I have a controller that is accepting a encoded code and setting it as a session variable. I am then trying to look up that code in the DB.
When I print out the query string, it is being excluded for some reason.
/**
* Pass our signup code for demo purposes
*/
public function c(){
// Did we come here from a Sign-up Pin?
$registerPin = $this->uri->segment(3);
if($registerPin){
$this->session->set_userdata(array(
'registerPin' => $registerPin
));
}
// Redirect to register
redirect(site_url("register"));
}
Model:
/**
* Check to see if a pin is a valid demo pin.
*/
public function check_register_pin($pin){
$s=$this->db
->where(array("p.IsDemoPin" => '1', "p.Denomination" => 20, "p.Pin" => $pin))
->where("PinID NOT IN (select PinID from customer_pins where `PinID` = '$pin')")
->get("pins as p");
// If this pin was valid and not used, return true.
if ($s->num_rows() > 0) {
return true;
} else {
return false;
}
}
Config:
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_=+-';
Example Pin I am trying to look up:
ebe83beb61277ab20882b68444cc93e10391d230758847f85e97428d95b7022aab6cdabff6cac097f2e79ceb2df56e06b227063f627341b97346abdc03106d28sXhvJ2tlUzkAGdGwjuKM6O137GlP5tQ1kvazNFnj/f4=
Printed Query:
SELECT * FROM `pins` as `p` WHERE `p`.`IsDemoPin` = '1' AND `p`.`Denomination` = 20 AND `p`.`Pin` = 'ebe83beb61277ab20882b68444cc93e10391d230758847f85e97428d95b7022aab6cdabff6cac097f2e79ceb2df56e06b227063f627341b97346abdc03106d28sXhvJ2tlUzkAGdGwjuKM6O137GlP5tQ1kvazNFnj' AND `PinID` NOT IN (select PinID from customer_pins where `PinID` = 'ebe83beb61277ab20882b68444cc93e10391d230758847f85e97428d95b7022aab6cdabff6cac097f2e79ceb2df56e06b227063f627341b97346abdc03106d28sXhvJ2tlUzkAGdGwjuKM6O137GlP5tQ1kvazNFnj')
The problem is, the class your using to encrypt the value returns a base64 encoded string. Which contains a /
and it breaks your routing when used in the url.
Base64 is not url safe because it contains /
, +
and =
characters.
You could work around this issue by decoding what the function returns and then encoding it in a url safe way, which you can then use without issues in the url path:
<?php
/**
* Decode a url-safe base64 string.
*/
function base64_urldecode($str) {
$pad = strlen($str) % 4;
if ($pad) {
$padlen = 4 - $pad;
$str .= str_repeat('=', $padlen);
}
return base64_decode(strtr($str, '-_', '+/'));
}
/**
* Encode a string into url safe base64.
*/
function base64_urlencode($str) {
return str_replace('=', '', strtr(base64_encode($str), '+/', '-_'));
}
$code = base64_decode('ebe83beb61277ab20882b68444cc93e10391d230758847f85e97428d95b7022aab6cdabff6cac097f2e79ceb2df56e06b227063f627341b97346abdc03106d28sXhvJ2tlUzkAGdGwjuKM6O137GlP5tQ1kvazNFnj/f4=');
echo base64_urlencode($code);
Would output _f4
instead of /f4=
:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.