Page 1 of 1
Mcrypt Error
Posted: Tue Sep 28, 2004 7:56 am
by Cammet
Hi all im just pulling some code apart to try and figure out how things work. it deals with mcrypt encrypting a string.
Code: Select all
$key = "morbid";
$msg = "stringtoencrypt";
$crypted = mcrypt_ecb(MCRYPT_blowfish, $key, $msg, MCRYPT_ENCRYPT);
echo ("$crypted<br><br>");
It Does Encrypt the string. But i get this error
Warning: mcrypt_ecb(): Attempt to use an empty IV, which is NOT recommend in /home/pathtoscript/crypt.php on line 6
Can anyone tell me what the error means?
Posted: Tue Sep 28, 2004 10:13 am
by feyd
[php_man]mcrypt_ecb[/php_man] wrote:string mcrypt_ecb ( string cipher, string key, string data, int mode [, string iv])
Posted: Tue Sep 28, 2004 11:50 am
by Cammet
Thanx Feyd
I just got it

Now im facing the problem with encrypting a cookie with mcrypt
This is what i have
Code: Select all
<?php
$key = "encryptionkey";
$size = mcrypt_get_iv_size (MCRYPT_blowfish, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv ($size, MCRYPT_DEV_RANDOM);
setcookie ("login", mcrypt_ecb(MCRYPT_blowfish, $key, $UserName, MCRYPT_ENCRYPT, $iv), time()+604800);
?>
The cookie variable seems to come out mangled for some reason ??
Posted: Tue Sep 28, 2004 1:01 pm
by feyd
"mangled" how?
Posted: Tue Sep 28, 2004 1:11 pm
by Cammet
lol this is just getting silly. somehow i got it to work, now i can encrypt and decrypt the cookie but there is something very wrong.
i use a cookie to display a users name and it decrypts as the users name now. but i use alot of these type statements
(login is the name of the cookie)
http://domain.com/profile.php?username=$login (an example link)
if ($UserName == $login)
{
display this
}
else
{
display that
}
and although the username and login both echo out to the same thing nothing happens this just started when i changed a few pages over to mcrypt encryption. i was using base_64 before and everything was fine as long as i had the decryption code at the top of the page which i also have with the mcrypt pages.
COMPLETELY OUTTA MY DEPTH HERE LOL
Here Is the code i use to set the cookie
Code: Select all
<?php
$key = "keystring";
$msg = "$UserName";
$size = mcrypt_get_iv_size (MCRYPT_blowfish, MCRYPT_MODE_ECB);
$iv = mcrypt_create_iv ($size, MCRYPT_DEV_RANDOM);
setcookie ("login", mcrypt_ecb(MCRYPT_blowfish, $key, $msg, MCRYPT_ENCRYPT, $iv), time()+604800);
?>
and here is the code i am using to decrypt the cookie
Code: Select all
$key = "keystring"; // Provide the key for the encryption routine---- THIS MUST BE KEPT SECRET
$size = mcrypt_get_iv_size (MCRYPT_blowfish, MCRYPT_MODE_ECB);
$msg = "$login";
$iv = mcrypt_create_iv ($size, MCRYPT_DEV_RANDOM);
$unencrypted = mcrypt_ecb(MCRYPT_blowfish, $key, $msg, MCRYPT_DECRYPT, $iv);
$gofar = "$unencrypted";
$login = "$gofar";
Posted: Tue Sep 28, 2004 1:17 pm
by feyd
maybe they have slightly differing length? use [php_man]var_dump[/php_man] on each, or [php_man]var_export[/php_man].
woo, 4600 posts
Posted: Tue Sep 28, 2004 1:47 pm
by Cammet
ok i added
Code: Select all
<?php
$key = "key"; // Provide the key for the encryption routine---- THIS MUST BE KEPT SECRET
$size = mcrypt_get_iv_size (MCRYPT_blowfish, MCRYPT_MODE_ECB);
$msg = "$login";
$iv = mcrypt_create_iv ($size, MCRYPT_DEV_RANDOM);
$unencrypted = mcrypt_ecb(MCRYPT_blowfish, $key, $msg, MCRYPT_DECRYPT, $iv);
$gofar = "$unencrypted";
$login = "$gofar";
var_dump($login);
?>
but at the top of the page i get
string( 8 ) "Username"
and if i refresh the page i get a headers error. think you could give me an idea of how to use this?
I also tried
var_export() with no luck

Posted: Tue Sep 28, 2004 1:54 pm
by feyd
those functions were suggested for debugging it, checking that the strings are infact the same.. Where does $UserName come from when you are checking if $login is equal to it?
Posted: Tue Sep 28, 2004 2:19 pm
by Cammet
Well they work then (blush) lol yes they seem to be the same.
the script is basically a chat script user types in the message into a textarea presses submit the page then shows
who posted the message
time message was posted
the message
the who posted the message is gotten from the cookie when they log in it is also used as alink to the profile
print ("<a href=profile.php?UserName=$variable2><b><font color=red>$variable2</font></b></a> <br />");
variable2 being the name they used when they posted gotten from there cookie.
So when they click on there own profile this code kicks in.
Code: Select all
if($login == $UserName)
{
echo ("<center>$UserName <a href=updateprofile.php?login=$login>Click Here</a> To Edit Your Profile</center><br><br>");
}
login being the name of cookie