/**
* 密码加密
* @param string $pwd
* @return string
*/
public function pwdEncrypt($pwd, $isSha1 = false)
{
if (!$isSha1) {
$pwd = sha1($pwd . C('PWD_HASH_ADDON'));
}
return aes_encrypt($pwd, C('CRYPT_KEY_PWD'));
}
function sessionstart($nuserID)
{
// session times out after x seconds, eg 30 minutes = 1800 seconds
global $global_sessionexpiry;
// session can at most last x seconds, eg 1 week = 604800 seconds
global $global_sessionmaxtime;
// create 2 16 digit random tokens
$sessiontoken1 = makepassword(16);
$sessiontoken2 = makepassword(16);
// get ip address and user agent
$ipaddress = $_SERVER['REMOTE_ADDR'];
$useragent = substr($_SERVER['HTTP_USER_AGENT'], 0, 64);
// cookie 1 holds ipaddress, sessiontoken1 and userid
$cookie1 = $ipaddress . "|||" . $sessiontoken1 . "|||" . $nuserID;
// cookie 2 holds sessiontoken2 and useragent
$cookie2 = $sessiontoken2 . "&&&" . $useragent;
// encrypt the cookies
$cookie1 = aes_encrypt($cookie1);
$cookie2 = aes_encrypt($cookie2);
// send 2 cookies
setcookie("TOKEN1", $cookie1, time() + $global_sessionmaxtime, "/");
setcookie("TOKEN2", $cookie2, time() + $global_sessionmaxtime, "/");
// update COOKIE globals
$_COOKIE['TOKEN1'] = $cookie1;
$_COOKIE['TOKEN2'] = $cookie2;
// save data to the database
$result = doSQL("update users set sessiontoken1=?, sessiontoken2=?, sessionipaddress=?, sessionuseragent=?, sessionlastdateSQL=now() where userID=?;", $sessiontoken1, $sessiontoken2, $ipaddress, $useragent, $nuserID) or die("ERR");
}
/**
* Save data associated with a user.
*/
public function putData($username, $data)
{
// Encrypt the data, if a plugin in available.
if (module_exists('aes')) {
$data = aes_encrypt($data);
} elseif (module_exists('encrypt')) {
$data = encrypt($data);
}
$result = db_merge('ga_login')->key(array('name' => $username))->fields(array('keydata' => $data))->execute();
if ($result) {
return TRUE;
} else {
return FALSE;
}
}
function dfrn_deliver($owner, $contact, $atom, $dissolve = false)
{
$a = get_app();
$idtosend = $orig_id = $contact['dfrn-id'] ? $contact['dfrn-id'] : $contact['issued-id'];
if ($contact['duplex'] && $contact['dfrn-id']) {
$idtosend = '0:' . $orig_id;
}
if ($contact['duplex'] && $contact['issued-id']) {
$idtosend = '1:' . $orig_id;
}
$rino = get_config('system', 'rino_encrypt');
$rino = intval($rino);
// use RINO1 if mcrypt isn't installed and RINO2 was selected
if ($rino == 2 and !function_exists('mcrypt_create_iv')) {
$rino = 1;
}
logger("Local rino version: " . $rino, LOGGER_DEBUG);
$ssl_val = intval(get_config('system', 'ssl_policy'));
$ssl_policy = '';
switch ($ssl_val) {
case SSL_POLICY_FULL:
$ssl_policy = 'full';
break;
case SSL_POLICY_SELFSIGN:
$ssl_policy = 'self';
break;
case SSL_POLICY_NONE:
default:
$ssl_policy = 'none';
break;
}
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . ($rino ? '&rino=' . $rino : '');
logger('dfrn_deliver: ' . $url);
$xml = fetch_url($url);
$curl_stat = $a->get_curl_code();
if (!$curl_stat) {
return -1;
}
// timed out
logger('dfrn_deliver: ' . $xml, LOGGER_DATA);
if (!$xml) {
return 3;
}
if (strpos($xml, '<?xml') === false) {
logger('dfrn_deliver: no valid XML returned');
logger('dfrn_deliver: returned XML: ' . $xml, LOGGER_DATA);
return 3;
}
$res = parse_xml_string($xml);
if (intval($res->status) != 0 || !strlen($res->challenge) || !strlen($res->dfrn_id)) {
return $res->status ? $res->status : 3;
}
$postvars = array();
$sent_dfrn_id = hex2bin((string) $res->dfrn_id);
$challenge = hex2bin((string) $res->challenge);
$perm = $res->perm ? $res->perm : null;
$dfrn_version = (double) ($res->dfrn_version ? $res->dfrn_version : 2.0);
$rino_remote_version = intval($res->rino);
$page = $owner['page-flags'] == PAGE_COMMUNITY ? 1 : 0;
logger("Remote rino version: " . $rino_remote_version . " for " . $contact["url"], LOGGER_DEBUG);
if ($owner['page-flags'] == PAGE_PRVGROUP) {
$page = 2;
}
$final_dfrn_id = '';
if ($perm) {
if ($perm == 'rw' && !intval($contact['writable']) || $perm == 'r' && intval($contact['writable'])) {
q("update contact set writable = %d where id = %d", intval($perm == 'rw' ? 1 : 0), intval($contact['id']));
$contact['writable'] = (string) 1 - intval($contact['writable']);
}
}
if ($contact['duplex'] && strlen($contact['pubkey']) || $owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']) || $contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey'])) {
openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']);
openssl_public_decrypt($challenge, $postvars['challenge'], $contact['pubkey']);
} else {
openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']);
openssl_private_decrypt($challenge, $postvars['challenge'], $contact['prvkey']);
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if (strpos($final_dfrn_id, ':') == 1) {
$final_dfrn_id = substr($final_dfrn_id, 2);
}
if ($final_dfrn_id != $orig_id) {
logger('dfrn_deliver: wrong dfrn_id.');
// did not decode properly - cannot trust this site
return 3;
}
$postvars['dfrn_id'] = $idtosend;
$postvars['dfrn_version'] = DFRN_PROTOCOL_VERSION;
if ($dissolve) {
$postvars['dissolve'] = '1';
}
if ($contact['rel'] && $contact['rel'] != CONTACT_IS_SHARING && !$contact['blocked'] || $owner['page-flags'] == PAGE_COMMUNITY) {
$postvars['data'] = $atom;
$postvars['perm'] = 'rw';
} else {
$postvars['data'] = str_replace('<dfrn:comment-allow>1', '<dfrn:comment-allow>0', $atom);
$postvars['perm'] = 'r';
}
$postvars['ssl_policy'] = $ssl_policy;
if ($page) {
$postvars['page'] = $page;
}
if ($rino > 0 && $rino_remote_version > 0 && !$dissolve) {
logger('rino version: ' . $rino_remote_version);
switch ($rino_remote_version) {
case 1:
// Deprecated rino version!
$key = substr(random_string(), 0, 16);
$data = aes_encrypt($postvars['data'], $key);
break;
case 2:
// RINO 2 based on php-encryption
try {
$key = Crypto::createNewRandomKey();
} catch (CryptoTestFailed $ex) {
logger('Cannot safely create a key');
return -1;
} catch (CannotPerformOperation $ex) {
logger('Cannot safely create a key');
return -1;
}
try {
$data = Crypto::encrypt($postvars['data'], $key);
} catch (CryptoTestFailed $ex) {
logger('Cannot safely perform encryption');
return -1;
} catch (CannotPerformOperation $ex) {
logger('Cannot safely perform encryption');
return -1;
}
break;
default:
logger("rino: invalid requested verision '{$rino_remote_version}'");
return -1;
}
$postvars['rino'] = $rino_remote_version;
$postvars['data'] = bin2hex($data);
#logger('rino: sent key = ' . $key, LOGGER_DEBUG);
if ($dfrn_version >= 2.1) {
if ($contact['duplex'] && strlen($contact['pubkey']) || $owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']) || $contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey'])) {
openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']);
} else {
openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']);
}
} else {
if ($contact['duplex'] && strlen($contact['prvkey']) || $owner['page-flags'] == PAGE_COMMUNITY) {
openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']);
} else {
openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']);
}
}
logger('md5 rawkey ' . md5($postvars['key']));
$postvars['key'] = bin2hex($postvars['key']);
}
logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars, true), LOGGER_DATA);
$xml = post_url($contact['notify'], $postvars);
logger('dfrn_deliver: ' . "RECEIVED: " . $xml, LOGGER_DATA);
$curl_stat = $a->get_curl_code();
if (!$curl_stat || !strlen($xml)) {
return -1;
}
// timed out
if ($curl_stat == 503 && stristr($a->get_curl_headers(), 'retry-after')) {
return -1;
}
if (strpos($xml, '<?xml') === false) {
logger('dfrn_deliver: phase 2: no valid XML returned');
logger('dfrn_deliver: phase 2: returned XML: ' . $xml, LOGGER_DATA);
return 3;
}
if ($contact['term-date'] != '0000-00-00 00:00:00') {
logger("dfrn_deliver: {$url} back from the dead - removing mark for death");
require_once 'include/Contact.php';
unmark_for_death($contact);
}
$res = parse_xml_string($xml);
return $res->status;
}
function dfrn_deliver($owner, $contact, $atom, $dissolve = false)
{
$a = get_app();
$idtosend = $orig_id = $contact['dfrn-id'] ? $contact['dfrn-id'] : $contact['issued-id'];
if ($contact['duplex'] && $contact['dfrn-id']) {
$idtosend = '0:' . $orig_id;
}
if ($contact['duplex'] && $contact['issued-id']) {
$idtosend = '1:' . $orig_id;
}
$rino = function_exists('mcrypt_encrypt') ? 1 : 0;
$rino_enable = get_config('system', 'rino_encrypt');
if (!$rino_enable) {
$rino = 0;
}
$ssl_val = intval(get_config('system', 'ssl_policy'));
$ssl_policy = '';
switch ($ssl_val) {
case SSL_POLICY_FULL:
$ssl_policy = 'full';
break;
case SSL_POLICY_SELFSIGN:
$ssl_policy = 'self';
break;
case SSL_POLICY_NONE:
default:
