Shinzan

$_SERVER['QUERY_STRING'], I will go straight to that to get my unaltered parametter thank you!

For instance (And I have about 15 uses for this code) Lets assume the VBA app wants to launch a userpage with a user already logged in, we encrypt the data: UserID:4,BogusData then explode it out later get the userid and auto login the user If the url is Http://myweapp.com/index.php?param=UserID:4,BogusData Thats pretty useless since a user could just change it to 5 refresh and bob's your uncle hes logged in as the wrong user: I could go on and on with examples of how I can use this to let an offline client communicate with my server app but hopefully this is enough. this is just 1 example of the reason it needs encrypted from human eyes more importantly than simple SSL encrypting it in transit

for instance https://MyWebApp.com/indexp.php&?param="HeyYouWerentSupposedToBeAbleToReadThis" needs to be https://MyWebApp.com/indexp.php&?param="Wfwdsdfakldsjf;kljasdlkjf;fweqjfeiowuprqiouewioqoireuwpwerieowjkflasfs" Its not just about encryption its about obfuscation of the parameter in the url from human eyes and modification ssl wont do anything for a user changing the value and refreshing the browser

I need the parameter to be encrypted from human eyes not just site to site on the wepage URL itsself.

I have ssl Thats not the issue, can you help me with the issue?

Is there a cleaner way, it works now and thats important, but I hate stupid hacks like this!

ok I finally figured it out but this is stupid. So the urlencoded results are automatically urldecoded by the server. Fine. no problem but to get back the results i need I have to do this: (So confirmed encryption algs work fine its an encoding issue and this solves it.... BUT WHY ! $parameter = ff_getParam('ff_param_hash',''); //get the parameter but it will be urldecoded by default as this function wraps get $ProperResults = base64_decode(rawurldecode(urlencode($sqlpackage))); However even this isn't quite right, it returns the fully decrypted, fully unencoded string with the last character missing!!! ARGHH! So I fudge it by padding the whole string with a few extra spaces so it will drop those vs real data on the VB side VBA CODE: strPackage = strPackage & " " 'padding so no chars are stripped off on php side I added this once i realized the ProperResults was cutting off the last character!! strPackage = php_EncryptValue(strPackage, "secretkey") strPackage = base64_encode(strPackage) strPackage = URLEncode(strPackage) )

Further more i think the encoding is causing the parameter string to be broken into to multiple pieces for instance: Parameter=HQcSBwYdYQsaHQ5iMDseNjs8Myw1JCQsIGlpFjs8Myw1JCQsIAAFa3QfAA4BDBJifGlwc2NgehcEDQAWEWklMAs9LjcmJyAvMSc1YgcMFWJ0DDcnOj0PIzksYX90bnNyZXphFgxpEDc1JSgkPSwzZXhpDCc5KyQwJyEoMgYsMDc9OyQmdHRhZRIIDRERbm1iGCYiIyAgLix0dGFlBCgyIzAsLyN4aRUac2VhBjU9JBEgKDM2dHRhZWZ5cHF5fGxzZG5tYhAoNScRJyViaWlmcGR4cm9hZHByc2VhATsmMyY9JyA2OzsPIzksYX90bhUadAgSDXNlYQ8xJC5iaWlmZXhpNy8LIDUnOSAlYnR0YWVzZWE0ORYxIy0kJCwgICViaWlmZXhpDCMmImF%2FdG4HAxgaBGV4aRcjOCAlIyAsEDc1JSgkPSwzYmlpZgQVBRIHc2VhATslLSc3PRUnNSQILDImYX90bgcDGBoEZXhpESo7PS4QMTg0KyYsJWJpaWYEFQUSB3NlYRQxJzQnGigsJ3R0YWUVJyUnJjphBS0kYRE1J2EINSooLCAmYQE7JS0nMyxmbnQfJCwhLAAmMDskMSd4YX90bnlyYnlhESQsLyExO2EKIzBmbnQfJCwhLAAmMDskMSd7YX90bmZudB8kLCEsAisgMGF%2FdG4RIycoJSc6KGZudB8kLCEsGyskKi4mMWl8YnN%2BeXBlcWZudAUgNjEvJCd0dGFlc2VhDz06MicwGDQjOCAnKzE7BycxaXxic25tYhgoNScSLCQRICgzNidpfGJzZGxibnNmbnQINDY8ByQ2GCYmKzoABWJpaWZleGkANyAhDycgCBELHyw4YmlpZmV4aRcjOCAlIyAsADEnJiIrNT0oLToEJC82LDMxPCAxYmlpZgQVBRIHc2VhFDUlKCY1PSQDJzouIT0oNSs7JwwnOSskMCchKDIYKCMnOGl8YnNubWIaJi8PMSQjJyYPJCd0dGFlc2VhFwcICiMmKDUnBygvISAgLiwxLWF%2FdG4HAxgaBGV4aWEWPSoqJyA6ADQ1IC0jNiUkDTolKCwxaXxicw8ADgcMZm50aTYjPT8kMCAsOTZ0aXxic2dvZXRpFgoRGwRiACY0MDooLCc6PQgGdHRhc2V%2B But when i echo the red parameter it returns: HQcSBwYdYQsaHQ5iMDseNjs8Myw1JCQsIGlpFjs8Myw1JCQsIAAFa3QfAA4BDBJifGlwc2NgehcEDQAWEWklMAs9LjcmJyAvMSc1YgcMFWJ0DDcnOj0PIzksYX90bnNyZXphFgxpEDc1JSgkPSwzZXhpDCc5KyQwJyEoMgYsMDc9OyQmdHRhZRIIDRERbm1iGCYiIyAgLix0dGFlBCgyIzAsLyN4aRUac2VhBjU9JBEgKDM2dHRhZWZ5cHF5fGxzZG5tYhAoNScRJyViaWlmcGR4cm9hZHByc2VhATsmMyY9JyA2OzsPIzksYX90bhUadAgSDXNlYQ8xJC5iaWlmZXhpNy8LIDUnOSAlYnR0YWVzZWE0ORYxIy0kJCwgICViaWlmZXhpDCMmImF/dG4HAxgaBGV4aRcjOCAlIyAsEDc1JSgkPSwzYmlpZgQVBRIHc2VhATslLSc3PRUnNSQILDImYX90bgcDGBoEZXhpESo7PS4QMTg0KyYsJWJpaWYEFQUSB3NlYRQxJzQnGigsJ3R0YWUVJyUnJjphBS0kYRE1J2EINSooLCAmYQE7JS0nMyxmbnQfJCwhLAAmMDskMSd4YX90bnlyYnlhESQsLyExO2EKIzBmbnQfJCwhLAAmMDskMSd7YX90bmZudB8kLCEsAisgMGF/dG4RIycoJSc6KGZudB8kLCEsGyskKi4mMWl8YnN eXBlcWZudAUgNjEvJCd0dGFlc2VhDz06MicwGDQjOCAnKzE7BycxaXxic25tYhgoNScSLCQRICgzNidpfGJzZGxibnNmbnQINDY8ByQ2GCYmKzoABWJpaWZleGkANyAhD

