How can I encode string using PHP Base64_encode function with passing some Salt String
I don't want others to hack my string. If some one is having little knowledge in php, he can easily hack if I directly encode string. Because this is the only function allow you to decode encoded content. As far as I know.
In the tutorials I see above function will accept only one parameter.
Any Help ?
You should use mcrypt php extension.
Related
I'm trying to implement the Google Safebrowsing update API v4 in PHP.
But I can't figure how to correctly decode the rawHashes.
(The rawHashes are 4-bytes-truncated sha256 hashes and then concatenated).
I am trying the native base64_decode of PHP but I can't fully decode the string, and I don't know what the next step is.
According to the API documentation here's how the rawhashes are encoded :
string (bytes format)
The hashes, in binary format, concatenated into one long string. Hashes are sorted in lexicographic order. For JSON API users, hashes are base64-encoded.
A base64-encoded string.
I an very simply decoding the string like so:
$decoded = base64_decode($rawHashes);
The base64 encoded string look like this:
"AAAIYAAAC90AABOxAAAjDgAALZIAAEbKAABIHwAA..."
And the base64 decoded string look like this:
b"\x00\x00\x08`\x00\x00\vÝ\x00\x00\x13±\x00\x00#\x0E\x00\x00-’\x00\x00FÊ\x00\x00H\x1F\x00\x00^\x06\x00\x00bF\x00\x00h²"
As you can see something is not right and I must have missed a step but I can't figure which one.
As Mjh said in the discussion nothing is wrong about base64_decode and nothing else is needed.
Nothing's wrong. You just aren't reading carefully. Here, read what it says: The hashes, in binary format. It says binary format. After decoding, you got binary representation of the data. Using bin2hex should return a human-readable hash. $hash = bin2hex(base64_decode($your_encoded_hash)); - Mjh
The decoded string was looking weird as it is binary data (Raw SHA256 hash) although it is totally correct. To get the hashes in a more convenient encoding it's possible to convert the binary represented data to hex represented data with the php function bin2hex
$hash = bin2hex(base64_decode($your_encoded_hash));
From what I know of base64_decode, it just works. Something must be wrong in your $rawHashes string. If you have line breaks in your string, you need to get rid of them by replacing them with an empty string. The hash that base64_decode needs should be one long line of base64 encoded string. It is not uncommon to receive a hash that is broken into multiple lines.
Try this ...
$decoded = base64_decode(str_replace(PHP_EOL, "", $rawHashes));
I'm setting up a PHP email tracking system that uses url parameters to track link click throughs. Something like:
www.example.com?trackToken=10
I'm looking for a simple PHP encode / decode function I can put in place that will take a number (in this case 10) and convert in to strictly to number and letters. something like:
www.example.com?trackToken=7aj8nG93nDpw9M9Nk1
I have found several variations of encrypt / decrypt functions using mcrypt. However, the encrypted output always ends up containing strange characters. These strange characters make it hard for my email messages to be sent/delivered.
Does anyone know of a good encrypt function that only outputs numbers 0-9 and letters a-z or A-Z? Additionally, I'm looking for a decrypt function to complement the encrypt function so I can actually use it.
I'm not looking for something super secure here. Just a way to mask the actual tracking token so the user can't change it on their own.
Base64 should be fine in any modern system - and any system handling email in PHP fits the definition of "modern". There is absolutely no reason I can think of to limit to just alphanumerics. The only catch is that as a URL parameter you don't want to have a '+' or '/' in the string. There is base64url to solve this problem but that doesn't have a standard PHP function. You can easily replicate that by using base64_encode() and str_replace() and to decode str_replace followed by base64_decode():
$coded = str_replace('+','-',str_replace('/','_',base64_encode($original)));
$original = base64_decode(str_replace('_','/',str_replace('-','+',$coded)));
I have a VB6 application that is creating a JSON string and posting it to a website (PHP5). It may look like this:
data=thisisthejsonstringitcontainsthe£hmtlcharacter&code=123&api_key=321
This is an issue because the £ is thought to be the start of a new variable so the json string is being cut.
