35

有什么方法可以检测一个字符串是否在 PHP 中是 base64_encoded() ?

我们正在将一些存储从纯文本转换为 base64,其中一部分存储在需要更新的 cookie 中。如果文本尚未编码,我想重置他们的 cookie,否则不要管它。

4

12 回答 12

25

Apologies for a late response to an already-answered question, but I don't think base64_decode($x,true) is a good enough solution for this problem. In fact, there may not be a very good solution that works against any given input. For example, I can put lots of bad values into $x and not get a false return value.

var_dump(base64_decode('wtf mate',true));
string(5) "���j�"

var_dump(base64_decode('This is definitely not base64 encoded',true));
string(24) "N���^~)��r��[jǺ��ܡם"

I think that in addition to the strict return value check, you'd also need to do post-decode validation. The most reliable way is if you could decode and then check against a known set of possible values.

A more general solution with less than 100% accuracy (closer with longer strings, inaccurate for short strings) is if you check your output to see if many are outside of a normal range of utf-8 (or whatever encoding you use) characters.

See this example:

<?php
$english = array();
foreach (str_split('az019AZ~~~!@#$%^*()_+|}?><": Iñtërnâtiônàlizætiøn') as $char) {
  echo ord($char) . "\n";
  $english[] = ord($char);
}
  echo "Max value english = " . max($english) . "\n";

$nonsense = array();
echo "\n\nbase64:\n";
foreach (str_split(base64_decode('Not base64 encoded',true)) as $char) {
  echo ord($char) . "\n";
  $nonsense[] = ord($char);
}

  echo "Max nonsense = " . max($nonsense) . "\n";

?>

Results:

Max value english = 195
Max nonsense = 233

So you may do something like this:

if ( $maxDecodedValue > 200 ) {} //decoded string is Garbage - original string not base64 encoded

else {} //decoded string is useful - it was base64 encoded

You should probably use the mean() of the decoded values instead of the max(), I just used max() in this example because there is sadly no built-in mean() in PHP. What measure you use (mean,max, etc) against what threshold (eg 200) depends on your estimated usage profile.

In conclusion, the only winning move is not to play. I'd try to avoid having to discern base64 in the first place.

于 2011-04-12T08:05:03.140 回答
25 
function is_base64_encoded($data)
{
    if (preg_match('%^[a-zA-Z0-9/+]*={0,2}$%', $data)) {
       return TRUE;
    } else {
       return FALSE;
    }
};

is_base64_encoded("iash21iawhdj98UH3"); // true
is_base64_encoded("#iu3498r"); // false
is_base64_encoded("asiudfh9w=8uihf"); // false
is_base64_encoded("a398UIhnj43f/1!+sadfh3w84hduihhjw=="); // false

http://php.net/manual/en/function.base64-decode.php#81425

于 2016-01-24T22:03:50.647 回答
23

我有同样的问题,我最终得到了这个解决方案:

if ( base64_encode(base64_decode($data)) === $data){
    echo '$data is valid';
} else {
    echo '$data is NOT valid';
}
于 2013-06-10T07:35:08.810 回答
11

迟到总比没有好:您可以使用mb_detect_encoding()它来确定编码的字符串是否似乎是某种文本:

function is_base64_string($s) {
  // first check if we're dealing with an actual valid base64 encoded string
  if (($b = base64_decode($s, TRUE)) === FALSE) {
    return FALSE;
  }

  // now check whether the decoded data could be actual text
  $e = mb_detect_encoding($b);
  if (in_array($e, array('UTF-8', 'ASCII'))) { // YMMV
    return TRUE;
  } else {
    return FALSE;
  }
}

更新对于那些喜欢简短的人

function is_base64_string_s($str, $enc=array('UTF-8', 'ASCII')) {
  return !(($b = base64_decode($str, TRUE)) === FALSE) && in_array(mb_detect_encoding($b), $enc);
}
于 2018-08-16T13:09:55.330 回答
10

我们可以将三件事组合成一个函数来检查给定的字符串是否是有效的 base 64 编码。

function validBase64($string)
{
 $decoded = base64_decode($string, true);
 $result = false;
    
 // Check if there is no invalid character in string
 if (!preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) {$result = false;}
        
 // Decode the string in strict mode and send the response
 if (!$decoded) {$result = false;}
        
