php-general Digest 1 Dec 2011 09:11:05 -0000 Issue 7593
Topics (messages 315898 through 315913):
mcrypt_encrypt help needed
315898 by: Rick Dwyer
315899 by: Matijn Woudt
315900 by: Adam Richardson
315901 by: Adam Richardson
315902 by: Matijn Woudt
315903 by: Adam Richardson
315904 by: Matijn Woudt
315905 by: Rick Dwyer
315908 by: Matijn Woudt
315909 by: Rick Dwyer
315910 by: Matijn Woudt
315911 by: Rick Dwyer
compare dates
315906 by: Marc Fromm
315907 by: Matijn Woudt
315912 by: Floyd Resler
Re: Question about PHP FPM and shared memory
315913 by: Daniel Betz
Administrivia:
To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-gene...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
Hello all.
I am using the following function to encrypt a string:
define('SALT', 'myvalueforsalthere');
function encrypt($text)
{
return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,
SALT, $text, MCRYPT_MODE_ECB,
mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
MCRYPT_MODE_ECB), MCRYPT_RAND))));
}
and then:
$myval="hello";
$mayval= encrypt($myval);
echo decrypt($myval);
returns "hello".... great.
But when my input string is more complicated I get unprintable
characters out of the decyrpt side:
$myval="var1=1&var2=2&var3=3";
The above when decrypted will spit out a string of unprintable
characters.
Is encrypt/decrypt choking on the "=" sign? I tried:
$myval=htmlentities($myval);
But it did not work. Any help is appreciated.
Thanks,
--Rick
--- End Message ---
--- Begin Message ---
On Wed, Nov 30, 2011 at 9:57 PM, Rick Dwyer <rpdw...@earthlink.net> wrote:
> Hello all.
>
> I am using the following function to encrypt a string:
>
> define('SALT', 'myvalueforsalthere');
>
> function encrypt($text)
> {
> return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SALT,
> $text, MCRYPT_MODE_ECB,
> mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB),
> MCRYPT_RAND))));
> }
>
Can you post your decrypt function too?
You create a random IV here, don't you need that IV to decrypt too?
> The above when decrypted will spit out a string of unprintable characters.
> Is encrypt/decrypt choking on the "=" sign? I tried:
>
> $myval=htmlentities($myval);
>
> But it did not work. Any help is appreciated.
I doubt it's choking on anything. htmlentities is only for safe output
to browser, you can always check the 'real' value by looking at the
page source in your browser.
Matijn
--- End Message ---
--- Begin Message ---
On Wed, Nov 30, 2011 at 3:57 PM, Rick Dwyer <rpdw...@earthlink.net> wrote:
> Hello all.
>
> I am using the following function to encrypt a string:
>
> define('SALT', 'myvalueforsalthere');
>
> function encrypt($text)
> {
> return trim(base64_encode(mcrypt_**encrypt(MCRYPT_RIJNDAEL_256, SALT,
> $text, MCRYPT_MODE_ECB,
> mcrypt_create_iv(mcrypt_get_**iv_size(MCRYPT_RIJNDAEL_256,
> MCRYPT_MODE_ECB), MCRYPT_RAND))));
> }
>
> and then:
>
> $myval="hello";
> $mayval= encrypt($myval);
>
>
> echo decrypt($myval);
>
> returns "hello".... great.
>
>
>
> But when my input string is more complicated I get unprintable characters
> out of the decyrpt side:
>
> $myval="var1=1&var2=2&var3=3";
>
> The above when decrypted will spit out a string of unprintable characters.
> Is encrypt/decrypt choking on the "=" sign? I tried:
>
> $myval=htmlentities($myval);
>
> But it did not work. Any help is appreciated.
>
> Thanks,
>
> --Rick
>
Hi Rick,
Can you show us the decrypt function, too (even though it should be just
the reverse order of operations using a decrypt function, I'd just like to
double check it before commenting.) By the way, I wouldn't recommend using
ECB mode unless you have a special circumstance:
http://www.quora.com/Is-AES-ECB-mode-useful-for-anything
Adam
(Sorry for the duplicate, Rick, I forgot to reply all the first time.)
--
Nephtali: A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
On Wed, Nov 30, 2011 at 4:14 PM, Matijn Woudt <tijn...@gmail.com> wrote:
> On Wed, Nov 30, 2011 at 9:57 PM, Rick Dwyer <rpdw...@earthlink.net> wrote:
> > Hello all.
