// INITIALIZE VARS FOR LATER USE IN THE HTML FORM
$encoded = '';
$decoded = '';

// IF ANYTHING WAS POSTED SHOW THE DATA
if (!empty($_POST["clearstring"]))
{
    $encoded = $c->encrypt($_POST["clearstring"]);
    echo "<br/>{$_POST["clearstring"]} YIELDS ENCODED ";
    var_dump($encoded);
}

if (!empty($_POST["cryptstring"]))
{
    $decoded = $c->decrypt($_POST["cryptstring"]);
    echo "<br/>{$_POST["cryptstring"]} YIELDS DECODED ";
    var_dump($decoded);
}

$form = <<<FORM
<form method="post">
<input name="clearstring" value="$decoded" />
<input type="submit" value="ENCRYPT" />
<br/>
<input name="cryptstring" value="$encoded" />
<input type="submit" value="DECRYPT" />
</form>
FORM;

echo $form;

Open in new window

0
 
CrisThompsonUKAuthor Commented:
Thanks everyone.

Points for the answer, and the explanation.

Cris.
0
 
Ray PaseurCommented:
What was wrong and what fixed it?   Thanks, ~Ray
0
 
CrisThompsonUKAuthor Commented:
Great Gonzo and Halo got in first:

The encryption routine was padding with invisible characters, so I just needed to TRIM the results!!!

Simple.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.

Advertise Here