Jump to content

mcrypt_decrypt not returning original string, returning weird data (no errors)

Kinsbane

By Kinsbane
in PHP Coding Help

Recommended Posts

Kinsbane Newbie

Kinsbane

Posted
Posted

Found this class at the PHP manual site. 

class Cipher {
    private $securekey, $iv;
    function __construct() {
        $this->securekey = hash('sha256',"12345678901234567890123456789012",TRUE);

        $this->iv = mcrypt_create_iv(32, MCRYPT_RAND);
    }
    function encrypt($input) {
        return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->securekey, $input, MCRYPT_MODE_ECB, $this->iv));
    }
    function decrypt($input) {
        return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->securekey, base64_decode($input), MCRYPT_MODE_ECB, $this->iv));
    }
}

 

 

Everything looks to encrypt just fine. But when I go to decrypt, this is what gets output:

 

�EJ]�l������Jx�&��g��ZQ�!

 

I'm very very curious to find out why it would do that. As I understood it from the PHP manual, mcrypt_encrypt and mcrypt_decrypt should just work. But why is it not?

Am I missing something with the IV value? Is it something else?

 

It's 4:46am and I have to be up in 3 hours for work and I don't know why I can't figure this out, can anyone help? Thanks a bunch!

BlueSkyIS Newbie

BlueSkyIS

Posted
Posted

works for me. it may be the way you're using the class. here is my code:

 

<?php
class Cipher {
    private $securekey, $iv;
    function __construct() {
        $this->securekey = hash('sha256',"12345678901234567890123456789012",TRUE);

        $this->iv = mcrypt_create_iv(32, MCRYPT_RAND);
    }
    function encrypt($input) {
        return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $this->securekey, $input, MCRYPT_MODE_ECB, $this->iv));
    }
    function decrypt($input) {
        return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $this->securekey, base64_decode($input), MCRYPT_MODE_ECB, $this->iv));
    }
}

$text = 'hello world';
$c = new Cipher();
$e_text = $c->encrypt($text);
echo "encrypted text: $e_text<br>";

$ue_text = $c->decrypt($e_text);
echo "unencrypted text: $ue_text<br>";

?>

 

output:

encrypted text: fJqeyXa+bAId/iU/yFnYQ3RUxtio6OzH8hM4sfDNsIs=

unencrypted text: hello world

 

Kinsbane Newbie

Kinsbane

Posted
  • Author
Posted

I don't get it! Could it be a server setting messing it up?

 

What I'm trying to do is, for a newsletter mailer, I'm making the unsubscribe link contain their email in the URL, using mcrypt_encrypt. When they get to the unsubscribe page,

I wanna use mcrypt_decrypt to get back to the email address and remove all records from the database containing that address.

 

Could it be with the way I'm outputting the decrypted string? I'm like, grasping at straws here cause I know I'm doing it right but it's not doing it right! :(

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Because the encrypted string contains several special characters that cannot be put directly into a URL, you would need to use rawurlencode() and rawurldecode().

 

A much simpler way is to generate a unique id to pass on the end of the url and store it in your user table.

Kinsbane Newbie

Kinsbane

Posted
  • Author
Posted

So, after not being able to figure out what was going on, I thought maybe it was the fact I was using the email address as the encrypted string. So, I tried giving it the row's ID number.

 

This, also, returned undesireable text.

 

All I'm doing, when going through the table to find the contacts who wanted to receive newsletters, is this:

while ($mailee = mysql_fetch_array($mailees_result)) {
			if (checkEmail($mailee['email']) !== FALSE) {

				$maileemail = $cipher->encrypt($mailee['id']);

				include('mailHTML.php');

				if (mail($to, $subject, $body, $headers)) {

					$_SESSION['mailsent'] = true;
				} else {
					$_SESSION['mailfailed']['maileeid'] = $mailee['id'].",";
				}
			} else {
				$_SESSION['checkmailfailed']['maileeid'] = $mailee['id'].",";
			}
			$mailcount++;

		}

Those session variables are in there for error reporting. This is in the back-end. Pretty easy right? I had thought that maybe declaring a new Cipher object on each turn of the loop would be better, but it's not - it encrypts fine, and adds the encryption string to the Unsubscribe link in the email. But on the unsubscribe page, all I'm doing to get the string back is this:

$cipher = new Cipher();
$email = $cipher->decrypt($_GET['email']);

 

I had thought this was pretty straightforward, but I again I'm proving myself wrong...

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.