(ftp://user:pass@hostname/path) stopped working after I implemented openssl

Question

I own an online FTP using PHP and since mcrypt has been deprecated I wanted to switch to openssl to continue encrypting and storing user credentials as a cookie (deletes when the browser session ends). I know for a fact that the encryption process is working correctly as I have full functionality of everything, but the ftp:// path. I have also echoed out the values inside the cookie after it has been encrypted and decrypted and they were exactly what they were before I encrypted them.

This is just one example of something that doesn't work now, but worked before:

$file=fopen("ftp://$u:$p@$h".$_GET['dir'],"r") or die("Couldn't open file");

Warning: fopen() expects parameter 1 to be a valid path, string given in hidden on line hidden

I don't understand why this is happening and I would be very applicable to give any code that might be needed in determining why this is occurring. However, I can't post code that may compromise the security of my site. Thank you in advance.

I think @Nicolas means `ftps`. `sftp` is file transfer over SSH where `ftps` is `ftp` with `ssl`. Not sure it will fix the issue, but it's worth a shot :) — JNevill, Dec 19 '19 at 14:11
Do you mean to use ```(ftps://user:pass@hostname/path)```? If so, the same error is outputted. — Griffin Garman, Dec 19 '19 at 14:13
@JNevill Why would I need to switch the whole connection type to SSL? The only thing that I changed that is causing this error is the encryption/decryption method. I just don't understand why this is happening in the first place. If the values of the variables are the exact same as before then why would any such errors occur. — Griffin Garman, Dec 19 '19 at 14:20
@GriffinGarman You will need to change ftp_connect to ftp_ssl_connect to use ftps — , Dec 19 '19 at 14:24
@GriffinGarman your server may be rejecting insecure connections (as ftp is insecure) and ftp_ssl_connect encrypts the connecion so it is secure — , Dec 19 '19 at 14:26
Okay I tried ```ftp_ssl_connect``` with ftps:// and the same exact error is outputted. This makes no sense. — Griffin Garman, Dec 19 '19 at 14:30

score -1 · Accepted Answer · edited Dec 19 '19 at 17:20

-1

The issue is that there are extra characters in the decryption. You can't see these characters so you don't know that they are there. Use the following:

strval(str_replace("\0", "","ftp://$u:$p@$h".$_GET['dir']))

edited Dec 19 '19 at 17:20

answered Dec 19 '19 at 16:43

Griffin Garman

45
14

(ftp://user:pass@hostname/path) stopped working after I implemented openssl

1 Answers1