urlencode(mcrypt_ecd) not exact when decrypting

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
binkley
Forum Newbie
Posts: 2
Joined: Sun Aug 21, 2011 8:24 am

urlencode(mcrypt_ecd) not exact when decrypting

Post by binkley »

Hello all,

I'm passing several several variables as an encrypted comma delimited string through the URL (coming from clickable links on an email), however I am having very inconsistent results when decrypting these strings. The most benign issue is that the values have invisible control chars that I have to trim, however some of the values are screwing up halfway through the decryption.

For example: I encrypt the string "ALC1000gk,10", and it decrypts as "ALC1000g=L¢î"

The code I'm using looks like this:

Code: Select all

$key = "Hey this key rocks!";

function cryptUrl($cryptToken, $cryptEdition, $key)
{
	$cryptString = $cryptToken . ',' . $cryptEdition;
	return (urlencode(mcrypt_ecb(MCRYPT_3DES, $key, $cryptString, MCRYPT_ENCRYPT)));	
}

$urltok = cryptUrl("ALC1000gk","10", $key);
and then I decrypt with

Code: Select all

function decryptUrl($cryptedString, $key)
{
	return (mcrypt_decrypt(MCRYPT_3DES, $key, urldecode($cryptedString), "ecb"));
}

$pieces = explode(",", decryptUrl($tracking, $key));
$tmpToken = (filter_var($pieces[0],FILTER_SANITIZE_STRING));
$edition = (filter_var($pieces[1],FILTER_SANITIZE_STRING));
So, is this the most reliable way to do this in order to pass encrypted data via the URL? SSL isn't an option, because I need to obfuscate the values from the user, and I have to use encryption because it's being used for a health study.

Thanks everyone!
Dorin85
Forum Newbie
Posts: 20
Joined: Tue Aug 16, 2011 3:16 pm

Re: urlencode(mcrypt_ecd) not exact when decrypting

Post by Dorin85 »

Just a stab in the dark, but maybe if you URLENCODE it before you run mcrypt_ecb. It seems like your encryption is malfunctioning near the "," character in your example encode/decode.

Let me know, I'm curious.
binkley
Forum Newbie
Posts: 2
Joined: Sun Aug 21, 2011 8:24 am

Re: urlencode(mcrypt_ecd) not exact when decrypting

Post by binkley »

Hey now - you just gave me an idea, and I think it worked!

I am sanitizing the string before encrypting and it is coming through without any trouble now.

Code: Select all

function cryptUrl($cryptToken, $cryptEdition, $key)
{
	$cryptString = (filter_var($cryptToken . ',' . $cryptEdition,FILTER_SANITIZE_STRING)); 
         #  changed from $cryptstring = $cryptToken . ',' . $cryptEdition;"

	return (urlencode(mcrypt_ecb(MCRYPT_3DES, $key, $cryptString, MCRYPT_ENCRYPT)));
	
}
Thank you!!

Best
binkley.
Post Reply