Jump to content

base64_decode() bug?

xProteuSx

By xProteuSx
in PHP Coding Help

 Share

Recommended Posts

xProteuSx Advanced Member

xProteuSx

Posted
Posted (edited)

I am getting a really strange issue with a bit of code that I have written. It is used to encode a password and add some random alpha-numeric characters to it. It seems to work the vast majority of the time, but sometimes I get a strange issue. Here's the code:

 

 

$a = "Tranvaj889";

 

function randLetter()

{

$int = rand(0,61);

$a_z = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";

$rand_letter = $a_z[$int];

return $rand_letter;

}

$pass = randLetter() . base64_encode($a) . randLetter() . randLetter() . randLetter();

 

$db_pass = base64_decode(substr($pass, 1, (strlen($pass) - 2)));

$final = substr($db_pass, 0, (strlen($db_pass) - 1));

 

echo 'Original: ' . $a . '<br />';

echo 'Encoded: ' . $pass . '<br />';

echo 'Decoded: ' . $final;

 

This particular example presents the problem. The output will look perfect, like this:

 

Original: Tranvaj889

Encoded: sVHJhbnZhajg4OQ==8FN

Decoded: Tranvaj889

 

However, if I use the mouse to select 'Tranvaj889' (Decoded one) and then paste this into notepad or any file, I get a random special character at the end. I can't post an example here, because the special characters that appear, do not show up in the browser, which is why it took me a while to figure out why my login script was not working.

 

Anyways, I am really confused here, and could use some help. Please keep in mind that this does not occur 95% of the time.

 

IMPORTANT: Please DO NOT reply to this post with the answer that the '- 2' part of the code should be '- 3'. This is not the case, as strlen() starts at 1 and substr() starts at 0. Remember, this works 95% of the time!

 

Is this a bug with base64_encode() / base64_decode()? Or did I just mess something up? I've been trying to sort this out for more than a week now, and some help would be very much appreciated. Cheers, and thanks in advance.

Edited by xProteuSx
Link to comment
Share on other sites
kicken Prolific Member

kicken

Posted
Posted

Is this a bug with base64_encode() / base64_decode()? Or did I just mess something up?

 

You just messed up.  You're not decoding the proper value, your decoding a string with a few extra characters. If you split things up and add a few more echo's you can easily see that:

$encoded = base64_encode($a);
$pass = randLetter() . $encoded . randLetter() . randLetter() . randLetter();




$stripped = substr($pass, 1, (strlen($pass) - 2));
$db_pass = base64_decode($stripped);
$final = substr($db_pass, 0, (strlen($db_pass) - 1));

echo 'Original: ' . $a . PHP_EOL;
echo 'Encoded: ' . $encoded . PHP_EOL;
echo 'Padded: ' . $pass . PHP_EOL;
echo 'Stripped: ' . $stripped . PHP_EOL;
echo 'DB Pass: ' . $db_pass . PHP_EOL;
echo 'Decoded: ' . $final . PHP_EOL;

Produces the sample output:

Original: Tranvaj889
Encoded: VHJhbnZhajg4OQ==
Padded: cVHJhbnZhajg4OQ==lN3
Stripped: VHJhbnZhajg4OQ==lN
DB Pass: Tranvaj889     M
Decoded: Tranvaj889

 

Notice how your encoded value is VHJhbnZhajg4OQ==, but your trying to decode the value VHJhbnZhajg4OQ==lN?  You're only stripping one of the three characters you appended to the end of the string.  So you are right, the -2 shouldn't be -3.  It should be -4 to take off all three characters.  There's no need to be doing a substr on the result of the base64_decode either.

 

Link to comment
Share on other sites
xProteuSx Advanced Member

xProteuSx

Posted
  • Author
Posted

I am sorry, but I am starting to get really frustrated. Everyone who has taken the time to take a look at the code (thank you) has given me an answer without running several samples of $a, or have not bothered to run the code at all.

 

kicken, undoubtedly you are better at PHP than I am, however, you sample contains the same %*^#ing problem as mine. Did you select the 'Decoded' output and paste it into notepad as per the original description of this issue? Even running your EXACT code I get the exact same issue.

 

I seriously doubt that this is an issue that has anything to do with stripping those four characters from the password, because, here's the thing: THE ORIGINAL CODE WORKS 95% OF THE TIME. If there was an extra character appended to every string because I have forgotten to delete one, NO PASSWORDS WOULD EVER WORK.

 

I love this forum, I love the users, and I am sincerely grateful for assistance, however everyone is sending me the same response, even though I have already indicated that I have tried these things.

 

If you care to help solve this, follow this from the original instructions:

 

However, if I use the mouse to select 'Tranvaj889' (Decoded one) and then paste this into notepad or any file, I get a random special character at the end. I can't post an example here, because the special characters that appear, do not show up in the browser, which is why it took me a while to figure out why my login script was not working.

 

Also, try this:

 

$a = "password';

or $a = "thisismypass";

or $a = "password167";

or $a = "Password345";

 

And please don't bother telling me how pretty the output looks in your browser window, which does not display the special character that is attached to SOME of the passwords.

 

Cheers.

Link to comment
Share on other sites
xProteuSx Advanced Member

xProteuSx

Posted
  • Author
Posted

kicken,

 

Run this:

 

 

$a = "Tranvaj889";

 

function randLetter()

{

$int = rand(0,61);

$a_z = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";

$rand_letter = $a_z[$int];

return $rand_letter;

}

 

$encoded = base64_encode($a);

$pass = randLetter() . $encoded . randLetter() . randLetter() . randLetter();

 

 

$stripped = substr($pass, 1, (strlen($pass) - 2));

$db_pass = base64_decode($stripped);

$final = substr($db_pass, 0, (strlen($db_pass) - 1));

 

echo 'Original: ' . $a . PHP_EOL;

echo '<br />Encoded: ' . $encoded . PHP_EOL;

echo '<br />Padded: ' . $pass . PHP_EOL;

echo '<br />Stripped: ' . $stripped . PHP_EOL;

echo '<br />DB Pass: ' . $db_pass . PHP_EOL;

echo '<br />Decoded: ' . $final . PHP_EOL;

 

if ($a == $final)

{echo '<br />match<br />';}

else

{echo '<br />fail<br />';}

 

Output will include: fail

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.