Welcome Guest, Not a member yet? Register   Sign In
Encryption Library
#1

[eluser]Coder Death[/eluser]
Hello to all,

Please I need to understand!

When I use the Encrypt function to crypt my data like this :

Code:
$this->load->library('encrypt');

$encrypt = $this->encrypt->encode($email);
        
$link = 'http://www.mydomain.com/'.$encrypt;
It crypts it but add some specific characters(+,=,/,\,) in the encrypt string. For example this will return
Code:
http://www.mydomain.com/BjJXalQ3BCECOAk2BzpXP1ZzDj0GclZjWB8MYwBuV2VUblY4UncEPAc7UWA=
and the link functions only when I remove the '=' character.
How can I solve this ?
Or does another way to do it?
Thanks
#2

[eluser]PhilTem[/eluser]
As far as my knowledge lasts, the two equality signs aren't necessary in the string for your link to work yet are important for decoding your string. I would suggest, just strip the two equality signs from your encoded string and create the url.
When decoding you just add the two equality sings prior to decoding.

Give it a try, I think it might work Wink
#3

[eluser]Coder Death[/eluser]
hum I don't understand the idea
If I trip the '=' the next encode can be with '+' as I realizedin multiple trys
#4

[eluser]PhilTem[/eluser]
What I was trying to say was something like this
Code:
$source = 'random blabla';
echo $source;
echo "\n";
$encoded = $this->encrypt->encode($source);
echo $encoded;
echo "\n";
$new_encoded = rtrim($encoded, '=');
echo $new_encoded;
echo "\n";
echo $this->encrypt->decode($new_encoded . '==');

insert that into any controller method and look at the results of the first and last line of the outputs. That should make clear, what my idea is pointing at Wink
#5

[eluser]Coder Death[/eluser]
Thanks @PhilTem,
But the problem is that, sometimes also the '+' and '.' characters are inside the encrypt string.
I would like to know more about the encryption string in CodeIgniter
Does it generate only characters amount [a..z,A..Z]
If yes I think I will do a
Code:
replaceAll('=,+,..',$mystring);
to remove all unwanted characters
Thanks
#6

[eluser]PhilTem[/eluser]
Nope, the encryption library or the encode method respectively don't only create alphanumeric characters in the encoded string. I think it does some base64_encode. That's also where both equality signs come from.
However, if you just trim the last two characters from your string and not replace '=' with '' it should work (since trimming is something else than replacing Wink )

If you want to know more about the encryption library, just have a look at the source code (since it's open source you can do so Wink ). This way I understand a whole more of CI and it's internal business logic. I can only recommend to everyone that seriously wants to work with CI.
#7

[eluser]Abel A.[/eluser]
You're not meant to pass encrypted variables via url.

The encrypt library encrypts the string and returns it in base64 so it can be stored easily in a database. The true raw encryption is actually in binary.

There are many ways to solve your problem. Once way is to store the encrypted data in a database and use an alternative index to point to it. That way you don't have to use the actual encrypted data in your url (which is not recommended).
#8

[eluser]Abel A.[/eluser]
You can also remove the = sign and add it afterwards. The only problem is that base64 sometimes adds == (2 signs). If your raw data is a fix length (like a hash, md5, sha256, etc.), then you can predict how many = signs your base64 string will have. The extra = sign serves as padding, that's why it's added.

Ex:
a string of 20 character will always have one = sign
a string of 100 character will always have two = signs
a string of 1000 character will always have one = sign

You get the point. Note, I didn't test the above string lengths, you would have to do that. I image it won't be too hard.
#9

[eluser]Coder Death[/eluser]
@PhilTem, the unwanted characters do not appear only at the end of the string but inside the encode string sometimes. No way to trim().

@berkguy, you wrote <i>You’re not meant to pass encrypted variables via url.</i>
My problem is that I want to send activation link to a user that has created his account and I want to hide his email address (my cryptation is based on the email address) in the URL.
#10

[eluser]Abel A.[/eluser]
Activation links are suppose to be random. Just add an extra field to your user table that contains the random activation key.




Theme © iAndrew 2016 - Forum software by © MyBB