Search code examples

PHP IF not working after Encrypt and Decrypt a String

I want to encypt all my session php data and when I want to use these information , decrypt them for this I am using these functions :

define("ENCRYPTION_KEY", "!@#$%^Soheil&*");

 * Returns an encrypted & utf8-encoded
function encrypt($pure_string, $encryption_key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, utf8_encode($pure_string), MCRYPT_MODE_ECB, $iv);
    return $encrypted_string;

 * Returns decrypted original string
function decrypt($encrypted_string, $encryption_key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, $encryption_key, $encrypted_string, MCRYPT_MODE_ECB, $iv);
    return $decrypted_string;

and when I want to set my data I use this code:

$_SESSION["admin_username"] = encrypt($username, ENCRYPTION_KEY);
$_SESSION["seller_id"] = encrypt($user_array['id'], ENCRYPTION_KEY);
$_SESSION['seller_name'] = $user_array['name'];
$_SESSION['login_ok'] = encrypt('ok', ENCRYPTION_KEY);

now when i want to show Decrypted date it works good , but when I want to use it in an IF statement it does not work :

$seller_user_id =  decrypt( $_SESSION["seller_id"] , ENCRYPTION_KEY); 
$seller_user_name =  $_SESSION["seller_name"] ;  
$login_ok = decrypt( $_SESSION["login_ok"] , ENCRYPTION_KEY); 

echo "login_ok is : " .$login_ok  ;

if ( $login_ok  == 'ok'  )

    echo "Login Fail";
    echo "<br> " .$login_ok ;


and this out put is :

login_ok is : ok Login Fail ok

as you see $login_ok == 'ok' is true but the code says it is fals ! I dont Know whats the problem ! It is simple but ...


  • On you can read:

    The data that will be decrypted with the given cipher and mode. If the size of the data is not n * blocksize, the data will be padded with '\0'.

    So before compare the returned data with other strings you have to trim it, as you can see in the example below:

    $seller_user_id =  decrypt( $_SESSION["seller_id"] , ENCRYPTION_KEY); 
    $seller_user_name =  $_SESSION["seller_name"] ;  
    $login_ok = rtrim(decrypt( $_SESSION["login_ok"] , ENCRYPTION_KEY), "\0\4"); 
    echo "login_ok is : " . $login_ok . "<br>";
    if ($login_ok  == 'ok') {
        echo "Logged in succesfully!!"; 
    } else {
        echo "Login Fail - " .$login_ok ;

    This example trim the NULL (\0) and the EOTs (\4) at the end of the string with rtrim( ... , "\0\4");