> >
> > I am using the following function to encrypt a string:
> >
> > define('SALT', 'myvalueforsalthere');
> >
> > function encrypt($text)
> > {
> > return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SALT,
> > $text, MCRYPT_MODE_ECB,
> > mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
> MCRYPT_MODE_ECB),
> > MCRYPT_RAND))));
> > }
> >
>
> Can you post your decrypt function too?
>
> You create a random IV here, don't you need that IV to decrypt too?
>
>
You're normally right, Matijn,
However, ECB mode doesn't use an IV, so even though he's generating an IV,
it's not being used (and, the benefit of an IV is one of the main reasons
you try to avoid ECB.)
Adam
--
Nephtali: A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
On Wed, Nov 30, 2011 at 10:18 PM, Adam Richardson <simples...@gmail.com> wrote:
> On Wed, Nov 30, 2011 at 4:14 PM, Matijn Woudt <tijn...@gmail.com> wrote:
>
>> On Wed, Nov 30, 2011 at 9:57 PM, Rick Dwyer <rpdw...@earthlink.net> wrote:
>> > Hello all.
>> >
>> > I am using the following function to encrypt a string:
>> >
>> > define('SALT', 'myvalueforsalthere');
>> >
>> > function encrypt($text)
>> > {
>> > return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SALT,
>> > $text, MCRYPT_MODE_ECB,
>> > mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
>> MCRYPT_MODE_ECB),
>> > MCRYPT_RAND))));
>> > }
>> >
>>
>> Can you post your decrypt function too?
>>
>> You create a random IV here, don't you need that IV to decrypt too?
>>
>>
> You're normally right, Matijn,
>
> However, ECB mode doesn't use an IV, so even though he's generating an IV,
> it's not being used (and, the benefit of an IV is one of the main reasons
> you try to avoid ECB.)
>
> Adam
Ah, I see, you're right. I thought he was using CBC (which I would recommend).
That also means that example #1 is wrong at mcrypt_encrypt help page[1].
Matijn
[1] http://php.net/manual/en/function.mcrypt-encrypt.php#example-884
--- End Message ---
--- Begin Message ---
On Wed, Nov 30, 2011 at 4:25 PM, Matijn Woudt <tijn...@gmail.com> wrote:
> On Wed, Nov 30, 2011 at 10:18 PM, Adam Richardson <simples...@gmail.com>
> wrote:
> > On Wed, Nov 30, 2011 at 4:14 PM, Matijn Woudt <tijn...@gmail.com> wrote:
> >
> >> On Wed, Nov 30, 2011 at 9:57 PM, Rick Dwyer <rpdw...@earthlink.net>
> wrote:
> >> > Hello all.
> >> >
> >> > I am using the following function to encrypt a string:
> >> >
> >> > define('SALT', 'myvalueforsalthere');
> >> >
> >> > function encrypt($text)
> >> > {
> >> > return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SALT,
> >> > $text, MCRYPT_MODE_ECB,
> >> > mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
> >> MCRYPT_MODE_ECB),
> >> > MCRYPT_RAND))));
> >> > }
> >> >
> >>
> >> Can you post your decrypt function too?
> >>
> >> You create a random IV here, don't you need that IV to decrypt too?
> >>
> >>
> > You're normally right, Matijn,
> >
> > However, ECB mode doesn't use an IV, so even though he's generating an
> IV,
> > it's not being used (and, the benefit of an IV is one of the main reasons
> > you try to avoid ECB.)
> >
> > Adam
>
> Ah, I see, you're right. I thought he was using CBC (which I would
> recommend).
> That also means that example #1 is wrong at mcrypt_encrypt help page[1].
>
> Matijn
>
> [1] http://php.net/manual/en/function.mcrypt-encrypt.php#example-884
>
Nice catch in the documentation, Matijn. While it will encrypt and decrypt
successfully, the IV isn't being used, so it would seem to be a better
illustration of use of someone switched the mode to one that's using the IV.
Someone with access to the documents want to make the change to one of the
other modes (as Matijn pointed out, CBC is pretty common?)
Adam
--
Nephtali: A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
On Wed, Nov 30, 2011 at 10:34 PM, Adam Richardson <simples...@gmail.com> wrote:
> On Wed, Nov 30, 2011 at 4:25 PM, Matijn Woudt <tijn...@gmail.com> wrote:
>
>> On Wed, Nov 30, 2011 at 10:18 PM, Adam Richardson <simples...@gmail.com>
>> wrote:
>> > On Wed, Nov 30, 2011 at 4:14 PM, Matijn Woudt <tijn...@gmail.com> wrote:
>> >
>> >> On Wed, Nov 30, 2011 at 9:57 PM, Rick Dwyer <rpdw...@earthlink.net>
>> wrote:
>> >> > Hello all.
