mrclark219 Posted June 12, 2009 Share Posted June 12, 2009 Hey guys, Im relatively new at this php thing so I need some help from you guys. I am doing cc encryption and decryption using the md5 hash, so far I have gotten the encryption to work, but as far as the decryption it just doesn't work...take a look at what I've got! function decrypt($tring, $contactNumber){ $key = md5($contactNumber); $ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($ivSize, MCRYPT_RAND); $uncrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $tring, MCRYPT_MODE_ECB, $iv); if(!is_numeric($uncrypted)); $uncrypted = 'This is bad data'; return trim($uncrypted); I need a value for uncrypted to make it return the number instead of this is bad data any ideas? any help would be appreciated!! Thomas Clark Quote Link to comment Share on other sites More sharing options...
jxrd Posted June 12, 2009 Share Posted June 12, 2009 What....are you trying to decrypt md5?? Quote Link to comment Share on other sites More sharing options...
mrclark219 Posted June 12, 2009 Author Share Posted June 12, 2009 A credit card number...I probably should have posted the encryption function as well. I need the function that decrypts to return the actual card number instead of this is bad data, but I got lost along the way and it wasnt working...here is the encryption function! function encrypt($tring, $contactNumber) { $tring = str_replace(' ', '', $tring); $key = md5($contactNumber); $ivSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($ivSize, MCRYPT_RAND); $crypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $tring, MCRYPT_MODE_ECB, $iv); return $crypted; Thomas Clark Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 12, 2009 Share Posted June 12, 2009 All your encryption function is doing is encrypting an md5() value. An md5 is a checksum/hash of the original value. None of that will ever give you back the original value. Remove the md5() from the encryption and doing an md5() in the decryption to give $key makes even less sense. Quote Link to comment Share on other sites More sharing options...
mrclark219 Posted June 12, 2009 Author Share Posted June 12, 2009 So, you are saying that I can't use this to return the original card number? What would you recommend? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 12, 2009 Share Posted June 12, 2009 Correct, as long as you are using the md5() function in your encrypt() function, you cannot get the original value back. Quote Link to comment Share on other sites More sharing options...
mrclark219 Posted June 12, 2009 Author Share Posted June 12, 2009 Yeah, ok so I removed the md5 from the encrpyt and it made an err through the whole system, I'm not sure why, but I know it wasn't doing it at first...I've only been learning php for about a month, now so I am very confused as to why this won't work, I think i need a different value for uncrypted in the decrypt part, but I am not exactly sure what this would be to return the card numbers in the system because now it just returns This is bad data...please help!!! Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 12, 2009 Share Posted June 12, 2009 Actually, if you are encrypting CC numbers for a real site, have you checked with your merchant account provider under what conditions (usually dedicated servers in a secure location) and with what level of encryption you would need to use in order to not violate your agreement with your merchant account provider? Edit: And in looking closer at your code, you are using md5() on your encryption 'key' that you have given the name $contactNumber in the function call? Is that what you intend? Are the data and the key being passed in the correct parameters? Quote Link to comment Share on other sites More sharing options...
mrclark219 Posted June 12, 2009 Author Share Posted June 12, 2009 Yes, for a real site! the code was already in play so I'm guessing they have all of that done already a problem with Mastercards messes up the system so I am supposed to see that all places on the site encrypt and decrypt the same way to prevent the errors, so far I have just have This is bad data where the card number should go, I was just wondering if I use uncrypted = 'This is bad data', can I switch that to make it return the number instead of this text? Any idea, as it seems like you may be a guru at this php thing! I need your help because I am not a guru..lol? Quote Link to comment Share on other sites More sharing options...
akitchin Posted June 12, 2009 Share Posted June 12, 2009 Yes, for a real site! the code was already in play so I'm guessing they have all of that done already a problem with Mastercards messes up the system so I am supposed to see that all places on the site encrypt and decrypt the same way to prevent the errors, so far I have just have This is bad data where the card number should go, I was just wondering if I use uncrypted = 'This is bad data', can I switch that to make it return the number instead of this text? Any idea, as it seems like you may be a guru at this php thing! I need your help because I am not a guru..lol? this is the scariest thing i've ever read - someone like this, processing CC numbers. gives me the willies. Quote Link to comment Share on other sites More sharing options...
mrclark219 Posted June 12, 2009 Author Share Posted June 12, 2009 And that is supposed to mean what? I never said I was a php freak! Can you help me out or not? If not leave the rude comments at the door! Thanks!! Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 12, 2009 Share Posted June 12, 2009 And I just tested your original encrypt/decrypt (with the md5 of the 'key'), with the parameter names changed to something that reflects what they actually are to avoid any confusion about what the code is doing, and the code works (assuming you are using the same key and you are correctly storing and retrieving the encrypted value.) However, despite their name, CC numbers are not actual numbers in the math/computer sense, they are a formatted string of numeric digits. is_numeric() should not be used at all on them. If the encryption/decryption works, you WILL get back what you put in. Quote Link to comment Share on other sites More sharing options...
mrclark219 Posted June 12, 2009 Author Share Posted June 12, 2009 This is totally not the case I just can't seem grasp what I am doing wrong I tested without the is numeric and it is worse than before. At least with it there the page would load and what not without it I can't even get to the page. I really don't understand what is going on? Quote Link to comment Share on other sites More sharing options...
cunoodle2 Posted June 12, 2009 Share Posted June 12, 2009 And that is supposed to mean what? I never said I was a php freak! Can you help me out or not? If not leave the rude comments at the door! Thanks!! Akitchin is posting on here totally free of charge and providing what could be considered valuable consulting for you. Sure maybe it was a little bit of a flame but it was also a reality check. You are dealing with extremely sensitive credit card information of people and need to do some reading up on the topic and find more examples. We all started somewhere and through reading the php manual here... http://www.php.net/manual/en/getting-started.php. Encryption is a pretty big deal. May I suggest looking to hire someone in the freelance section? Once you pay someone to fix your code you will then be able to read over it and learn from it. Unfortunately you have quite a bit to fix here (and learn) and you will not get it all corrected any time soon in this forum. You may be able to but it will be only as a result of lots of research on your part and putting up with frustrations in trying to solve this issue. Php freelance board... http://www.phpfreaks.com/forums/index.php/board,8.0.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.