2

Alright, I'm trying to encrypt files when they are uploaded onto a server. I've found code here at stackoverflow, but I'm having problems implanting it. I'm getting the error unexpected '(', expecting ',' or ';' in where/the/file/is.php. It's pointing to the const KEY = md5('somesecretcode'); line. I know that it's saying that it's expecting the end of the line after the md5, but I'm not sure why? You think it would accept the now "encrypted" string as a valid string. If need be, I'll upload some more code up hear. Thanks for your help in advance! I'm kind of new to this so please don't be too rough.

Here's the code

<?php

class Encryption
{
const CYPHER = MCRYPT_RIJNDAEL_256;
const MODE   = MCRYPT_MODE_CBC;
const KEY    = md5('somesecretcode');

public function encrypt($plaintext)
{
    $td = mcrypt_module_open(self::CYPHER, '', self::MODE, '');
    $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
    mcrypt_generic_init($td, self::KEY, $iv);
    $crypttext = mcrypt_generic($td, $plaintext);
    mcrypt_generic_deinit($td);
    return base64_encode($iv.$crypttext);
}

public function decrypt($crypttext)
{
    $crypttext = base64_decode($crypttext);
    $plaintext = '';
    $td        = mcrypt_module_open(self::CYPHER, '', self::MODE, '');
    $ivsize    = mcrypt_enc_get_iv_size($td);
    $iv        = substr($crypttext, 0, $ivsize);
    $crypttext = substr($crypttext, $ivsize);
    if ($iv)
    {
        mcrypt_generic_init($td, self::KEY, $iv);
        $plaintext = mdecrypt_generic($td, $crypttext);
    }
    return trim($plaintext);
}
}

?>

and I'm calling it like...

$encrypted_string = Encryption::encrypt('this is a test'); // Åž-\Ž“kcþ1ÿ4gî:Xƒã%
$decrypted_string = Encryption::decrypt($encrypted_string); // this is a test
Community
  • 1
  • 1
Michael Harvey
  • 168
  • 3
  • 12

3 Answers3

6

You can't use function calls or arrays along with const. You will have to find another way to set the constant (or just hard code the value of md5('somesecretcode')).

Explosion Pills
  • 188,624
  • 52
  • 326
  • 405
  • Ok, I just want to make sure I understand what you're saying. `const` can't have function calls in them, so it wouldn't matter if I'm using the md5 encryption or I'm calling my own string encryption function? Right? So, instead of calling a function, I need to literally put the encrypted code? Ex..`const KEY = '9319ca52f60ac20f620a1a3b265ade79';` Is that what you're saying? By the way, I'm not keeping this as my secret code. That would be ludicrous. – Michael Harvey Oct 08 '12 at 20:58
  • 4
    You can't put function calls in a class unless they are in a method (eg. `public $var = myfunction()` won't work either). – deizel. Oct 08 '12 at 21:00
  • 1
    @MichaelHarvey correct, you can just have the string of the md5 as the const. Pay attention to deizel's comment as well. – Explosion Pills Oct 08 '12 at 21:09
  • I'm new to all this, so I don't really understand what deizel is saying. What does that mean? Could you point me to where I could use it in an exercise? I'm a hands on learner. – Michael Harvey Oct 08 '12 at 21:16
  • 1
    @MichaelHarvey quite simply, if you had `public $varName = md5('something');` you would get the same error. That is within a class, though. I'm not sure if you are using `const` inside of a class or not. – Explosion Pills Oct 08 '12 at 21:20
2

You cannot use "const", because this gets parsed at compile time where function calls are not yet possible.

You can use define function like this

define('KEY', md5('somesecretcode'));

This is a function, gets executed at runtime and will work. You will have to place it somewhere where it can be executed - like class constructor for example.

But using define in this context is not a very good design, because then creating an instance of your class will write something into global (or into the namespace ) scope.

So you need to rethink your solution. If you insist on keeping static method calls, maybe pass the secret into the function as input parameter?

Anti Veeranna
  • 11,485
  • 4
  • 42
  • 63
1

You should not use a function to init a const variable outside the constructor.
You can do instead:

class Encryption
{
    const CYPHER = MCRYPT_RIJNDAEL_256;
    const MODE   = MCRYPT_MODE_CBC;
    const KEY    = '';

    public function __construct(){
        $this->KEY = md5('somesecretphrase');
    }
...

Update:
This is NOT TRUE!
Even though this code seems to be working what it really does is creating another object member called KEY (even though it doesn't have the $ - which is kind of confusing) and assigning it with md5('somesecretphrase'). This member is not a constant and can be changed at any time.
The class member KEY which can be referred to by self::KEY remains empty!

Nir Alfasi
  • 53,191
  • 11
  • 86
  • 129
  • Can we change `Encryption` to `__construct`? PHP4 reached end-of-life 5 years ago. :) – deizel. Oct 08 '12 at 20:58
  • @deizel I'm a Java programmer - forgive me... (fixed!) :) – Nir Alfasi Oct 08 '12 at 20:58
  • No, you can't. CONSTANTS are CONSTANT and do not change anymore. – Sven Oct 08 '12 at 20:59
  • @Sven that's not true. In Java as well - there's only one place where you can set a const variable - and that's inside the constructor. try it! – Nir Alfasi Oct 08 '12 at 21:00
  • 1
    Sorry, I removed my vote because it turns out this doesn't work as expected. You end up with a const (`self::KEY`) that remains empty, and a property (`$this->KEY`) that has a value but is not constant. – deizel. Oct 08 '12 at 21:10
  • 1
    @alfasin: No, it does not work in PHP, which is the language we are talking about right now. You are NOT changing the constant. You are creating a new public property named "KEY" that actually is a variable. Accessing the constant works like `self::KEY` or `Encryption::KEY` and will always return the empty string assigned in the declaration. – Sven Oct 08 '12 at 21:14
  • You're right! `this` points to an object while `self` references the class. wow... – Nir Alfasi Oct 08 '12 at 21:14
  • 3
    I'll leave the answer so others won't step on the same landmine as I did. Updating the answer. – Nir Alfasi Oct 08 '12 at 21:18