Does this need to be encoded somehow at the VB source? Or can I do something with this when it arrives at the website? If it needs encoded by VB can anyone suggest a suitable function?
I'm using the application/x-www-form-urlencoded content type when posting.
This might seem far fetched, but have you tried sending £ urlencoded beforehand? being %26pound
If you send url arguments to a webserver, you'll need to urlencode them. That's true for all arguments in formats that don't escape and can contain problematic characters themselves, which includes JSON.
Does anyone know how to properly decode the following string in PHP?
=?iso-8859-1?Q?OLG=20Slots=20at=20Windsor=20=26=20Caesars=20Windsor=20w?=
I tried using
quoted_printable_decode()
but did not produce the desired result.
This string retrieved from an email header. This above string is the "Subject". It appears that email clients (both web-based and applications) are able to decode the string properly.
Thanks for your time!
It is not url_encoded, instead try this :
$subject = '=?iso-8859-1?Q?OLG=20Slots=20at=20Windsor=20=26=20Caesars=20Windsor=20w?=';
echo utf8_decode(imap_utf8($subject));
Manual
The first bit suggests it's encoded in ISO-8859-1, which is, if I'm reading Wikipedia correctly, standard ASCII.
This means that you probably don't need to decode the string, you just need to understand it ;-)
Where did you find it? What do you think it's meaning might be? (eg is it submitted form data, some sort of RPC encoding, something else?)
Thank you! Just seen your edit. Have you tried b64 decoding it? At a guess it's base64 encoded ASCII. Try base64_decode().
I need to encrypt a string using MySQL's AES_ENCRYPT function, then attach that encrypted string to the end of a URL, such that it can then be decrypted and used by a PHP script on the other end.
Basically, I am encrypting the string (using MySQL's AES_ENCRYPT), I am then using PHP's rawurlencode() function to make it "URL safe". I then pass the encrypted string in a URL, which is then retrieved by the PHP script on the other end where it gets successfully decrypted... about 95% of the time.
Seems as though about 5% of strings are encrypting in such a way that they are getting corrupted somewhere in the process, and can't be decoded on the other end after being passed by a URL. Can anyone help me out here? Is there a 100% fool-proof way to do this? I have also tried using urlencode() as well as base64_encode() in varying combinations.
Thanks.
Solved.
Once I have encrypted the string using MySQL's AES_ENCRYPT function, I use PHP's bin2hex() function to convert that encrypted data (which is in binary form) in to Hexidecimal. I then pass the Hexidecimal as a string on the end of the URL. Once the URL is received on the other end, I then use this custom PHP function to revert the Hex string back to binary:
function hex2bin($data) {
$len = strlen($data);
return pack("H" . $len, $data);
}
From there, all that's left to do is decrypt the data using MySQL's AES_DECRYPT function, and wha-la. The original string is successfully restored.
URLs have a finite maximum length. AES-encrypted strings do not.
URLs are not an appropriate vector for passing arbitrary information. Using an HTTP POST is a much better way, if you must communicate over HTTP.
About why you are having problems: quoting from the PHP manual page on urlencode:
Note: Be careful about variables that
may match HTML entities. Things like
&, © and £ are parsed by
the browser and the actual entity is
used instead of the desired variable
name. This is an obvious hassle that
the W3C has been telling people about
for years. The reference is here:
http://www.w3.org/TR/html4/appendix/notes.html#h-B.2.2.
PHP supports changing the argument
separator to the W3C-suggested
semi-colon through the arg_separator
.ini directive. Unfortunately most
user agents do not send form data in
this semi-colon separated format. A
more portable way around this is to
use & instead of & as the
separator. You don't need to change
PHP's arg_separator for this. Leave it
as &, but simply encode your URLs
using htmlentities() or
htmlspecialchars().