how to remove extra white-space/non-printing characters

raydona

Hi,
Below is shown part of complete code:

<?php

class Token
{  public static function generate()
   {  return Session::put('token'), md5(uniqid()));
   }

   public static function check($token)
   { $tokenName = 'token';

     if(Session::exists($tokenName) && $token ===
Session::get($tokenName))
         { Session::delete($tokenName);  

           return true;
         }
         return false;
       }
    }
///////////////////////////////////////////////////////////////
      class Session
      {
         public static function exists($name)
         { return (isset($_SESSION[$name])) ? true : false;
         }

     public static function put($name, $value)
     { return $_SESSION[$name] = $value;
     }

     public static function get($name)
     { return $_SESSION[$name];
     }

     public static function delete($name)
     { if(self::exists($name))
       { unset($_SESSION[$name]);
       }
     }
///////////////////////////////////////////////////////////////
    class Input
    {  

       public static function get($item)
       { if(isset($_POST[$item]))
         { return $_POST[$item];
         }
         return '';
       }
    }
//////////////////////////////////////////////////////////////

   if(isset($_POST['username']) && isset($_POST['password']))
   { if(Token::check(Input::get('token')))
     { $validate = new Validate();

   $validation = ................;

   if($validation->passed())
   { $user = new User();

     $login = $user->login(Input::get('username'),
Input::get('password'));

     if($login)
     { echo 'Success';
       Redirect::to('index.php');
     }
     else
     { echo 'Sorry, login failed!';
     }
   }     //validation passed
   else
   { foreach($validation->errors() as $error)
     { echo $error, '<br>';
     }
     echo "<script> setTimeout(\"location.href =
'index.php';\",30000); </script>";
       }
     }
   }
?>

<form action="" method="POST">
<P>
  <label for="username">Username</label>
  <input type="text" name="username" id="username"

autocomplete="off">
</P>
<P>
  <label for="password">Password</label>
  <input type="password" name="password" id="password"

autocomplete="off">
</P>
<P>
  <input type="hidden" name="token" value="<?php echo

Token::generate(); ?>">
  <input type="submit" value="LOG IN">
</P>
</form>

When I do following:

  [CODE] public static function check($token)
   { $tokenName = 'token';
      $testing = Session::get($tokenName);

echo var_dump($token)."<br>";
echo var_dump($testing)."<br>";

     if(Session::exists($tokenName) && $token ===

Session::get($tokenName))
{ Session::delete($tokenName);

return true;
}
return false;
} [/CODE]

I get:

string '&#65279;&#65279;&#65279;be33cfc1f0eed02e8176d7281975b05e' (length=41)

string 'be33cfc1f0eed02e8176d7281975b05e' (length=32)

which does not satisfy condition:

$token === Session::get($tokenName)

I have used:

<form action="" method="POST" accept-charset="utf-8">

but this does not work. I am assuming there are extra white-space/non-printing characters but I don't know how to locate and remove them. Any suggestions as to how I can solve this problem. I'm using PHP Version 5.5.12

Weedpacket

Using [font=monospace]echo join(' ', array_map(function($c) { return sprintf('%02x', $c); }, array_map('ord', str_split($testing))));[/font] (and likewise for [font=monospace]$token[/font]) will let you see just what bytes are in the two strings; just what and where are the extra bytes in the longer string.

raydona

Hello,
Many thanks for the reply. I did as you suggested and this is the output I'm getting for '$token':

ef bb bf ef bb bf ef bb bf 39 31 64 32 61 66 63 31 63 61 38 63 39 32 39 66 62 63 63 35 35 61 36 38 37 31 65 36 37 33 65 61

and for '$testing':

39 31 64 32 61 66 63 31 63 61 38 63 39 32 39 66 62 63 63 35 35 61 36 38 37 31 65 36 37 33 65 61

I can see where the extra bytes are but how do I remove them permanently?

Weedpacket

Well, I don't know why but you're picking up some UTF-8 encoded Byte-Order-Marks from somewhere (three in this case) - maybe something to do with how they're being stored.

preg_replace('/^(\xef\xbb\xvf)+/', '', $token)

(see [man]preg_replace[/man]) will strip any off, but that's only a temporary measure until you can stop them being added in the first place.