Last active
April 16, 2018 21:40
-
-
Save jdc-cunningham/cb16979d2788eb040c0a872299c24b3f to your computer and use it in GitHub Desktop.
example pre-decrypt sql search with php-defuse
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$fruit_names = []; | |
$stmt = $dbh->prepare('SELECT id, fruit_name FROM fruits'); | |
if ($stmt->execute()) { | |
$result = $stmt->fetchAll(); | |
$result_count = count($result); | |
if ($result_count > 0) { | |
foreach($result as $row) { | |
// decrypt and push into array | |
$cur_fruit_name = $row['fruit_name']; | |
try { | |
$decrypted_fruit_name = Crypto::decrypt($cur_fruit_name, $user_key); | |
$fruit_names[$row['id']] = $decrypted_fruit_name; | |
} | |
catch (Defuse\Crypto\Exception\WrongKeyOrModifiedCiphertextException $ex) { | |
// Either there's a bug in our code, we're trying to decrypt with the | |
// wrong key, or the encrypted credit card number was corrupted in the | |
// database. | |
// ... handle this case ... | |
$fruit_names[$row['id']] = "failed to decrypt"; | |
} | |
} | |
} | |
else { | |
// empty result handler | |
} | |
} | |
// then you can search for what you originally wanted | |
$requested_fruit_name = $_POST['requested_fruit']; // say apple | |
$match_found = false; | |
foreach ($fruit_names as $fruit_id => $fruit_name) { | |
if ($fruit_name == $requested_fruit_name) { | |
$match_found = true; | |
return $fruit_id; | |
break; | |
} | |
} | |
if (!$match_found) { | |
return 'match not found'; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment