diff --git a/backend/core/Security/EncryptionHelper.php b/backend/core/Security/EncryptionHelper.php index 86e73e31..12b7eada 100644 --- a/backend/core/Security/EncryptionHelper.php +++ b/backend/core/Security/EncryptionHelper.php @@ -53,6 +53,32 @@ class EncryptionHelper $decoded = base64_decode($cipherText, true); if ($decoded === false) return false; + // محاولة أولى: استخراج IV عشوائي من أول 16 بايت (كما كان في encrypt_decrypt.php) + if (strlen($decoded) >= 16) { + $iv = substr($decoded, 0, 16); + $payload = substr($decoded, 16); + if (strlen($payload) > 0) { + $decrypted_rand = openssl_decrypt($payload, self::ALGO_CBC, $this->key, OPENSSL_RAW_DATA, $iv); + if ($decrypted_rand !== false) { + $pad = ord($decrypted_rand[strlen($decrypted_rand) - 1]); + if ($pad >= 1 && $pad <= 16) { + // Check if padding is valid + $isValidPad = true; + for ($i = 1; $i <= $pad; $i++) { + if (ord($decrypted_rand[strlen($decrypted_rand) - $i]) !== $pad) { + $isValidPad = false; + break; + } + } + if ($isValidPad) { + return substr($decrypted_rand, 0, -$pad); + } + } + } + } + } + + // محاولة ثانية: IV ثابت $decrypted = openssl_decrypt($decoded, self::ALGO_CBC, $this->key, OPENSSL_RAW_DATA, $this->cbcIv); if ($decrypted === false) return false;