encrypt using php and decrypt using js

Question

I have encrypt string from php and want to render it on client side but I dont know how to mix it using javascript

$enc = encrypt_url('a');
echo "My enc result = ".$enc."<br>";
echo "My dec result = ".decrypt_url($enc);

I've pass it using ajax so, client side retrive it as "ZEJxSkpkYjhhNWUvenZkdFlUSGxvUT09"

I'm trying to decrypt but cannot

<script>
.....
success: function(result) {
    var x = `<?php decrypt_url('\\`+ result+`\\') ?>`;
    console.log(x)
} 
</script>

but the results is null

why didn't you return the decoded string in result from server-side? — PHP Ninja, Sep 19 '19 at 09:20
@Gulshan Because, that is uniqe ID so, people cannot see the real ID from my db. sorry my bad, but still null even i give echo. — Rizal Terris Elvalino, Sep 19 '19 at 09:23
@RizalTerrisElvalino is `PHP` code called in `.js` or `.php` file? — PHP Ninja, Sep 19 '19 at 09:24
because you're currently confused on client side programming and server side, you're loading in the javascript variable into the PHP function which is not possible since PHP runs first, so basically you'll get no value in the `decrypt_url()` — Kevin, Sep 19 '19 at 09:25
what you can do to decrypt is make an xmlhttprequest or what you call AJAX — Kevin, Sep 19 '19 at 09:26
@Kevin t that time I had seen that js and php could be combined using the separator "\\" but I forgot where the reference was. — Rizal Terris Elvalino, Sep 19 '19 at 09:27
Your x var in JS code will get value of decripted string '\\`+ result+`\\', literally. When function is called that row: var x = ... will already be printed. Check page source to see what do you get for that JS. — MilanG, Sep 19 '19 at 09:28
@RizalTerrisElvalino I think you are misinformed thinking that double backslash will magically combine PHP and JS codes using that. using double backslashes are used to escape the single backslash — Kevin, Sep 19 '19 at 09:29
@MilanG `` the results still null, no error just null same as my picture above — Rizal Terris Elvalino, Sep 19 '19 at 09:30
@RizalTerrisElvalino `console.log(result)` and post it here. Lets see what you have in `result` first — PHP Ninja, Sep 19 '19 at 09:31
Actually there is no php funciton decrypt_url() ?! Is that your function? — MilanG, Sep 19 '19 at 09:34
@MilanG yes decrypt_url() is my helper in codeigniter i got reference from this website https://luqman.web.id/meng-enkripsi-url-di-codeigniter/ . for php this working fine, I just can't to decrypt using js — Rizal Terris Elvalino, Sep 19 '19 at 09:39
i feel the context of this is that the OP is trying to hide the value that's coming from PHP that's why JS needs to decrypt it, but the problem is the decrypt function is also in PHP side, thus the reason behind invoking your PHP function inside the success block, if I assessed it correctly, what you should do and have is that you should also have a counterpart decrypt function in JS as well that matches the algorithm with the library in PHP — Kevin, Sep 19 '19 at 09:40
`the results still null` you can't call a PHP function from javascript — Jaromanda X, Sep 19 '19 at 09:41
you should have used something like this: both have encrypt and decrypt on both sides (PHP / JS) https://gist.github.com/ve3/0f77228b174cf92a638d81fddb17189d — Kevin, Sep 19 '19 at 09:44

score 0 · Answer 1 · edited Jun 20 '20 at 09:12

0

You should be using Ajax for this:

encrypt.php

$encrypt = encrypt_url('a');

decrypt.php

die(json_encode(decrypt_url($_POST['encrypted_string'])));

Script

 $.ajax({
        url: "decrypt.php",
        type: "post",
        data: {'encrypted_string': <?=$encrypt?>},
        success: function (response) {
           alert(response);
        },
        error: function(jqXHR, textStatus, errorThrown) {
           console.log(textStatus, errorThrown);
        }
    });

edited Jun 20 '20 at 09:12

Community

1
1

answered Sep 19 '19 at 09:26

Thrallix

699
5
20

1. I using ajax to get data from my controller 2. I have to send encrypt string from my controller to my views. 3. succes: function (result) is my data what I get from my controller 4. the data that I get is in the form of encryption 5. I want to decrypt the data I received earlier – Rizal Terris Elvalino Sep 19 '19 at 09:34
You should create the variable that you're going to pass through into your ajax request. Then you should use Ajax to decrypt it and use it in your JS script as displayed in my answer. – Thrallix Sep 19 '19 at 09:35