$ssl_policy = 'none';
break;
}
$url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . ($rino ? '&rino=1' : '');
logger('dfrn_deliver: ' . $url);
$xml = fetch_url($url);
$curl_stat = $a->get_curl_code();
if (!$curl_stat) {
return -1;
}
// timed out
logger('dfrn_deliver: ' . $xml, LOGGER_DATA);
if (!$xml) {
return 3;
}
if (strpos($xml, '<?xml') === false) {
logger('dfrn_deliver: no valid XML returned');
logger('dfrn_deliver: returned XML: ' . $xml, LOGGER_DATA);
return 3;
}
$res = parse_xml_string($xml);
if (intval($res->status) != 0 || !strlen($res->challenge) || !strlen($res->dfrn_id)) {
return $res->status ? $res->status : 3;
}
$postvars = array();
$sent_dfrn_id = hex2bin((string) $res->dfrn_id);
$challenge = hex2bin((string) $res->challenge);
$perm = $res->perm ? $res->perm : null;
$dfrn_version = (double) ($res->dfrn_version ? $res->dfrn_version : 2.0);
$rino_allowed = intval($res->rino) === 1 ? 1 : 0;
$page = $owner['page-flags'] == PAGE_COMMUNITY ? 1 : 0;
if ($owner['page-flags'] == PAGE_PRVGROUP) {
$page = 2;
}
$final_dfrn_id = '';
if ($perm) {
if ($perm == 'rw' && !intval($contact['writable']) || $perm == 'r' && intval($contact['writable'])) {
q("update contact set writable = %d where id = %d limit 1", intval($perm == 'rw' ? 1 : 0), intval($contact['id']));
$contact['writable'] = (string) 1 - intval($contact['writable']);
}
}
if ($contact['duplex'] && strlen($contact['pubkey']) || $owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']) || $contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey'])) {
openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']);
openssl_public_decrypt($challenge, $postvars['challenge'], $contact['pubkey']);
} else {
openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']);
openssl_private_decrypt($challenge, $postvars['challenge'], $contact['prvkey']);
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if (strpos($final_dfrn_id, ':') == 1) {
$final_dfrn_id = substr($final_dfrn_id, 2);
}
if ($final_dfrn_id != $orig_id) {
logger('dfrn_deliver: wrong dfrn_id.');
// did not decode properly - cannot trust this site
return 3;
}
$postvars['dfrn_id'] = $idtosend;
$postvars['dfrn_version'] = DFRN_PROTOCOL_VERSION;
if ($dissolve) {
$postvars['dissolve'] = '1';
}
if ($contact['rel'] && $contact['rel'] != CONTACT_IS_SHARING && !$contact['blocked'] || $owner['page-flags'] == PAGE_COMMUNITY) {
$postvars['data'] = $atom;
$postvars['perm'] = 'rw';
} else {
$postvars['data'] = str_replace('<dfrn:comment-allow>1', '<dfrn:comment-allow>0', $atom);
$postvars['perm'] = 'r';
}
$postvars['ssl_policy'] = $ssl_policy;
if ($page) {
$postvars['page'] = $page;
}
if ($rino && $rino_allowed && !$dissolve) {
$key = substr(random_string(), 0, 16);
$data = bin2hex(aes_encrypt($postvars['data'], $key));
$postvars['data'] = $data;
logger('rino: sent key = ' . $key, LOGGER_DEBUG);
if ($dfrn_version >= 2.1) {
if ($contact['duplex'] && strlen($contact['pubkey']) || $owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']) || $contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey'])) {
openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']);
} else {
openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']);
}
} else {
if ($contact['duplex'] && strlen($contact['prvkey']) || $owner['page-flags'] == PAGE_COMMUNITY) {
openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']);
} else {
openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']);
}
}
logger('md5 rawkey ' . md5($postvars['key']));
$postvars['key'] = bin2hex($postvars['key']);
}
logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars, true), LOGGER_DATA);
$xml = post_url($contact['notify'], $postvars);
logger('dfrn_deliver: ' . "RECEIVED: " . $xml, LOGGER_DATA);
$curl_stat = $a->get_curl_code();
if (!$curl_stat || !strlen($xml)) {
return -1;
}
// timed out
if ($curl_stat == 503 && stristr($a->get_curl_headers(), 'retry-after')) {
return -1;
}
if (strpos($xml, '<?xml') === false) {
logger('dfrn_deliver: phase 2: no valid XML returned');
logger('dfrn_deliver: phase 2: returned XML: ' . $xml, LOGGER_DATA);
return 3;
}
$res = parse_xml_string($xml);
return $res->status;
}
/**
* 通信信息加密
* @param string $id
* @return string
*/
function act_encrypt($id)
{
if (!$id) {
return '';
}
return 'encrypt_act-' . aes_encrypt(session_id() . $id, C('CRYPT_KEY_ACT'));
}