>> >> >
>> >> > I am using the following function to encrypt a string:
>> >> >
>> >> > define('SALT', 'myvalueforsalthere');
>> >> >
>> >> > function encrypt($text)
>> >> > {
>> >> > return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, SALT,
>> >> > $text, MCRYPT_MODE_ECB,
>> >> > mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
>> >> MCRYPT_MODE_ECB),
>> >> > MCRYPT_RAND))));
>> >> > }
>> >> >
>> >>
>> >> Can you post your decrypt function too?
>> >>
>> >> You create a random IV here, don't you need that IV to decrypt too?
>> >>
>> >>
>> > You're normally right, Matijn,
>> >
>> > However, ECB mode doesn't use an IV, so even though he's generating an
>> IV,
>> > it's not being used (and, the benefit of an IV is one of the main reasons
>> > you try to avoid ECB.)
>> >
>> > Adam
>>
>> Ah, I see, you're right. I thought he was using CBC (which I would
>> recommend).
>> That also means that example #1 is wrong at mcrypt_encrypt help page[1].
>>
>> Matijn
>>
>> [1] http://php.net/manual/en/function.mcrypt-encrypt.php#example-884
>>
>
> Nice catch in the documentation, Matijn. While it will encrypt and decrypt
> successfully, the IV isn't being used, so it would seem to be a better
> illustration of use of someone switched the mode to one that's using the IV.
>
> Someone with access to the documents want to make the change to one of the
> other modes (as Matijn pointed out, CBC is pretty common?)
>
> Adam
I tried to submit a bug report, but the PHP version that comes with
Ubuntu Server (oneiric) is 5.3.6, and they only accept bug reports
from version 5.3.8 and above. If anyone else wants to, please do so.
In that case, there's a second related bug, which is that
mcrypt_get_iv_size does not return 0 for ECB modes, which it should
(as the documentation also notes).
Matijn
> --
> Nephtali: A simple, flexible, fast, and security-focused PHP framework
> http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
My decrypt is below:
$myval=$_GET["myval"];
// let the encryption begin
define('SALT', 'myvalueforsalthere');
function decrypt($text)
{
return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, SALT,
base64_decode($text), MCRYPT_MODE_ECB,
mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
MCRYPT_MODE_ECB), MCRYPT_RAND)));
}
echo decrypt($myval);
--Rick
On Nov 30, 2011, at 4:14 PM, Adam Richardson wrote:
On Wed, Nov 30, 2011 at 3:57 PM, Rick Dwyer <rpdw...@earthlink.net>
wrote:
Hello all.
I am using the following function to encrypt a string:
define('SALT', 'myvalueforsalthere');
function encrypt($text)
{
return trim(base64_encode(mcrypt_**encrypt(MCRYPT_RIJNDAEL_256,
SALT,
$text, MCRYPT_MODE_ECB,
mcrypt_create_iv(mcrypt_get_**iv_size(MCRYPT_RIJNDAEL_256,
MCRYPT_MODE_ECB), MCRYPT_RAND))));
}
and then:
$myval="hello";
$mayval= encrypt($myval);
echo decrypt($myval);
returns "hello".... great.
But when my input string is more complicated I get unprintable
characters
out of the decyrpt side:
$myval="var1=1&var2=2&var3=3";
The above when decrypted will spit out a string of unprintable
characters.
Is encrypt/decrypt choking on the "=" sign? I tried:
$myval=htmlentities($myval);
But it did not work. Any help is appreciated.
Thanks,
--Rick
Hi Rick,
Can you show us the decrypt function, too (even though it should be
just
the reverse order of operations using a decrypt function, I'd just
like to
double check it before commenting.) By the way, I wouldn't recommend
using
ECB mode unless you have a special circumstance:
http://www.quora.com/Is-AES-ECB-mode-useful-for-anything
Adam
(Sorry for the duplicate, Rick, I forgot to reply all the first time.)
--
Nephtali: A simple, flexible, fast, and security-focused PHP
framework
http://nephtaliproject.com
--- End Message ---
--- Begin Message ---
On Wed, Nov 30, 2011 at 10:57 PM, Rick Dwyer <rpdw...@earthlink.net> wrote:
> My decrypt is below:
>
> $myval=$_GET["myval"];
>
>
> // let the encryption begin
>
> define('SALT', 'myvalueforsalthere');
>
> function decrypt($text)
> {
> return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, SALT,
> base64_decode($text), MCRYPT_MODE_ECB,
> mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB),
> MCRYPT_RAND)));
> }
>
> echo decrypt($myval);
>
>
Your decrypt function seems fine, and the encrypt/decrypt functions
work fine both in the same file for me. Now you say you use
$_GET["myval"], which means you get them from URL. Base64 is not URL
safe, have you used urlencode()?
