Jump to content

HELP ME PLEASE!!!!

mrclark219

By mrclark219
in PHP Coding Help

 Share

Recommended Posts

mrclark219 Newbie

mrclark219

Posted
Posted

Hey guys,

 

Im relatively new at this php thing so I need some help from you guys.  I am doing cc encryption and decryption using the md5 hash, so far I have gotten the encryption to work, but as far as the decryption it just doesn't work...take a look at what I've got!

 

function decrypt($tring, $contactNumber){

$key = md5($contactNumber);

$ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);

$iv = mcrypt_create_iv($ivSize, MCRYPT_RAND);

$uncrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $tring, MCRYPT_MODE_ECB, $iv);

if(!is_numeric($uncrypted));

$uncrypted = 'This is bad data';

return trim($uncrypted);

 

I need a value for uncrypted to make it return the number instead of this is bad data any ideas?

 

any help would be appreciated!!

 

Thomas Clark

Link to comment
Share on other sites
mrclark219 Newbie

mrclark219

Posted
  • Author
Posted

A credit card number...I probably should have posted the encryption function as well.  I need the function that decrypts to return the actual card number instead of this is bad data, but I got lost along the way and it wasnt working...here is the encryption function!

 

function encrypt($tring, $contactNumber) {

$tring = str_replace(' ', '', $tring);

$key = md5($contactNumber);

$ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);

$iv = mcrypt_create_iv($ivSize, MCRYPT_RAND);

$crypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $tring, MCRYPT_MODE_ECB, $iv);

return $crypted;

 

Thomas Clark

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

All your encryption function is doing is encrypting an md5() value. An md5 is a checksum/hash of the original value. None of that will ever give you back the original value. Remove the md5() from the encryption and doing an md5() in the decryption to give $key makes even less sense.

Link to comment
Share on other sites
mrclark219 Newbie

mrclark219

Posted
  • Author
Posted

Yeah, ok so I removed the md5 from the encrpyt and it made an err through the whole system, I'm not sure why, but I know it wasn't doing it at first...I've only been learning php for about a month, now so I am very confused as to why this won't work, I think i need a different value for uncrypted in the decrypt part, but I am not exactly sure what this would be to return the card numbers in the system because now it just returns This is bad data...please help!!!

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Actually, if you are encrypting CC numbers for a real site, have you checked with your merchant account provider under what conditions (usually dedicated servers in a secure location) and with what level of encryption you would need to use in order to not violate your agreement with your merchant account provider?

 

Edit: And in looking closer at your code, you are using md5() on your encryption 'key' that you have given the name $contactNumber in the function call? Is that what you intend? Are the data and the key being passed in the correct parameters?

Link to comment
Share on other sites
mrclark219 Newbie

mrclark219

Posted
  • Author
Posted

Yes, for a real site! the code was already in play so I'm guessing they have all of that done already a problem with Mastercards messes up the system so I am supposed to see that all places on the site encrypt and decrypt the same way to prevent the errors, so far I have just have This is bad data where the card number should go, I was just wondering if I use uncrypted = 'This is bad data', can I switch that to make it return the number instead of this text?  Any idea, as it seems like you may be a guru at this php thing! I need your help because I am not a guru..lol?

Link to comment
Share on other sites
akitchin Regular Member

akitchin

Posted
Posted

Yes, for a real site! the code was already in play so I'm guessing they have all of that done already a problem with Mastercards messes up the system so I am supposed to see that all places on the site encrypt and decrypt the same way to prevent the errors, so far I have just have This is bad data where the card number should go, I was just wondering if I use uncrypted = 'This is bad data', can I switch that to make it return the number instead of this text?  Any idea, as it seems like you may be a guru at this php thing! I need your help because I am not a guru..lol?

 

this is the scariest thing i've ever read - someone like this, processing CC numbers. gives me the willies.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

And I just tested your original encrypt/decrypt (with the md5 of the 'key'), with the parameter names changed to something that reflects what they actually are to avoid any confusion about what the code is doing, and the code works (assuming you are using the same key and you are correctly storing and retrieving the encrypted value.) However, despite their name, CC numbers are not actual numbers in the math/computer sense, they are a formatted string of numeric digits. is_numeric() should not be used at all on them. If the encryption/decryption works, you WILL get back what you put in.

Link to comment
Share on other sites
mrclark219 Newbie

mrclark219

Posted
  • Author
Posted

This is totally not the case I just can't seem grasp what I am doing wrong I tested without the is numeric and it is worse than before.  At least with it there the page would load and what not without it I can't even get to the page.  I really don't understand what is going on?

Link to comment
Share on other sites
cunoodle2 Member

cunoodle2

Posted
Posted

And that is supposed to mean what?  I never said I was a php freak! Can you help me out or not?  If not leave the rude comments at the door!  Thanks!!

Akitchin is posting on here totally free of charge and providing what could be considered valuable consulting for you.  Sure maybe it was a little bit of a flame but it was also a reality check.  You are dealing with extremely sensitive credit card information of people and need to do some reading up on the topic and find more examples.  We all started somewhere and through reading the php manual here...

http://www.php.net/manual/en/getting-started.php.

 

Encryption is a pretty big deal.  May I suggest looking to hire someone in the freelance section?  Once you pay someone to fix your code you will then be able to read over it and learn from it.  Unfortunately you have quite a bit to fix here (and learn) and you will not get it all corrected any time soon in this forum.  You may be able to but it will be only as a result of lots of research on your part and putting up with frustrations in trying to solve this issue.

 

Php freelance board...

http://www.phpfreaks.com/forums/index.php/board,8.0.html

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.