 // Encode and compare it to original one
 if (base64_encode($decoded) != $string) {$result = false;}
        
 return $result;
}
于 2015-05-14T07:39:08.550 回答
5

我正要在 php 中构建一个 base64 切换,这就是我所做的:

function base64Toggle($str) {
    if (!preg_match('~[^0-9a-zA-Z+/=]~', $str)) {
        $check = str_split(base64_decode($str));
        $x = 0;
        foreach ($check as $char) if (ord($char) > 126) $x++;
        if ($x/count($check)*100 < 30) return base64_decode($str);
    }
    return base64_encode($str);
}

它非常适合我。以下是我对此的完整想法:http ://www.albertmartin.de/blog/code.php/19/base64-detection

在这里你可以试试:http ://www.albertmartin.de/tools

于 2013-03-27T09:49:36.927 回答
3

如果输入不是有效的 base64 编码数据,base64_decode() 将不会返回 FALSE。改为使用imap_base64(),如果 $text 包含 Base64 字母表之外的字符,则返回 FALSE imap_base64() 参考

于 2015-11-20T11:29:48.963 回答
3

这是我的解决方案:

if(empty(htmlspecialchars(base64_decode($string, true)))) { return false; }

如果解码$string无效,则返回false,例如:“node”、“123”、“”等。

于 2017-11-25T12:56:23.717 回答
2 
$is_base64 = function(string $string) : bool {
    $zero_one = ['MA==', 'MQ=='];
    if (in_array($string, $zero_one)) return TRUE;

    if (empty(htmlspecialchars(base64_decode($string, TRUE))))
        return FALSE;

    return TRUE;
};

var_dump('*** These yell false ***');
var_dump($is_base64(''));
var_dump($is_base64('This is definitely not base64 encoded'));
var_dump($is_base64('node'));
var_dump($is_base64('node '));
var_dump($is_base64('123'));
var_dump($is_base64(0));
var_dump($is_base64(1));
var_dump($is_base64(123));
var_dump($is_base64(1.23));

var_dump('*** These yell true ***');
var_dump($is_base64(base64_encode('This is definitely base64 encoded')));
var_dump($is_base64(base64_encode('node')));
var_dump($is_base64(base64_encode('123')));
var_dump($is_base64(base64_encode(0)));
var_dump($is_base64(base64_encode(1)));
var_dump($is_base64(base64_encode(123)));
var_dump($is_base64(base64_encode(1.23)));
var_dump($is_base64(base64_encode(TRUE)));

var_dump('*** Should these yell true? Might be edge cases ***');
var_dump($is_base64(base64_encode('')));
var_dump($is_base64(base64_encode(FALSE)));
var_dump($is_base64(base64_encode(NULL)));
于 2019-10-03T00:54:57.540 回答
1

可能不是你所要求的。但希望它对某人有用。

在我的情况下,解决方案是先用 json_encode 编码所有数据,然后用 base64_encode 编码。

$encoded=base64_encode(json_encode($data));

可以根据需要存储或使用此值。然后检查这个值是否不仅仅是一个文本字符串,而是你的数据编码,你只需使用

function isData($test_string){
   if(base64_decode($test_string,true)&&json_decode(base64_decode($test_string))){
      return true;
   }else{
    return false;
   }

或者

function isNotData($test_string){
   if(base64_decode($test_string,true)&&json_decode(base64_decode($test_string))){
      return false;
   }else{
    return true;
   }

感谢此线程中所有先前的答案作者:)

于 2016-02-08T11:38:22.263 回答
0

您最好的选择是:

$base64_test = mb_substr(trim($some_base64_data), 0, 76);
return (base64_decode($base64_test, true) === FALSE ? FALSE : TRUE);
于 2018-06-06T11:06:56.607 回答
0

通常 base64 中的文本没有空格。

我使用了这个对我来说很好的功能。它测试字符串中的空格数是否小于 20 中的 1。

例如:每 20 个字符至少 1 个空格 --- ( 空格 / strlen ) < 0.05

function normalizaBase64($data){
    $spaces = substr_count ( $data ," ");
    if (($spaces/strlen($data))<0.05)
    {
        return base64_decode($data);
    }
    return $data;
}
于 2015-11-09T14:34:56.120 回答