Mcrypt Error

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Cammet
Forum Newbie
Posts: 22
Joined: Thu Sep 23, 2004 8:00 am

Mcrypt Error

Post by Cammet »

Hi all im just pulling some code apart to try and figure out how things work. it deals with mcrypt encrypting a string.

Code: Select all

$key  = "morbid";
$msg = "stringtoencrypt";

$crypted = mcrypt_ecb(MCRYPT_blowfish, $key, $msg, MCRYPT_ENCRYPT);
echo ("$crypted<br><br>");
It Does Encrypt the string. But i get this error

Warning: mcrypt_ecb(): Attempt to use an empty IV, which is NOT recommend in /home/pathtoscript/crypt.php on line 6

Can anyone tell me what the error means?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

[php_man]mcrypt_ecb[/php_man] wrote:string mcrypt_ecb ( string cipher, string key, string data, int mode [, string iv])
Cammet
Forum Newbie
Posts: 22
Joined: Thu Sep 23, 2004 8:00 am

Post by Cammet »

Thanx Feyd
I just got it :)
Now im facing the problem with encrypting a cookie with mcrypt
This is what i have

Code: Select all

<?php

$key = "encryptionkey"; 

$size = mcrypt_get_iv_size (MCRYPT_blowfish, MCRYPT_MODE_ECB); 
$iv = mcrypt_create_iv ($size, MCRYPT_DEV_RANDOM); 

setcookie ("login", mcrypt_ecb(MCRYPT_blowfish, $key, $UserName, MCRYPT_ENCRYPT, $iv), time()+604800);

?>
The cookie variable seems to come out mangled for some reason ??
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

"mangled" how?
Cammet
Forum Newbie
Posts: 22
Joined: Thu Sep 23, 2004 8:00 am

Post by Cammet »

lol this is just getting silly. somehow i got it to work, now i can encrypt and decrypt the cookie but there is something very wrong.

i use a cookie to display a users name and it decrypts as the users name now. but i use alot of these type statements

(login is the name of the cookie)

http://domain.com/profile.php?username=$login (an example link)

if ($UserName == $login)
{
display this
}
else
{
display that
}
and although the username and login both echo out to the same thing nothing happens this just started when i changed a few pages over to mcrypt encryption. i was using base_64 before and everything was fine as long as i had the decryption code at the top of the page which i also have with the mcrypt pages.
COMPLETELY OUTTA MY DEPTH HERE LOL

Here Is the code i use to set the cookie

Code: Select all

<?php
$key = "keystring"; 
$msg = "$UserName";
$size = mcrypt_get_iv_size (MCRYPT_blowfish, MCRYPT_MODE_ECB); 
$iv = mcrypt_create_iv ($size, MCRYPT_DEV_RANDOM); 


setcookie ("login", mcrypt_ecb(MCRYPT_blowfish, $key, $msg, MCRYPT_ENCRYPT, $iv), time()+604800); 


?>
and here is the code i am using to decrypt the cookie

Code: Select all

$key = "keystring"; // Provide the key for the encryption routine---- THIS MUST BE KEPT SECRET 
$size = mcrypt_get_iv_size (MCRYPT_blowfish, MCRYPT_MODE_ECB); 
$msg = "$login";
$iv = mcrypt_create_iv ($size, MCRYPT_DEV_RANDOM); 
$unencrypted = mcrypt_ecb(MCRYPT_blowfish, $key, $msg, MCRYPT_DECRYPT, $iv);
$gofar = "$unencrypted";
$login = "$gofar";
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

maybe they have slightly differing length? use [php_man]var_dump[/php_man] on each, or [php_man]var_export[/php_man].

woo, 4600 posts
Cammet
Forum Newbie
Posts: 22
Joined: Thu Sep 23, 2004 8:00 am

Post by Cammet »

ok i added

Code: Select all

<?php
$key = "key"; // Provide the key for the encryption routine---- THIS MUST BE KEPT SECRET 
$size = mcrypt_get_iv_size (MCRYPT_blowfish, MCRYPT_MODE_ECB); 
$msg = "$login";
$iv = mcrypt_create_iv ($size, MCRYPT_DEV_RANDOM); 
$unencrypted = mcrypt_ecb(MCRYPT_blowfish, $key, $msg, MCRYPT_DECRYPT, $iv);
$gofar = "$unencrypted";
$login = "$gofar";
var_dump($login);
?>
but at the top of the page i get
string( 8 ) "Username"
and if i refresh the page i get a headers error. think you could give me an idea of how to use this?
I also tried
var_export() with no luck :cry:
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

those functions were suggested for debugging it, checking that the strings are infact the same.. Where does $UserName come from when you are checking if $login is equal to it?
Cammet
Forum Newbie
Posts: 22
Joined: Thu Sep 23, 2004 8:00 am

Post by Cammet »

Well they work then (blush) lol yes they seem to be the same.
the script is basically a chat script user types in the message into a textarea presses submit the page then shows

who posted the message
time message was posted
the message

the who posted the message is gotten from the cookie when they log in it is also used as alink to the profile
print ("<a href=profile.php?UserName=$variable2><b><font color=red>$variable2</font></b></a> <br />");
variable2 being the name they used when they posted gotten from there cookie.
So when they click on there own profile this code kicks in.

Code: Select all

if($login == $UserName)
{
echo ("<center>$UserName <a href=updateprofile.php?login=$login>Click Here</a> To Edit Your Profile</center><br><br>");
}
login being the name of cookie
Post Reply