Jump to content


Staff Alumni
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by xyph

  1. Seems like one of the implementations is different. That would be my only guess. Perhaps one of them uses a different number of rounds, one uses ECB instead of CBC. Figuring out what's going on here would require a thorough look at both implementations compared to the 'proper' implementation, and would be quite a bit of work.
  2. Sorry, I didn't mean the encrypted string, I meant plain text, but it's impossible for me to recreate your situation anyways. What code produced that HEX output?
  3. Can you provide the strings you're testing this with? If you're using the JavaScript program along with this, it really doesn't like odd ASCII characters for the key. The PHP implementation functions as you'd expect. I'd imagine it's some sort of injection prevention that's screwing with the JavaScript implementation. Try using keys that only use Alpha-Numeric values, and see if that helps.
  4. Complex, but potentially 'better'. Limited to 6 bits of entropy per potential 8 bits due to simplifying with base64, so you lose 25%. <?php $key = make_base64_key(16); echo $key; function make_base64_key( $bytes ) { // Based on methods implemented in PHPass by Openwall // Converts byte size we want in ASCII to byte size needed in base64 ( 6 bits / 8 bits = .75 ) $base64_bytes = ceil($bytes * .75); // Generate a 'somewhat random' state. Not ideal, but strong enough for salt generation when used in this way $state = microtime(); $raw = ''; // Attempt to use /dev/urandom if (is_readable('/dev/urandom') && ($handle = @fopen('/dev/urandom', 'rb'))) { $raw = fread($fh, $base64_bytes); fclose($fh); } // Check if using /dev/urandom produced incorrect results, or if it's inaccessible if (strlen($raw) < $base64_bytes) { // Reset $raw to blank $raw = ''; // Generate 'somewhat random' data in 16 byte chunks, and truncate at the end for ($i = 0; $i < $base64_bytes; $i += 16) { $state = md5(microtime().$state); $raw .= pack('H*', $state); } $raw = substr($raw, 0, $base64_bytes); } // Chop off the extra bytes we don't need return substr(base64_encode($raw),0,$bytes); } ?> Simple, similar to above example if /dev/urandom isn't available. This one allows you to have a variable character set too <?php $chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!@#$%^&*()_+-=[]{};:,./<>?'; $max = strlen($chars)-1; $key = ''; for( $i = 0; $i < 16; $i++ ) { $key .= $chars[mt_rand(0,$max)]; } echo $key.'<br>'; ?> It's possible to get /dev/urandom to produce values based on a variable character set, but you'd either have to use a base2 number of characters, or deal with rejection sampling or one of it's more complex adaptive algorithms.
  5. Yes, there's going to be some odd characters when switching from hex directly to ascii. There are a lot of white space and otherwise non-keyboard characters. If you want to generate your key from readable text, I'll give you a little code when I get home in an hour or so. Which version of PHP do you have? On what OS? If you have access to /dev/urandom it would be ideal, or if you have PHP5.3, it supports Window's source of random data (via mcrypt) This is all assuming you want to generate random keys.
