function decrypt($string) { global $secretkey; if (!$secretkey) { return html_error('Value for $secretkey is empty, please create a random one (56 chars max) in accounts.php!'); } require_once 'class.pcrypt.php'; /* MODE: MODE_ECB or MODE_CBC ALGO: BLOWFISH KEY: Your secret key :) (max lenght: 56) */ $crypt = new pcrypt(MODE_CBC, 'BLOWFISH', "{$secretkey}"); // to decrypt $decrypted = $crypt->decrypt($string); return $decrypted; }
function decrypt($string) { global $secretkey; if (empty($string)) { return ''; } if (empty($secretkey) || $secretkey == 'UijSY5wjP1Ii') { return html_error("Value for \$secretkey is empty or use default secretkey value, please create a random one (56 chars max) in your configs/config.php!", 0); } require_once 'class.pcrypt.php'; /* MODE: MODE_ECB or MODE_CBC ALGO: BLOWFISH KEY: Your secret key :) (max lenght: 56) */ $crypt = new pcrypt(MODE_CBC, "BLOWFISH", "{$secretkey}"); // Return decrypted string return $crypt->decrypt($string); }
/* Id: PCRYPT_TEST.php * Simple test script to illustrate the use of pcrypt to cipher/decipher data. * * Author: Tim Gall * Date: 2009-02-02 14-50 (+10 GMT) */ // I recommend you put the pcrypt.php class in a .htaccess protected folder rather than at the top level. // For one, it will stop web-bots trying to index it. // It will also eliminate the chance of someone tampering with it. // The choice of location is up to you. include 'pcrypt.php'; // EG: path/to/this/file/pcrypt.php $key = 'mysecretkey akldjshfsaldkjhfaslkdfjh=-+*'; // string. Please make it a good one and store securely $encryptor = new pcrypt($key); // init class //// To change keys during use: //$encryptor->make_key('new key source'); $plain_text = 'This is some secret stuff'; echo 'Plain Text: ' . $plain_text . '<br />'; //// To cipher: $cipher_text = $encryptor->cipher($plain_text); echo 'Cipher Text: ' . $cipher_text . '<br />'; //// To decipher: $plain_text = $encryptor->decipher($cipher_text); echo 'Plain Text Again: ' . $plain_text . '<br />'; //To cleanup after use: if (version_compare(PHP_VERSION, '5', '<')) { $encryptor->destruct_cipher(); }
function lock_hide($params, $content) { global $mybb, $post, $templates, $db; // if the tag has no content, do nothing. if (!$content) { return false; } // return nothing if the print thread page is viewed if (empty($post['pid'])) { return 'Hidden Content'; } // does the user have to pay for the content? if ($mybb->settings['lock_purchases_enabled'] == true || (int) $mybb->settings['lock_default_price'] > 0) { // is the pay to view feature allowed in this forum? $disabled = explode(',', $mybb->settings['lock_disabled_forums']); if (!in_array($post['fid'], $disabled)) { // does the content have a price? can the user set the price? if (!isset($params['cost']) || !(bool) $mybb->settings['lock_allow_user_prices']) { // if not, do we have a default price? if ($mybb->settings['lock_default_price'] > 0) { $params['cost'] = $mybb->settings['lock_default_price']; } else { $params['cost'] = null; } } // is the cost an actual number? if (is_numeric($params['cost'])) { // cost must be valid, because numbers aren't evil. $cost = $params['cost']; // check to see whether the user hasn't already unlocked the content. $allowed = explode(',', $post['unlocked']); if (in_array($mybb->user['uid'], $allowed)) { $paid = true; } } } } if (!isset($cost)) { // if there's no cost, this must be a "post to view" hide tag // check to see whether the user has posted in this thread. $query = $db->simple_select('posts', '*', "tid = '{$post['tid']}' AND uid = '{$mybb->user['uid']}'"); if ($db->num_rows($query)) { $posted = true; } } // if no title has been set, set a default title. if (!isset($params['title'])) { $params['title'] = "Hidden Content"; } // if the user is not the OP, and has not been exempt from having hidden content if ($mybb->user['uid'] != $post['uid'] && !in_array($mybb->user['usergroup'], explode(',', $mybb->settings['lock_exempt']))) { // if the user isn't logged in, tell them to login or register. if ($mybb->user['uid'] == 0) { $return = "You must <a href=\"{$mybb->settings['bburl']}/member.php?action=register\">register</a> or <a href=\"{$mybb->settings['bburl']}/member.php?action=login\">login</a> to view this content."; // if they are logged in, but the item has a price that they haven't paid yet, tell them how they can pay for it. } elseif (isset($cost) && !$paid) { // include the pcrypt class, so we can encrypt our data; to keep it safe from spookys. require_once __DIR__ . '/../pcrypt.php'; $key = $mybb->settings['lock_key']; $pcrypt = new pcrypt(MODE_ECB, "BLOWFISH", $key); // place the info we need, into an array $info = array('pid' => $post['pid'], 'cost' => $cost); // encode the information as json, for safe transit $info = json_encode($info); // encrypt the json, and encode it as base64; so it can be submitted in a form. $info = base64_encode($pcrypt->encrypt($info)); // build the return button. $return = "<form method=\"post\">\n <button type=\"submit\">Unlock for {$cost} points.</button>\n <input type=\"hidden\" name=\"info\" value=\"{$info}\" />\n <input type=\"hidden\" name=\"action\" value=\"purchase\" />\n </form>"; // if the user doesn't need to pay, but hasn't posted } elseif (!$paid && !$posted) { // tell them to reply to the thread. $return = "You must reply to this thread to view this content."; // all is good. } else { // give them the content. $return = $content; } // bypass the hide tags. } else { // give them the content $return = $content; } eval("\$return = \"" . $templates->get("lock_wrapper") . "\";"); return $return; }
<?php // if the action is not purchase, we don't need to continue. if ($_POST['action'] !== 'purchase') { return; } // if the purchases functionality has not been enabled, we do not need to continue. if ($mybb->settings['lock_purchases_enabled'] != true) { return; } $key = $mybb->settings['lock_key']; // include the pcrypt class, so we can decrypt the sent info. require_once __DIR__ . '/../pcrypt.php'; $pcrypt = new pcrypt(MODE_ECB, "BLOWFISH", $key); // convert the sent info back into json data $json = $pcrypt->decrypt(base64_decode($_POST['info'])); // if the data is indeed json data if ($info = json_decode($json)) { // if the data has been successfully turned back into an object. if (is_object($info)) { // if the cost and post id are not numbers, return an error. if (!is_numeric($info->cost) || !is_numeric($info->pid)) { error("Something went wrong: NaN"); } // check whether the current user has already unlocked the content $query = $db->write_query("SELECT uid,unlocked FROM " . TABLE_PREFIX . "posts WHERE pid='{$info->pid}'"); $post = $db->fetch_array($query); $allowed = explode(',', $post['unlocked']); if (!is_array($allowed)) { $allowed = array(); }