Tox · Answer 2 · 2019-09-20T10:23:25.237

<script>
.....
success: function(result) {
    var x = `<?php decrypt_url('\\`+ result+`\\') ?>`;
    console.log(x)
} 
</script>

When PHP returns this page it will execute the decrypt_url function on the string '\\``+ result+``\\' since you can not pass a parameter from JavaScript to PHP like that. Therefore your x will become either nothing (i.e. null) or something random (depending on the decrypt_url function). Use AJAX to pass parameters from JavaScript to PHP.

A simple test case to show what happens:
test.php:

<html>
        <head></head>
        <body>
                <script>
                        function(result)
                        {
                                var x = '<?php echo decrypt_url('+result+',true) ?>';
                                console.log(x)
                        }
                </script>
        </body>
</html>

That will be rendered by the browser as:

<html>
    <head></head>
    <body>
        <script>
            function(result)
            {
                    var x = '

As you can see the output starting from the <?php tag is broken.

Some of you might wonder why, so I thought I should extend my answer a bit. First of all this is a logical mistake because the OP makes the assumption that PHP could be controlled from the client-side. I can see that because the piece of code quoted is HTML with embedded PHP where a PHP block itself sits in a piece of JavaScript. Now let's have a look at what happens during execution with a simplified version of the OP's code:

<html>
  <head>
    <title>Test</title>
  </head>
  <body>
    <script>
      function test(result)
      {
        var x = `<?php strtoupper('\\`+ result+`\\') ?>`;
        console.log(x)
      }
    </script>
  </body>
</html>

Let's save that code as test.php and have a look at what PHP makes of it when the file is executed: first of all it basically transform everything to a single PHP script (this is a simplification of the actual process to show the basic principle). After this step your code will look like this:

echo "<html>\n<head>\n<title>Test</title>\n</head>\n<body>\n<script>\nfunction test(result)\n{\nvar x = `";
strtoupper('\\`+ result+`\\')
echo "`;\nconsole.log(x)\n}\n</script>\n</body>\n</html>";

Those who looked closely will probably have spotted the first issue: there is no semicolon after the strtolower(...) call. So let's assume it's there and look at what the line will return when interpreted by PHP:

'\\`+ result+`\\'

I'm pretty sure that is not the input the decrypt_url function of the OP needs. But let's see how the code looks now (with the missing semicolon added):

echo "<html>\n<head>\n<title>Test</title>\n</head>\n<body>\n<script>\nfunction test(result)\n{\nvar x = `";
'\\`+ result+`\\';
echo "`;\nconsole.log(x)\n}\n</script>\n</body>\n</html>";

Now we are missing another echo, without one the second line will cause an error. So let's fix that:

echo "<html>\n<head>\n<title>Test</title>\n</head>\n<body>\n<script>\nfunction test(result)\n{\nvar x = `";
echo '\\`+ result+`\\';
echo "`;\nconsole.log(x)\n}\n</script>\n</body>\n</html>";

So, after fixing the missing semicolon and the missing echo we get valid PHP code - let's see how the output will look like:

<html>
<head>
<title>Test</title>
</head>
<body>
<script>
function test(result)
{
var x = `\\`+ result+`\\`;
console.log(x)
}
</script>
</body>
</html>

At this point PHP sends the output to the client. Since I used the strtolower function there is no change here that breaks the code, the only thing the test function will do is to wrap the result in double-backslashes, but if I had used strtoupper the test function would fail because RESULT is undefined. I imagine that the decrypt_url function is not supposed to just wrap the input in back-slashes but it will transform the input in a more complex way, which will most likely completely break the resulting code so that the page can't be loaded.

I hope this makes a bit clearer why this approach can not work.

`ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);` add this in `php` on the top of `test.php` — PHP Ninja, Sep 19 '19 at 09:54
It's broken because the PHP tag is broken up with apostrophes. — Tox, Sep 19 '19 at 09:56
Try `var x = '';` instead and you get the same issue, it does not matter what you put in there, it is simply invalid syntax. — Tox, Sep 19 '19 at 09:58

encrypt using php and decrypt using js

2 Answers2

encrypt.php

decrypt.php

Script