Kinsbane Posted September 10, 2008 Share Posted September 10, 2008 Found this class at the PHP manual site. class Cipher { private $securekey, $iv; function __construct() { $this->securekey = hash('sha256',"12345678901234567890123456789012",TRUE); $this->iv = mcrypt_create_iv(32, MCRYPT_RAND); } function encrypt($input) { return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->securekey, $input, MCRYPT_MODE_ECB, $this->iv)); } function decrypt($input) { return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->securekey, base64_decode($input), MCRYPT_MODE_ECB, $this->iv)); } } Everything looks to encrypt just fine. But when I go to decrypt, this is what gets output: �EJ]�l������Jx�&��g��ZQ�! I'm very very curious to find out why it would do that. As I understood it from the PHP manual, mcrypt_encrypt and mcrypt_decrypt should just work. But why is it not? Am I missing something with the IV value? Is it something else? It's 4:46am and I have to be up in 3 hours for work and I don't know why I can't figure this out, can anyone help? Thanks a bunch! Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted September 10, 2008 Share Posted September 10, 2008 works for me. it may be the way you're using the class. here is my code: <?php class Cipher { private $securekey, $iv; function __construct() { $this->securekey = hash('sha256',"12345678901234567890123456789012",TRUE); $this->iv = mcrypt_create_iv(32, MCRYPT_RAND); } function encrypt($input) { return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->securekey, $input, MCRYPT_MODE_ECB, $this->iv)); } function decrypt($input) { return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->securekey, base64_decode($input), MCRYPT_MODE_ECB, $this->iv)); } } $text = 'hello world'; $c = new Cipher(); $e_text = $c->encrypt($text); echo "encrypted text: $e_text<br>"; $ue_text = $c->decrypt($e_text); echo "unencrypted text: $ue_text<br>"; ?> output: encrypted text: fJqeyXa+bAId/iU/yFnYQ3RUxtio6OzH8hM4sfDNsIs= unencrypted text: hello world Quote Link to comment Share on other sites More sharing options...
Kinsbane Posted September 10, 2008 Author Share Posted September 10, 2008 I don't get it! Could it be a server setting messing it up? What I'm trying to do is, for a newsletter mailer, I'm making the unsubscribe link contain their email in the URL, using mcrypt_encrypt. When they get to the unsubscribe page, I wanna use mcrypt_decrypt to get back to the email address and remove all records from the database containing that address. Could it be with the way I'm outputting the decrypted string? I'm like, grasping at straws here cause I know I'm doing it right but it's not doing it right! Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted September 10, 2008 Share Posted September 10, 2008 post your code. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 10, 2008 Share Posted September 10, 2008 Because the encrypted string contains several special characters that cannot be put directly into a URL, you would need to use rawurlencode() and rawurldecode(). A much simpler way is to generate a unique id to pass on the end of the url and store it in your user table. Quote Link to comment Share on other sites More sharing options...
Kinsbane Posted September 10, 2008 Author Share Posted September 10, 2008 So, after not being able to figure out what was going on, I thought maybe it was the fact I was using the email address as the encrypted string. So, I tried giving it the row's ID number. This, also, returned undesireable text. All I'm doing, when going through the table to find the contacts who wanted to receive newsletters, is this: while ($mailee = mysql_fetch_array($mailees_result)) { if (checkEmail($mailee['email']) !== FALSE) { $maileemail = $cipher->encrypt($mailee['id']); include('mailHTML.php'); if (mail($to, $subject, $body, $headers)) { $_SESSION['mailsent'] = true; } else { $_SESSION['mailfailed']['maileeid'] = $mailee['id'].","; } } else { $_SESSION['checkmailfailed']['maileeid'] = $mailee['id'].","; } $mailcount++; } Those session variables are in there for error reporting. This is in the back-end. Pretty easy right? I had thought that maybe declaring a new Cipher object on each turn of the loop would be better, but it's not - it encrypts fine, and adds the encryption string to the Unsubscribe link in the email. But on the unsubscribe page, all I'm doing to get the string back is this: $cipher = new Cipher(); $email = $cipher->decrypt($_GET['email']); I had thought this was pretty straightforward, but I again I'm proving myself wrong... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.