Jump to content

Archived

This topic is now archived and is closed to further replies.

morongo

validate base64?

Recommended Posts

What's a good way to validate a base64 string?

I'm wanting to make sure that (some) users don't sneak-in bogus data to a POST that's supposed to only be base64 on receipt.

Would something like this do it?

[code]
if (!preg_match("=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", $sender)){
    die("Incorrect data format.");
}
[/code]

I'm pretty much flailing in the dark here, I'm not at all up on how to do regex stuff.

Thanks


Share this post


Link to post
Share on other sites
I just now discovered there's a regex area...moderator should probably move this post.

Anyway, I was going to say, if this was C, I could do something like this:
[code]
int validateB64(char *postbuf)
{
char *p;
for(p=postbuf; *p; p++)
{
    if ( (*p>= 48 && *p<= 57) || (*p>= 65 && *p<= 90) || (*p>= 97 && *p<= 122) )
          continue;
    else
    {
      return INVALID;
    }
}
return VALID;
}
[/code]
(I would probably add \x0d, \x0a and = ,as well...)

But php won't do that, so I guess that all leads back to validating with regex.

Share this post


Link to post
Share on other sites
Well, I decided to go ahead and 'php-ify' my original C code, above.

This is what I ended up with and it does the job. I actually think I was probably barking up the wrong tree with the regex stuff, it's intended for pattern-matching, extracting data, etc...I needed to validate an entire block of data to make sure it comformed to what I expected for input.

[code]
<?php

// the only chars we expect to get if valid b64:
//( RFC 1113, with addition of pad '=' and crlf )
// ABCDEFGHIJKLMNOPQRSTUVWXYZ
// abcdefghijklmnopqrstuvwxyz
// 0123456789
// +/='\x0d''\x0a'
//
// contiguous ascii ranges (dec):
// A-Z    a-z    /-9  +  cr  lf  =
//65-90, 97-122, 47-57, 43, 13, 10, 61


  //test strings:
$good = "An1fJ8+Ule4iv72ts9==\r\n";
$bad  = "abc!@#fgh(-|jkl%\\df\r\n";


printf("<html><body<pre>\n");

  //test a known-valid b64 string:
if(!(validate64($good)))
  printf("%s\nbuffer is NOT b64 encoded\n\n",$good);
else
  printf("%s\nbuffer is VALID base64\n\n",$good);

  //test a known-invalid b64 string:
if(!(validate64($bad)))
  printf("%s\nbuffer is NOT b64 encoded\n\n",$bad);
else
  printf("%s\nbuffer is VALID base64\n\n",$bad);

printf("</pre></body</html>\n");


exit;

function validate64($buffer)
{
  $VALID  = 1;
  $INVALID= 0;

  $p    = $buffer; 
  $len  = strlen($p);     

  for($i=0; $i<$len; $i++)
  {
    if( ($p[$i]>="A" && $p[$i]<="Z")||
        ($p[$i]>="a" && $p[$i]<="z")||
        ($p[$i]>="/" && $p[$i]<="9")||
        ($p[$i]=="+")||
        ($p[$i]=="=")||
        ($p[$i]=="\x0a")||
        ($p[$i]=="\x0d")
      )
      continue;
    else
      return $INVALID;
  }  //fall through if all ok
return $VALID;
}

?>
[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.