Solved

AARRHHGG!!!!  PHP Strings not equal when equal...

Posted on 2013-05-15
8
429 Views
Last Modified: 2013-05-16
I have been pulling my hair out today.

I'm making a system that uses some encryption.  I have a 12 character string, and I encrypt it, pass it about a bit and then decrypt it.

When I look the the unencrypred and the destructed fields, they look the same, an if == fails.

Here's the result of a var_dump:

string(16) "udcKlnbI01kN"
string(12) "udcKlnbI01kN"

It looks like it's saying one string is 12 characters long and the other is 16!!!

The first one is the decrypted version, and the shorter? one is the original.


HELP!

Cris.
0
Comment
Question by:CrisThompsonUK
8 Comments
 
LVL 6

Expert Comment

by:worm-getter
ID: 39168773
0
 
LVL 13

Assisted Solution

by:haloexpertsexchange
haloexpertsexchange earned 125 total points
ID: 39168792
you probably have some invisible characters attached to the longer string, try trimming it before you do a compare.
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 250 total points
ID: 39169743
It sounds like you're using a 128-bit block cipher for encryption/decryption, like AES-128. Block ciphers work by dealing with data that is in specifically-sized chunks of bytes, like:

16 bytes + 16 bytes + 16 bytes, etc...

So if you have data that is shorter than the block size itself, it pads the string (usually with null bytes) until the string reaches the block size.

Use trim() on the string to remove the extra characters and then compare the trimmed strings.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 13

Assisted Solution

by:Phil Phillips
Phil Phillips earned 125 total points
ID: 39170101
If you're going to use the decryption function in multiple places, I would even go a step further and add the trim as part of the function.  That way, you don't have to remember to always to it!

Something like:
function decrypt(...) {
  //Decrypt code puts decrypted string into $result
  return trim($result, "\0");
}

Open in new window

0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39170125
You might want to check the character encoding carefully -- is one ISO-8859-1 and the other UTF-8?  You might want to use "view source" to check the data (browsers suppress multiple blanks and EOL characters).  This little code sample might be helpful.  I know it works in a way that makes sense.

<?php // RAY_encrypt_decrypt.php
error_reporting(E_ALL);

// MAN PAGE: http://php.net/manual/en/ref.mcrypt.php

class Encryption
{
    protected $key;
    protected $eot;
    protected $ivs;
    protected $iv;

    public function __construct($key='quay', $eot='___EOT')
    {
        // SET KEY, DELIMITER, INITIALIZATION VECTOR - MUST BE KNOWN TO BOTH PARTS OF THE ALGORITHM
        $this->key = $key;
        $this->eot = $eot;
        $this->ivs = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB);
        $this->iv  = mcrypt_create_iv($this->ivs);
    }

    public function encrypt($text)
    {
        // APPEND END OF TEXT DELIMITER
        $text .= $this->eot;

        // ENCRYPT THE DATA
        $data = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // MAKE IT base64() STRING SAFE FOR STORAGE AND TRANSMISSION
        return base64_encode($data);
    }

    public function decrypt($text)
    {
        // DECODE THE DATA INTO THE BINARY ENCRYPTED STRING
        $text = base64_decode($text);

        // DECRYPT THE STRING
        $data = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $this->key, $text, MCRYPT_MODE_ECB, $this->iv);

        // REMOVE END OF TEXT DELIMITER
        $data = explode($this->eot, $data);
        return $data[0];
    }
}

// INSTANTIATE THE CLASS
$c = new Encryption();

// INITIALIZE VARS FOR LATER USE IN THE HTML FORM
$encoded = '';
$decoded = '';

// IF ANYTHING WAS POSTED SHOW THE DATA
if (!empty($_POST["clearstring"]))
{
    $encoded = $c->encrypt($_POST["clearstring"]);
    echo "<br/>{$_POST["clearstring"]} YIELDS ENCODED ";
    var_dump($encoded);
}

if (!empty($_POST["cryptstring"]))
{
    $decoded = $c->decrypt($_POST["cryptstring"]);
    echo "<br/>{$_POST["cryptstring"]} YIELDS DECODED ";
    var_dump($decoded);
}

$form = <<<FORM
<form method="post">
<input name="clearstring" value="$decoded" />
<input type="submit" value="ENCRYPT" />
<br/>
<input name="cryptstring" value="$encoded" />
<input type="submit" value="DECRYPT" />
</form>
FORM;

echo $form;

Open in new window

0
 

Author Closing Comment

by:CrisThompsonUK
ID: 39170689
Thanks everyone.

Points for the answer, and the explanation.

Cris.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39171005
What was wrong and what fixed it?   Thanks, ~Ray
0
 

Author Comment

by:CrisThompsonUK
ID: 39171251
Great Gonzo and Halo got in first:

The encryption routine was padding with invisible characters, so I just needed to TRIM the results!!!

Simple.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question