Jump to content


Photo

validate base64?


  • Please log in to reply
2 replies to this topic

#1 morongo

morongo
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 11 August 2006 - 04:50 AM

What's a good way to validate a base64 string?

I'm wanting to make sure that (some) users don't sneak-in bogus data to a POST that's supposed to only be base64 on receipt.

Would something like this do it?

if (!preg_match("=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", $sender)){
     die("Incorrect data format.");
}

I'm pretty much flailing in the dark here, I'm not at all up on how to do regex stuff.

Thanks




#2 morongo

morongo
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 11 August 2006 - 05:30 AM

I just now discovered there's a regex area...moderator should probably move this post.

Anyway, I was going to say, if this was C, I could do something like this:
int validateB64(char *postbuf)
{
 char *p;
 for(p=postbuf; *p; p++)
 {
    if ( (*p>= 48 && *p<= 57) || (*p>= 65 && *p<= 90) || (*p>= 97 && *p<= 122) )
          continue;
    else
    {
      return INVALID;
    } 
 }
return VALID;
}
(I would probably add \x0d, \x0a and = ,as well...)

But php won't do that, so I guess that all leads back to validating with regex.


#3 morongo

morongo
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 11 August 2006 - 10:24 PM

Well, I decided to go ahead and 'php-ify' my original C code, above.

This is what I ended up with and it does the job. I actually think I was probably barking up the wrong tree with the regex stuff, it's intended for pattern-matching, extracting data, etc...I needed to validate an entire block of data to make sure it comformed to what I expected for input.

<?php

// the only chars we expect to get if valid b64:
//( RFC 1113, with addition of pad '=' and crlf )
// ABCDEFGHIJKLMNOPQRSTUVWXYZ
// abcdefghijklmnopqrstuvwxyz
// 0123456789
// +/='\x0d''\x0a'
//
// contiguous ascii ranges (dec):
// A-Z    a-z     /-9   +   cr  lf  =
//65-90, 97-122, 47-57, 43, 13, 10, 61


  //test strings:
$good = "An1fJ8+Ule4iv72ts9==\r\n";
$bad  = "abc!@#fgh(-|jkl%\\df\r\n";


printf("<html><body<pre>\n");

  //test a known-valid b64 string:
if(!(validate64($good))) 
   printf("%s\nbuffer is NOT b64 encoded\n\n",$good);
else
   printf("%s\nbuffer is VALID base64\n\n",$good);

  //test a known-invalid b64 string:
if(!(validate64($bad))) 
   printf("%s\nbuffer is NOT b64 encoded\n\n",$bad);
else
   printf("%s\nbuffer is VALID base64\n\n",$bad);

printf("</pre></body</html>\n");


exit;

function validate64($buffer)
{
  $VALID  = 1;
  $INVALID= 0;

  $p    = $buffer;   
  $len  = strlen($p);      
 
  for($i=0; $i<$len; $i++)
  {
     if( ($p[$i]>="A" && $p[$i]<="Z")||
         ($p[$i]>="a" && $p[$i]<="z")||
         ($p[$i]>="/" && $p[$i]<="9")||
         ($p[$i]=="+")||
         ($p[$i]=="=")||
         ($p[$i]=="\x0a")||
         ($p[$i]=="\x0d")
       )
       continue;
     else
       return $INVALID;
  }  //fall through if all ok
return $VALID;
}

?>





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users