2

I am using the following encrypt and decrypt script so that when a user clicks on a link containing my string this gets encrypted in the url and decrypted on the next page.

My string is being encrypted find but for some reason it won't decrypt on the next page. can someone please show me where i am going wrong? Thanks,

encryption.php:

<?php class encryption{
    private $config;

    public function __construct( $options=array() ){
        $this->config=array_merge(
            array(
                'cipher'    =>  MCRYPT_RIJNDAEL_256,
                'mode'      =>  MCRYPT_MODE_ECB,
                'key'       =>  FALSE,
                'iv'        =>  FALSE,
                'size'      =>  FALSE,
                'base64'    =>  TRUE,
                'salt'      =>  FALSE
            ),
            $options
        );
    }
    private function getivs( $config=object ){
        $config->size=mcrypt_get_iv_size( $config->cipher, $config->mode );
        $config->iv=mcrypt_create_iv( $config->size, MCRYPT_RAND );
    }
    public function encrypt( $data=NULL ){
        $config=(object)$this->config;
        $this->getivs( $config );
        $data=trim( $data );
        $module = mcrypt_module_open( $config->cipher, '', $config->mode, '' );
        mcrypt_generic_init( $module, $config->key, $config->iv );

        $output = $config->base64 ? base64_encode( mcrypt_generic( $module, $data ) ) : mcrypt_generic( $module, $data );

        mcrypt_generic_deinit( $module );
        mcrypt_module_close( $module );
        return $output;
    }
    public function decrypt( $data=NULL ){
        $config=(object)$this->config;
        $this->getivs( $config );
        mb_detect_order( 'auto' );
        $encoding=mb_detect_encoding( $data );
        if( !$data or is_null( $data ) or empty( $data ) or !$encoding or $data=='' or base64_decode( $data )=='' ) return FALSE;

        $module = mcrypt_module_open( $config->cipher, '', $config->mode, '' );
        mcrypt_generic_init( $module, $config->key, $config->iv );

        $output = $config->base64 ? rtrim( mdecrypt_generic( $module, base64_decode( $data ) ),"\0" ) : rtrim( mdecrypt_generic( $module, $data ),"\0" );

        mcrypt_generic_deinit( $module );
        mcrypt_module_close( $module );
        return urldecode( $output );
    }
}//end class

?>

new_supplier_listings.php:

session_start(); 
require_once 'dependables/encryption.php';

$string = 'NS12345';
        $enc=new encryption( array( 'key'=>'PlowFish' ) );
        $encrypted_string = $enc->encrypt( $string );


echo '<a href="ns_application.php?ns_request='.$encrypted_string.'">Click Here</a>';

ns_application.php:

require_once 'dependables/encryption.php'; 


$reference = isset($_GET['ns_request']) ? $_GET['ns_request'] : null;
$enc=new encryption( array( 'key'=>'PlowFish' ) );
$encrypted_string = $enc->encrypt( $reference );
echo $encrypted_string;
$decrypted_string=$enc->decrypt( $encrypted_string );
echo $decrypted_string;
Mark harris
  • 525
  • 15
  • 39

1 Answers1

0

The problem is you already sent an encrypted value to ns_application.php. And again you first re-encrypt it and the try to decrypt it that's why it's not giving you desired result. try this:

ns_application.php:

<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
require_once 'encryption.php'; 


$reference = isset($_GET['ns_request']) ? $_GET['ns_request'] : null;
$enc=new encryption( array( 'key'=>'PlowFish' ) );

$decrypted_string=$enc->decrypt( $reference );
echo $decrypted_string;
?>

Output: NS12345.

Note:- though your code is very fine but it's best practice to add error reporting code.

dimo414
  • 47,227
  • 18
  • 148
  • 244
Alive to die - Anant
  • 70,531
  • 10
  • 51
  • 98