  6. I showed you already, in my first reply. It's the same as converting to base64, only you skip the last step. $hex = '28d75A09ec63cxvxve870fad25e79b8c'; $ascii = ''; foreach( str_split($hex,2) as $chunk ) $ascii .= chr(hexdec($chunk)); $xtea = new XTEA($ascii);
  7. [edit] Tested the class. The values decrypt fine when plugged in to the JavaScript implementation, and vice-versa. It still throws the undefined variable notice, though [/edit] Your top string is hex, or base16 Your bottom string is base64. <?php $hex_string = 'B09F4FB46AD4418E51E4E09C6C11AA3A36628FBD1CC2D8AF6AD3F01467CA3910231CA851D639402758D57D49CC7D12EF8C7B215B4B50A2C8FF97A29EEEA5F575F7A8628BDB39776747E244FE5B69D8CD63A4DC805360F0CB4B894CA86B56E89099B547FEA38D16A90203FF6D6E4C64B6CA7B2B33184046E7E8646A302F636FA349C3EEF8C45C3A7443030255292B31AA22CD3A45E7722D706F31EBD7CEB0B6ED5BC160EB1CD62FAE36E845E7857C9D203430578A3C3DEBAC808F0BED62C8DF20292A5B145FA991C5'; $ascii_string = ''; foreach( str_split($hex_string,2) as $chunk ) $ascii_string .= chr(hexdec($chunk)); $base64_string = base64_encode($ascii_string); echo $base64_string; ?>
  8. In hex, 32 "characters" = 128 bits. So if your characters are only 0-9,a-f, you've got a 128 bit HEX string. To convert this to 16 characters: <?php $hex_string = md5('some string'); echo "Source HEX string: $hex_string<br> Size: ".strlen($hex_string)."<br>"; $ascii_string = ''; foreach( str_split($hex_string,2) as $chunk ) $ascii_string .= chr(hexdec($chunk)); echo "Converted to ASCII: $ascii_string<br> Size: ".strlen($ascii_string)."<br>"; echo "Confirm: ".hash('md5','some string',TRUE); ?> This isn't a good place to ask for advice on home-brew cryptographic implementations. Most PHP devs would use mcrypt(), and usually through a wrapper. I would suggest using AES, Twofish, TripleDES, etc via mcrypt() for PHP. Most languages should have implementations of those ciphers in a package.
  9. Don't even try to reason with her. If you say anything other than "Congratulations, your logic is perfect. Please, let me know exactly how you would like the solution provided for you;" she'll argue and fight it. If I was a Mod this thread would've been trashed, like every other one you start, the second you started arguing against solutions that don't follow your though patterns. You throw around meaningless technobable while basic terminology and logic goes soaring over your head. We're now 13 replies in, and you still haven't provided anyone with an importable database dump. Something that was asked for in Reply #1. It took you until Reply #9 to even hint at your database structure. I say hint because there's a hell of a lot more to a column than it's name. To add insult to ignorance, it took you way longer to type out your structure in code tags than it would have if you'd simply exported your tables in SQL. Every major script/client supports this feature. Your inability to comprehend the help you've asked for is entertaining the heck out of me. Good luck in future attempts to "mesh it back into what [you] currently have." Most many-to-many paradigms require such functionality, especially when implementing Web 2.0 technologies through the Cloud. You have to watch out though, this can drastically effect SEO! In the end, I'm glad you've decided to stick with the OOP implementation, as most social media outlets suggest that. When you find your solution, be sure to Tweet it with my hashtag.
  10. I can't give you tested code, as I have no access to the SOAP server. If you can get the raw XML string, though (http://www.php.net/manual/en/soapclient.getlastresponse.php) you can use SimpleXML to easily parse the results. From what I've tried though, it appears your SOAP call isn't returning valid XML. <?php $xml_data = '<?xml version="1.0" encoding="utf-8" ?> <TaggedTextArray xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.domain.com/sc001"> <count>1</count> <results> <TaggedText> <tag>001</tag> <taggedResults> <TaggedText> <tag>120</tag> <textArray> <string>value1</string> <string>value2</string> </textArray> </TaggedText> </taggedResults> </TaggedText> </results>'; try { $xml = new SimpleXMLElement( $xml_data, LIBXML_NSCLEAN ); print_r( $xml ); } catch (Exception $e) { echo 'Caught exception: '.$e->getMessage(); } ?> Returns a bunch of errors about the XML data, and throws an exception. This can be fixed by removing the first three lines, but it's kinda 'hackish' <?php $xml_data = '<?xml version="1.0" encoding="utf-8" ?> <TaggedTextArray xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.domain.com/sc001"> <count>1</count> <results> <TaggedText> <tag>001</tag> <taggedResults> <TaggedText> <tag>120</tag> <textArray> <string>value1</string> <string>value2</string> </textArray> </TaggedText> </taggedResults> </TaggedText> </results>'; try { $xml_data = explode( "\n", $xml_data ); $xml_data = array_slice( $xml_data, 3 ); $xml_data = implode( '', $xml_data ); $xml = new SimpleXMLElement( $xml_data, LIBXML_NSCLEAN ); print_r( $xml ); foreach( $xml->TaggedText->taggedResults->TaggedText->textArray->string as $string ) { echo '<br><b>'.$string.'</b>'; } } catch (Exception $e) { echo 'Caught exception: '.$e->getMessage(); } ?> Returns SimpleXMLElement Object ( [TaggedText] => SimpleXMLElement Object ( [tag] => 001 [taggedResults] => SimpleXMLElement Object ( [TaggedText] => SimpleXMLElement Object ( [tag] => 120 [textArray] => SimpleXMLElement Object ( [string] => Array ( [0] => value1 [1] => value2 ) ) ) ) ) ) <br><b>value1</b><br><b>value2</b>
  11. It's hard to say. Can you isolate the issue down to a stand-alone session class with database structure? Something I can copy and paste to my local server, run, and be able to replicate your results.
