5

In one of our web application ( in PHP, MySQL ) we are saving user's mobile number as encrypted value and decrypt it when we send SMS to them. The application was pretty working well. But

now GoDaddy removed the option base64_encode and decode. So that we cant send SMS to users. So we revert back the mobile numbers to its normal state running it locally.

My question is which is the easiest and safe way to encrypt and decrypt a string using a key.

Something like

Normal string : 9876543210  -> After encrypt with a key -> AASASOOPFPOEROP45664654456
Encrypted string : AASASOOPFPOEROP45664654456 -> on decrypt -> 9876543210

My current code 

function encodeString($str){
  for($i=0; $i<5;$i++)
  {
    $str=strrev(base64_encode($str)); //apply base64 first and then reverse the string
  }
  return $str;
}


function decodeString($str){
 for($i=0; $i<5;$i++)
 {
    $str=base64_decode(strrev($str)); //apply base64 first and then reverse the string}
 }
 return $str;
}

Please help me . Thanks in advance

Improve this question
2
  • 2
    1. Thats not encrypted... thats jsut encoded.. though i suppose you could argue that the strrev you run on it makes it a really weak pseudo-encryption... but whatever. 2.This doesnt sound like something you should be hosting on godaddy. You might want to get some better quality hosting. Commented Jun 19, 2013 at 4:15
  • @haywire .. thanks for your reply.. but we cant use your solution because it contains "base64_encode" which will disabled by GoDaddy Commented Jun 19, 2013 at 4:38

2 Answers 2

Reset to default
4

Well if you were using base64 encode/decode you weren't encrypting the data, just obfuscating.

I don't know what php extensions godaddy has enabled, so I would suggest going with something like phpSecLib

http://phpseclib.sourceforge.net/

It is a standalone implementation you can include into your scripts, and will provide actual encryption of your data. AES or Rijndael should work find for your application

Basically it will encrypt the string with a key, even if your database is compromised, the data can't be decrypted without the key it was encrypted with (which you would hard coded into your script). This is unlike simply encoding it, in which case if someone got ahold of the database, they could decode it by running the first string through a variety of different encoding methods until they find one that works. And then run the rest through the same decoding method

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

here i am giving you one simple example with our own secret key you can use as below

// Secret key to encrypt/decrypt with

$key='mysecretkey'; // 8-32 characters without spaces

// String to encrypt 

$string1='your sample key, that is the question';

// EnCrypt string 

$string2=convert($string1,$key);

// DeCrypt back 

$string3=convert($string2,$key);

// Test output 

  echo '<span style="font-family:Courier">'; 
    echo 'Key: '.$key.'<br>'."\n"; 
    echo $string1.'<br>'."\n"; 
    echo $string2.'<br>'."\n"; 
    echo $string3.'<br>'."\n"; 
    echo '</span>'."\n";

OUTPUT

Key: mysecretkey
your sample key, that is the question
tvfw#ady{i|-rv|/2q|jq9dj3qkw%e~`jyp|k
your sample key, that is the question

Let me know i can help you more.

Improve this answer

2 Comments

and it says Fatal error: Call to undefined function convert() in //wp-content/themes/twentytwelve/cov.php on line 4
This is not even remotely close to a safe way to perform encryption. Anyone who attempts to use this solution, or anything inspired by it, is inviting a security disaster.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.