2

Hi I Have a mailer that has a link to my site along that link is an encrypted data, the main problem is the fetching part if my encrypted data has a "+" sign it is not included on the data that was fetched see here for example of the data: 

index.php?s=NER4gXPSuaads+Cmb8LANA==

this is the link that has the + sign but from my firebase console enter image description here as you can see the "+" sign is no longer there instead it was changed into a white space. I have read some articles about php's urldecode it says there that all Plus symbols ('+') are decoded to a space character. So I was thinking that it could be related to that.. is there a solution for this?

Here is how I tried fetching it for your reference

    if($_GET['s']!='success') {
   $ref =htmlspecialchars($_GET['s']);
} else {
   $ref = "direct";
}

also additional Info the encryption was on AES.. Thanks in advance

Kim Oliveros
  • 711
  • 1
  • 7
  • 28
  • 2
    base64_encode on output (in your view), base64_decode on input (your controller). – bishop Feb 27 '15 at 01:46
  • 1
    Use `urlencode()` before dumping strings into URLs. – Sammitch Feb 27 '15 at 02:01
  • @cerebriform I used your idea about using base64_encode and decode and it was exactly what I was looking for although I'm not sure if how I did it was the proper way.. But still thanks for the info – Kim Oliveros Feb 27 '15 at 02:11

2 Answers2

4

To set and fetch "s" properly you need to urlencode() it when you set it on the URL and urldecode() it when you fetch it.

It looks to me like "s" possibly has not been URL encoded when set on the URL.

phpPhil
  • 906
  • 1
  • 9
  • 28
2

Ok so I have managed to find out what I'm looking for thanks to @cerebriform's comment

Here is how I did it

$refenc = base64_encode($refence);

$refence is the result of the AES encryption so before sending it as a mail It was encoded again but this time using base64_encode(). So how it looks like, I'll show you $final = base64_encode($rdfence);. Then after that it will be sent to the email whichever my mailer wishes to send it to.. How my site manages to eliminate my problem is upon retrieving the link from the url I used base64_decode() ... Then after its been decoded another decoder will take place the AES decryption script will now decrypt it to obtain the raw data from the database

here is the final Code:

  if($_GET['s']!='success') {
 $d = base64_decode($_GET['s']);
 $aes->setData($d);
 $ref=$aes->decrypt();

} else {
   $ref = "No Id";
}

Thanks for the input guys

Kim Oliveros
  • 711
  • 1
  • 7
  • 28
  • 1
    Pretty much. Base 64 still allows for + to occur, but it occurs with predictable frequency. To bullet-proof your application, follow the [advice in this answer](http://stackoverflow.com/a/5835352/2908724). – bishop Feb 27 '15 at 14:44