  12. Include file2 at the top of file1?
  13. Have you checked mysql_affected_rows after the query? The query may be executing fine, only without finding a matching row to update.
  14. Yes, $data will contain a 2D array. If what I did wasn't enough to scoot you along, then I can't really help. This is the point where you need to research on your own. My snippet covered the more complex part of splitting the string into an array. Give it a couple attempts, check out the manual on array functions and array iteration. My script end with print_r, so you get a clear idea of the array structure and data
  15. Oh, I see where I was confused here. Perhaps if you were more descriptive of what you wanted to do, we could more accurately help you. Read up on AJAX.
  16. If $amount and $unit are being defined outside of the script, be sure to sanitize them. mysql_real_escape_string() will not be enough here.
  17. No it won't. http://webdesign.about.com/od/css/f/blfaqhidden.htm
  18. Hehehe You leave that part out, the query is: SELECT `user`,`password` FROM `mysql`.`user`;
  19. Go into your MySQL console as root, and run a query like mysql> SELECT `user`,`password` FROM `mysql`.`user`; +------+----------+ | user | password | +------+----------+ | root | | | root | | | root | | | | | +------+----------+ 4 rows in set (0.03 sec) If the user exists, verify it's permissions.
  20. Can you ping the server? Are you sure a firewall or something isn't blocking communication? Is the server running on the local computer? If so, use 'localhost' instead [edit] Oh derp! Take the http:// out of the hostname :/ You aren't connecting to a web server! [/edit]
  21. This topic has been moved to JavaScript Help. http://www.phpfreaks.com/forums/index.php?topic=355480.0
  22. Use JavaScript! No need to use jQuery for such a simple script http://blog.movalog.com/a/javascript-toggle-visibility/ Use CSS to set the default visibility of the form to hidden.
  23. Why not use MySQL timestamps, and only select values that have/haven't expired? Here's my table CREATE TABLE IF NOT EXISTS `items` ( `id` int(11) NOT NULL AUTO_INCREMENT, `value` varchar(10) NOT NULL, `expires` datetime NOT NULL, UNIQUE KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ; Here's a query to insert a value that expires in 30 minutes mysql> INSERT INTO `items` -> SET `value` = 'foobar', `expires` = DATE_ADD( NOW(), INTERVAL 30 MINUTE ); Query OK, 1 row affected (0.07 sec) Here's a query to select only values that haven't expired. mysql> SELECT `id`, `value` FROM `items` WHERE `expires` >= NOW(); +----+--------+ | id | value | +----+--------+ | 1 | foobar | +----+--------+ 1 row in set (0.02 sec) See how that simplifies things? Check out MySQL's build it date/time functions http://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html
  24. A faster way to do this is to implement mysql_errno to perform the check in a single query. Set your `users_email` to unique, and perform the INSERT only then check for errors. If there is an error, check if the errno is 1062, (http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html) which is the error number for duplicate key entry. You then know that the email already exists.
  25. This is a good reason to use CONSTANTS for values that won't change. If you try to define a constant twice, you'll get a fatal error.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.