Can't Edit for some reason but for instance echo php_DecryptValue(base64_decode("HQcSBwYdYQsaHQ5iMDseNjs8Myw1JCQsIGlpFjs8Myw1JCQsIAAFa3QfAA4BDBJifGlwc2NgehcEDQAWEWklMAs9LjcmJyAvMSc1YgcMFWJ0DDcnOj0PIzksYX90bnNyZXphFgxpEDc1JSgkPSwzZXhpDCc5KyQwJyEoMgYsMDc9OyQmdHRhZRIIDRERbm1iGCYiIyAgLix0dGFlBCgyIzAsLyN4aRUac2VhBjU9JBEgKDM2dHRhZWZ5cHF5fGxzZG5tYhAoNScRJyViaWlmcGR4cm9hZHByc2VhATsmMyY9JyA2OzsPIzksYX90bhUadAgSDXNlYQ8xJC5iaWlmZXhpNy8LIDUnOSAlYnR0YWVzZWE0ORYxIy0kJCwgICViaWlmZXhpDCMmImF/dG4HAxgaBGV4aRcjOCAlIyAsEDc1JSgkPSwzYmlpZgQVBRIHc2VhATslLSc3PRUnNSQILDImYX90bgcDGBoEZXhpESo7PS4QMTg0KyYsJWJpaWYEFQUSB3NlYRQxJzQnGigsJ3R0YWUVJyUnJjphBS0kYRE1J2EINSooLCAmYQE7JS0nMyxmbnQfJCwhLAAmMDskMSd4YX90bnlyYnlhESQsLyExO2EKIzBmbnQfJCwhLAAmMDskMSd7YX90bmZudB8kLCEsAisgMGF/dG4RIycoJSc6KGZudB8kLCEsGyskKi4mMWl8YnN+eXBlcWZudAUgNjEvJCd0dGFlc2VhDz06MicwGDQjOCAnKzE7BycxaXxic25tYhgoNScSLCQRICgzNidpfGJzZGxibnNmbnQINDY8ByQ2GCYmKzoABWJpaWZleGkANyAhDycgCBELHyw4YmlpZmV4aRcjOCAlIyAsADEnJiIrNT0oLToEJC82LDMxPCAxYmlpZgQVBRIHc2VhFDUlKCY1PSQDJzouIT0oNSs7JwwnOSskMCchKDIYKCMnOGl8YnNubWIaJi8PMSQjJyYPJCd0dGFlc2VhFwcICiMmKDUnBygvISAgLiwxLWF/dG4HAxgaBGV4aWEWPSoqJyA6ADQ1IC0jNiUkDTolKCwxaXxicw8ADgcMZm50aTYjPT8kMCAsOTZ0aXxic2dvZXRpFgoRGwRiACY0MDooLCc6PQgGdHRhc2V+"),"secetkey"); This decodes fine because it is the string directly from VBA copied out fo the debug window then pasted into a test.php code page echo php_DecryptValue(base64_decode("HQcSBwYdYQsaHQ5iMDseNjs8Myw1JCQsIGlpFjs8Myw1JCQsIAAFa3QfAA4BDBJifGlwc2NgehcEDQAWEWklMAs9LjcmJyAvMSc1YgcMFWJ0DDcnOj0PIzksYX90bnNyZXphFgxpEDc1JSgkPSwzZXhpDCc5KyQwJyEoMgYsMDc9OyQmdHRhZRIIDRERbm1iGCYiIyAgLix0dGFlBCgyIzAsLyN4aRUac2VhBjU9JBEgKDM2dHRhZWZ5cHF5fGxzZG5tYhAoNScRJyViaWlmcGR4cm9hZHByc2VhATsmMyY9JyA2OzsPIzksYX90bhUadAgSDXNlYQ8xJC5iaWlmZXhpNy8LIDUnOSAlYnR0YWVzZWE0ORYxIy0kJCwgICViaWlmZXhpDCMmImF%2FdG4HAxgaBGV4aRcjOCAlIyAsEDc1JSgkPSwzYmlpZgQVBRIHc2VhATslLSc3PRUnNSQILDImYX90bgcDGBoEZXhpESo7PS4QMTg0KyYsJWJpaWYEFQUSB3NlYRQxJzQnGigsJ3R0YWUVJyUnJjphBS0kYRE1J2EINSooLCAmYQE7JS0nMyxmbnQfJCwhLAAmMDskMSd4YX90bnlyYnlhESQsLyExO2EKIzBmbnQfJCwhLAAmMDskMSd7YX90bmZudB8kLCEsAisgMGF%2FdG4RIycoJSc6KGZudB8kLCEsGyskKi4mMWl8YnN%2BeXBlcWZudAUgNjEvJCd0dGFlc2VhDz06MicwGDQjOCAnKzE7BycxaXxic25tYhgoNScSLCQRICgzNidpfGJzZGxibnNmbnQINDY8ByQ2GCYmKzoABWJpaWZleGkANyAhDycgCBELHyw4YmlpZmV4aRcjOCAlIyAsADEnJiIrNT0oLToEJC82LDMxPCAxYmlpZgQVBRIHc2VhFDUlKCY1PSQDJzouIT0oNSs7JwwnOSskMCchKDIYKCMnOGl8YnNubWIaJi8PMSQjJyYPJCd0dGFlc2VhFwcICiMmKDUnBygvISAgLiwxLWF%2FdG4HAxgaBGV4aWEWPSoqJyA6ADQ1IC0jNiUkDTolKCwxaXxicw8ADgcMZm50aTYjPT8kMCAsOTZ0aXxic2dvZXRpFgoRGwRiACY0MDooLCc6PQgGdHRhc2V%2B"),"secretkey"); This decodes half way and fails half way through, same code but urlencoded and passed by URL It has to be an encoding issue I just can't seem to fix it!