Matijn
--- End Message ---
--- Begin Message ---
On Nov 30, 2011, at 5:13 PM, Matijn Woudt wrote:
Your decrypt function seems fine, and the encrypt/decrypt functions
work fine both in the same file for me. Now you say you use
$_GET["myval"], which means you get them from URL. Base64 is not URL
safe, have you used urlencode()?
Matijn
OK, the problem appears to be that my string encoded contains a +
symbol:
Sw+ht0agaQRBpFlfHSucpYZ....
So I rawurlencode it and if I echo it out, it appears correctly on the
page as:
Sw%2Bht0agaQRBpFlfHSucpYZ ....
BUT... when I pass this encrypted value off to PayPal (I'm integrating
with them), encoded, when they return me to my site, instead of
passing me my value as above, they are somehow decoding back to the
original:
Sw+ht0agaQRBpFlfHSucpYZ....
As I can see it in the URL. The + symbol is then interpretted as a
space instead of + symbol and a result, my decrypt function fails.
So I send off the encrypted value encoded to PayPal but when they go
to redirect back to my site after payment has been made, instead of
the url with Sw%2Bht0agaQRBpFlfHSucpYZ .... in it, they are decoding
it so my url contains Sw+ht0agaQRBpFlfHSucpYZ.... which causes me
problems.
Is there alternative encrypting scheme that will not need url encoding
(so I can be sure the passed url back from PayPal is ok as is)?
--Rick
--- End Message ---
--- Begin Message ---
On Thu, Dec 1, 2011 at 1:14 AM, Rick Dwyer <rpdw...@earthlink.net> wrote:
> On Nov 30, 2011, at 5:13 PM, Matijn Woudt wrote:
>>>
>>
>> Your decrypt function seems fine, and the encrypt/decrypt functions
>> work fine both in the same file for me. Now you say you use
>> $_GET["myval"], which means you get them from URL. Base64 is not URL
>> safe, have you used urlencode()?
>>
>> Matijn
>>
>
>
> OK, the problem appears to be that my string encoded contains a + symbol:
>
> Sw+ht0agaQRBpFlfHSucpYZ....
>
> So I rawurlencode it and if I echo it out, it appears correctly on the page
> as:
>
> Sw%2Bht0agaQRBpFlfHSucpYZ ....
>
> BUT... when I pass this encrypted value off to PayPal (I'm integrating with
> them), encoded, when they return me to my site, instead of passing me my
> value as above, they are somehow decoding back to the original:
>
> Sw+ht0agaQRBpFlfHSucpYZ....
>
> As I can see it in the URL. The + symbol is then interpretted as a space
> instead of + symbol and a result, my decrypt function fails.
>
> So I send off the encrypted value encoded to PayPal but when they go to
> redirect back to my site after payment has been made, instead of the url
> with Sw%2Bht0agaQRBpFlfHSucpYZ .... in it, they are decoding it so my url
> contains Sw+ht0agaQRBpFlfHSucpYZ.... which causes me problems.
>
> Is there alternative encrypting scheme that will not need url encoding (so I
> can be sure the passed url back from PayPal is ok as is)?
>
> --Rick
It seems normal to me that it is decoded, I think that's how it's
supposed to work. How about urlencoding it twice? That might just
work.
Other possibility is to send it as a string of hex characters using
hex2bin or something like that.
Matijn
--- End Message ---
--- Begin Message ---
On Nov 30, 2011, at 7:38 PM, Matijn Woudt wrote:
On Thu, Dec 1, 2011 at 1:14 AM, Rick Dwyer <rpdw...@earthlink.net>
wrote:
On Nov 30, 2011, at 5:13 PM, Matijn Woudt wrote:
Your decrypt function seems fine, and the encrypt/decrypt functions
work fine both in the same file for me. Now you say you use
$_GET["myval"], which means you get them from URL. Base64 is not URL
safe, have you used urlencode()?
Matijn
OK, the problem appears to be that my string encoded contains a +
symbol:
Sw+ht0agaQRBpFlfHSucpYZ....
So I rawurlencode it and if I echo it out, it appears correctly on
the page
as:
Sw%2Bht0agaQRBpFlfHSucpYZ ....
BUT... when I pass this encrypted value off to PayPal (I'm
integrating with
them), encoded, when they return me to my site, instead of passing
me my
value as above, they are somehow decoding back to the original:
Sw+ht0agaQRBpFlfHSucpYZ....
