Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CodeIgniter 2.x set_cipher and set_flashdata cannot be used together

Tags:

php

codeigniter

When I try to use set_cipher and set_flashdata together in CodeIgniter, flashdata is not set and a php error is logged.

To reproduce this on a fresh CI:

Change the following config.php lines (changes from default CI config):

$config['sess_encrypt_cookie'] = TRUE;
$config['log_threshold'] = 1; // To log the error 
// Encryption key should be set, just set anything, for example:
$config['encryption_key'] = 'HjyePR4FPF70vHKaHTl8jZ0hSMgOu5bW';

Controller (Simplified as much as I could):

<?php

class Welcome extends CI_Controller {

 function __construct(){parent::__construct();}

 function index()
 {
 $this->load->library('session');
 $this->load->library('encrypt');

 $this->encrypt->set_cipher(MCRYPT_BLOWFISH);
 $this->encrypt->encode('message');

 $this->session->set_flashdata('item', 'value');
 }

}

Then simply open the controller in browser and refresh page, you will see flashdata is not set, and the following error is logged in CI application log folder if it has the right permission:

Severity: Notice --> unserialize(): Error at offset 0 of 286 bytes /Applications/MAMP/htdocs/final/system/libraries/Session.php 741

1. Is this a CodeIgniter bug or am i doing anything wrong?

2. What should I do for this to work?

P.S. had to change cipher because default encryption result was too long for a message I needed to encrypt, but I wanted to use default method for anything else CI uses

like image 590
Vladimir Avatar asked May 09 '15 18:05

Vladimir

1 Answers

A1: Both.

It's not a bug per se, but definitely bad design. The CI2 session library does depend on the same CI_Encrypt instance that is $this->encrypt. So, when the session library is already using it and you change the cipher in the middle of that process, it is indeed you breaking it.

A2: Load another instance of the Encryption library for your own usage.

Like this:

// You can use $this->encrypter afterwards
$this->load->library('encrypt', NULL, 'encrypter');

However, length of the resulting cipher-text is a really bad reason to change the encryption algorithm.

like image 165
Narf Avatar answered Oct 17 '22 06:10

Narf
Sign in to Comment

Related questions

PHP Repairing Bad Text
How to properly serve CSS
How to post to a Facebook page with PHP
What is a safe PCRE regex delimiter to use on HTML5 pattern input element attribute?
Is the PDO Library faster than the native MySQL Functions?
How to maintain image quality with FPDF and PHP?
Detecting whether a file is complete or partial in PHP
INSERT IGNORE using Laravel's Fluent
How to improve performance iterating a DOMDocument?
How do you protect API keys and 3rd party site credentials (LAMP)?
Long polling - Message system
Retrieving timestamp of MySQL row creation from meta data?
Make PHPStorm always logged in to FTP [closed]
Timestamping logs of programs managed by supervisord
How to internationalize a PHP third-party library
PHP cURL to login to facebook
ssh2_auth_pubkey_file authentication always fails
Is it required to include the namespace file?
How to use both ID and slug in Laravel 4 route URL? (resource/id/slug)
Using Brackets for PHP files

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!