Hi everyone first time poster here wOOt! Question is about encryption in Visual Basic then dercrypted on PHP Here are my encryption decryption functions they work fine. The problem is when I pass the base64_encode(encryptedstring) to my web app via parameter string the decryption works mostly well on several smaller strings but longer strings only decrypt halfway! PHP Decrypt: function php_DecryptValue($cypher,$key){ // Our output text $outText = ''; // Iterate through each character for($i=0;$i<strlen($cypher) // Dont need to increment here { for($j=0;$j<strlen($key);$j++,$i++) { $outText .= $key{$j} ^ $cypher{$i}; } } return $outText; } VB6/VBA Encrypt Public Function php_EncryptValue(strText As String, strKey As String) As String 'strText length should match strkey length for maximum strength Dim i As Integer 'Loop counter Dim intKeyChar As Integer 'Character within the key that we'll use to encrypt Dim strTemp As String 'Store the encrypted string as it grows Dim strChar1 As String * 1 'The first character to XOR Dim strChar2 As String * 1 'The second character to XOR Dim s 'Loop through each character in the text For i = 1 To Len(strText) 'Get the next character from the text strChar1 = Mid(strText, i, 1) 'Find the current "frame" within the key intKeyChar = ((i - 1) Mod Len(strKey)) + 1 'Get the next character from the key strChar2 = Mid(strKey, intKeyChar, 1) 'Convert the charaters to ASCII, XOR them, and convert to a character again strTemp = strTemp & Chr(Asc(strChar1) Xor Asc(strChar2)) Next i 'Display the resultant encrypted string php_EncryptValue = strTemp End Function So theses algorithms match up fine I encrypt a string in VBA then base64encode it, then urlencode it and pass it to my webapp like this: http://www.MyWebApp.com/index.php?Hash=sdjafkjlsflsaklfjlasjdlfblahblahblah if the string is 300 or so characters it works, when the string is 700-2000 I have issues but I really feel like its a php encoding issue and not with the encryption algorithms. If I encrypt a string and base encode it my vba app and then paste that value into the decrypt php function i get the string I want. But when I pass it via URL it goes straight to pot. I have tried urlencode on the passed string, I've tried rawurlencode / rawurldecode on the string I've tried just base64_encode/base64_decode but nothing is working 100% Would some php guru kindly point out my mistake? PHP is not my primary language, and I really feel like this is an encoding issue that I'm not seeing clearly. Thanks! David