As I can see it in the URL. The + symbol is then interpretted as a
space
instead of + symbol and a result, my decrypt function fails.
So I send off the encrypted value encoded to PayPal but when they
go to
redirect back to my site after payment has been made, instead of
the url
with Sw%2Bht0agaQRBpFlfHSucpYZ .... in it, they are decoding it so
my url
contains Sw+ht0agaQRBpFlfHSucpYZ.... which causes me problems.
Is there alternative encrypting scheme that will not need url
encoding (so I
can be sure the passed url back from PayPal is ok as is)?
--Rick
It seems normal to me that it is decoded, I think that's how it's
supposed to work. How about urlencoding it twice? That might just
work.
Other possibility is to send it as a string of hex characters using
hex2bin or something like that.
Matijn
Yes! Thanks, double urlencoding it did the trick.
I first encrypt it followed by a double rawurlencode.
Thanks... my head was beginning to really hurt from banging it on the
wall.
--Rick
--- End Message ---
--- Begin Message ---
I'm puzzled why the if statement executes as true when the first date
(job_closedate) is not less than the second date (now).
The if statement claims that "12/02/2011" is less than "11/30/2011".
if (date("m/d/Y",strtotime($jobs_closedate)) <=
date("m/d/Y",strtotime("now"))){
echo date("m/d/Y",strtotime($jobs_closedate)); // displays -
12/02/2011
echo date("m/d/Y",strtotime("now")); //
displays - 11/30/2011
$error.="The close date must be later than
today's date, " . date("m/d/Y",strtotime("now")) . ".\n";
}
If the first date is "11/16/2011" the if statement also executes as true which
is correct since "11/16/2011" is less than "11/30/2011".
Marc
--- End Message ---
--- Begin Message ---
On Wed, Nov 30, 2011 at 11:00 PM, Marc Fromm <marc.fr...@wwu.edu> wrote:
> I'm puzzled why the if statement executes as true when the first date
> (job_closedate) is not less than the second date (now).
> The if statement claims that "12/02/2011" is less than "11/30/2011".
>
> if (date("m/d/Y",strtotime($jobs_closedate)) <=
> date("m/d/Y",strtotime("now"))){
You're comparing strings here, try to compare the unix timestamp:
if (strtotime($jobs_closedate) <= strtotime("now")){
That'll probably do what you want..
Matijn
--- End Message ---
--- Begin Message ---
On Nov 30, 2011, at 5:04 PM, Matijn Woudt wrote:
> On Wed, Nov 30, 2011 at 11:00 PM, Marc Fromm <marc.fr...@wwu.edu> wrote:
>> I'm puzzled why the if statement executes as true when the first date
>> (job_closedate) is not less than the second date (now).
>> The if statement claims that "12/02/2011" is less than "11/30/2011".
>>
>> if (date("m/d/Y",strtotime($jobs_closedate)) <=
>> date("m/d/Y",strtotime("now"))){
>
> You're comparing strings here, try to compare the unix timestamp:
>
> if (strtotime($jobs_closedate) <= strtotime("now")){
>
> That'll probably do what you want..
>
> Matijn
>
Another way to do it would be:
if(strtotime($jobs_closedate)<=time()) {
}
or
if(date("Y-m-d",strtotime($job_closedate))<=date("Y-m-d",time()) {
}
Take care,
Floyd
--- End Message ---
--- Begin Message ---
The answer for the problem is raising the vm.max_map_count via sysctl.
> -----Ursprüngliche Nachricht-----
> Von: Daniel Betz [mailto:db...@df.eu]
> Gesendet: Mittwoch, 23. November 2011 15:56
> An: php-gene...@lists.php.net
> Betreff: [PHP] Question about PHP FPM and shared memory
>
> Hello list,
>
> I am trying to start PHP FPM with 2600 worker pools with "ondemand"
> processmanager. Each for one domain.
> The problem is now, that the php-fpm quits with:
> ERROR: pid 10937, fpm_shm_alloc(), line 28: unable to allocate 1040 bytes in
> shared memory: Cannot allocate memory: Cannot allocate memory (12)
>
> The server is 32bit :( and has 12GB of ram.
> I have tried to raise the SHMMAX and SHMALL settings via sysctl, but the
> problem isn't gone.
>
> Do you have any hints ?
>
> Thx and greetings,
> Daniel
>
>
>
> --
> PHP General Mailing List (http://www.php.net/) To unsubscribe, visit:
> http://www.php.net/unsub.php
--- End Message ---