Edit report at https://bugs.php.net/bug.php?id=64162&edit=1
ID: 64162 Comment by: anon at anon dot anon Reported by: rob at neovidamedia dot com Summary: Extra characters added to base64_decode() output Status: Not a bug Type: Bug Package: *Encryption and hash functions Operating System: Windows 7 PHP Version: Irrelevant Block user comment: N Private report: N New Comment: >I have consulted a couple of other programmers, both of whom are much better >than I Christ. Anyone is better than you. Charles Babbage in 1864 gave us this quote regarding his design for the first mechanical calculator: "On two occasions I have been asked,â'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?'...I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." I'm wondering the same thing as Babbage. You're giving base64_decode additional nonsense bytes, which by your very admission are chosen at random, then you have the audacity to blame it for not contorting those random bytes into the right answers. >As far as I can tell this is still a bug. Are you suggesting base64_decode be programmed with magic? CHOP THE BYTES OFF YOU MORON (as @bobwei9 explained). Previous Comments: ------------------------------------------------------------------------ [2013-02-06 21:40:37] rob at neovidamedia dot com Actually, the code I have written works in most instances. There are a handful that don't work, such as the sample that I have provided ($a = "Proteussing88";). As per substr(): strlen will give you the length of a string where the first character is character 1 -- in substr() positions start with the first character being in position 0 (like an array). Hence, I don't think that I have to remove 2 characters, or 4. I could be wrong as I am not an expert professional, but I have consulted a couple of other programmers, both of whom are much better than I, and they can't solve this either. Believe me, this code works 95%+ of the time. Please refer to this part of the description: "It seems to be related to the string length of $a, and the fact that it contains a number at its end, but I could be wrong." Also, I upgraded PHP to 5.3 and this piece of code still failed. As far as I can tell this is still a bug. ------------------------------------------------------------------------ [2013-02-06 16:02:34] ras...@php.net You can't arbitrarily add random characters to the base64-encoded string and expect to get sensible output. You are adding 1 char before and 3 after to your encoded string, but then you do base64_decode(substr($pass, 1, (strlen($pass) - 2))) meaning you only remove 2 of those appended chars before you decode. Make that strlen()-3 and your problems go away. The fact that it differs across versions is irrelevant since you are not passing in a valid base64 encoded string. ------------------------------------------------------------------------ [2013-02-06 16:00:19] bobwei9 at hotmail dot com But whatever; there is also an error in your script: $final = base64_decode(substr($pass, 1, (strlen($pass) - 4))); would be right. ____ However, somewhere between 5.3.15 and trunk, base64_decode()-handling of invalid characters (after the last =) has changed... ------------------------------------------------------------------------ [2013-02-06 15:52:17] bobwei9 at hotmail dot com Effectively. On PHP 5.3 there is a byte with \x02 and on trunk \x07... Alone this difference must be a bug... ------------------------------------------------------------------------ [2013-02-06 11:10:30] rob at neovidamedia dot com Description: ------------ --- >From manual page: http://www.php.net/function.base64-decode --- Run this code, and notice the output for 'Decoded' -- it looks the same as 'Original', but it is not. Select it (the result), copy it, and paste it into notepad or something, and you will see a bonus character at the end. It seems to be related to the string length of $a, and the fact that it contains a number at its end, but I could be wrong. I ran about one hundred different scenario tests, and got some funky results. PS - I am running PHP 5.2.17, but that is what my host offers. Don't think I can upgrade on my own ... Test script: --------------- $a = "Proteussing88"; function randLetter() { $int = rand(0,61); $a_z = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; $rand_letter = $a_z[$int]; return $rand_letter; } $pass = randLetter() . base64_encode($a) . randLetter() . randLetter() . randLetter(); $db_pass = base64_decode(substr($pass, 1, (strlen($pass) - 2))); $final = substr($db_pass, 0, (strlen($db_pass) - 1)); echo 'Original: ' . $a . '<br />Encoded: ' . $pass . '<br />Decoded: ' . $final; Expected result: ---------------- The visual result is fine, but in the background a special character is being added to the final string variable. Actual result: -------------- The final string variable looks right, but only in a browser. Paste it into notepad or any other text editor, and you get an unexpected special character at its end. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64162&edit=1
