0

I have problem for verificate if line use base64 encode, because the problem it´s with equal, for save data in base64 i need don´t show equal, but the same time i need validate if value it´s encode with base 64

I use this function :

function is_base64_encoded($s)
{
// Check if there are valid base64 characters
if (!preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $s)) return false;

// Decode the string in strict mode and check the results
$decoded = base64_decode($s, true);
if(false === $decoded) print "false"; return false;

// Encode the string again
if(base64_encode($decoded) != $s) return false;
return true;
}

The Function works fine, the problem it´s if i replace "=" the function don´t detect base64, etc

By this, my question it´s about how identificate if base64 encoded it´s ok if replace "="

For example Base64 Encode :

This it´s the best car 1980
VGhpcyBpdMK0cyB0aGUgYmVzdCBjYXIgMTk4MA==

The same example if replace "=" :

This it´s the best car 1980
VGhpcyBpdMK0cyB0aGUgYmVzdCBjYXIgMTk4MA

The problen it´s the function for detect if it´s base64 enconde don´t works without "=" and show as line don´t use Base64

By this i find complicated how detect if line it´s encode with Base64 if i replace "=", and i need don´t show "=" and detect if use Base64.

Thank´s in advanced and i hope can help me, regards

Jose
  • 1
  • You can't just remove padding bytes! You may replace them with others and replace them back on decoding. – Markus Zeller Nov 14 '20 at 16:06
  • And how do this ? – Jose Nov 14 '20 at 18:02
  • *if i replace "=" the function don´t detect base64* - the detection should not rely on the "=" character on the end. It's just padding and is only used to fill up the string to a length divisible by 4. Therefore base64 strings have either 1, 2 or no padding characters on the end. "ABCD" -> 4 characters, no padding, valid Base64. "ABC=" -> 3 characters plus padding, valid, "AB==" -> 2 characters plus 2 padding, valid. – jps Nov 15 '20 at 07:43
  • And at that point how detect, because i try %4===0, but no secure for detect string encode with base 64, and if i put without ==, the normal function for detect base64 don´t works – Jose Nov 20 '20 at 20:55
  • You can't really detect with 100% certainty that a given string is base64 encoded. If a string contains characters that don't belong to the base64 character set, you can say it's not base64 encoded, but you can't be sure it's base64 if all characters are ok. The name "Anna" or the number 1234 are technically valid base64, though as a human reader you would usually rule that out. A hex encoded number like 2F37A6FC could also be valid, but it's likely not really base64. – jps Nov 20 '20 at 21:35
  • With simple character set, length and padding check just can rename your function to `could_be_base64($s)`, returning true for all my examples before. You could improve your check if you consider a string of one uppercase followed only by lowercase letters or just only lowercase more likely being a word, and if you only have numbers and letteres A..F or a..f it's more likely hex encoded. But then one day you have a strange error because a real base64 string was ruled out by these extra rules... – jps Nov 20 '20 at 21:35
  • And exists alternative to base64 or howewer the best it´s encrypt the string, and if ecrypt string which it´s the best function for this in Php, Regards – Jose Nov 20 '20 at 22:19

1 Answers1

0

If you use a correct regular expression to test you don't need the encode and decode functions anymore. Use this function:

function is_base64_encoded($strBase64){
  $str = preg_replace('~\s~','',$strBase64);  //remove all whitespaces
  $re = '~^(?:[a-z0-9+/]{4})*(?:[a-z0-9+/]{2}==|[a-z0-9+/]{3}=)?$~i';
  return (bool)preg_match($re,$str);
}

I took the regular expression from here, modified it slightly, and included the first comment.

jspit
  • 3,933
  • 1
  • 6
  • 13