How to encrypt multiple variables within a php file?

Asked

Viewed 89 times

3

I’m using php to read a file to a $string, he owns some words variables that I need to find and replace with others, that is, I need to get these variables, encrypt them with AES and write again where they were, making a replace.

The variables does not have the same name, and see after the parameter cmd=, the amount of them may vary.

File example with variables:

Inicio
texto=nome?cmd=0a7-5.ext
data...
texto=nome?cmd=12345.ext
data...
texto=nome?cmd=abcd.ext

The value to be replaced is the encrypted variable itself with the following AES:

//fnEncrypt("0a7-5", "1234567890123456");
function fnEncrypt($sValue, $sSecretKey)
{
    return rtrim(
        base64_encode(
            mcrypt_encrypt(
                MCRYPT_RIJNDAEL_256,
                $sSecretKey, $sValue, 
                MCRYPT_MODE_ECB, 
                mcrypt_create_iv(
                    mcrypt_get_iv_size(
                        MCRYPT_RIJNDAEL_256, 
                        MCRYPT_MODE_ECB
                    ), 
                    MCRYPT_RAND)
                )
            ), "\0"
        );
}

What is expected:

Inicio
texto=nome?cmd=dxZIKbLDEtI/m81cEGnB+dVbmy1C+fcIxmeBGHpyYY0=
data...
texto=nome?cmd=+FFzyIqAENF13PnEj5XqpHYlMD2u08uHmWK7HYDyPos=
data...
texto=nome?cmd=cTySfjmfN85GgcWS3aVHSwExC2ZBldBqh9xJq9ndAmc=

How could I replace these variables with their AES encrypted version, knowing that their amount and their values are different?

1 answer

3


Assuming it always starts with "?cmd=" and ending at the end of the line, you can use

preg_replace_callback($regex, $callback, $string)

The callback that will be called and passed an array of the elements combined in the string


Regular expression:

/(\?cmd=)(.+)/

Code:

function fnEncrypt($sValue, $sSecretKey)
{
    return rtrim(
        base64_encode(
            mcrypt_encrypt(
                MCRYPT_RIJNDAEL_256,
                $sSecretKey, $sValue, 
                MCRYPT_MODE_ECB, 
                mcrypt_create_iv(
                    mcrypt_get_iv_size(
                        MCRYPT_RIJNDAEL_256, 
                        MCRYPT_MODE_ECB
                    ), 
                    MCRYPT_RAND)
                )
            ), "\0"
        );
}

$string = "
Inicio
texto=nome?cmd=0a7-5.ext
data...
texto=nome?cmd=12345.ext
data...
texto=nome?cmd=abcd.ext
";

function fnEncrypt_match($matches) {
    return $matches[1] . fnEncrypt($matches[2], "1234567890123456");
}

$stringAES = preg_replace_callback('/(\?cmd=)(.+)/', 'fnEncrypt_match', $string);

echo "<pre>
        $stringAES
      </pre>";

Upshot:

Inicio
texto=nome?cmd=dxZIKbLDEtI/m81cEGnB+dVbmy1C+fcIxmeBGHpyYY0=
data...
texto=nome?cmd=+FFzyIqAENF13PnEj5XqpHYlMD2u08uHmWK7HYDyPos=
data...
texto=nome?cmd=cTySfjmfN85GgcWS3aVHSwExC2ZBldBqh9xJq9ndAmc=


Heed: the code used to encrypt is not completely secure.
It is recommended to use libsodium.

More information: PHP AES Encrypt / Decrypt EN

  • 1

    When you have a little time I give a tested, I appreciate the information on the AES code, it served more as an example and for my attempts, a replacement for a safe version would be easy, I also recommend that you do not use this insecure code, except for didactic purposes, or on its own account.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.