Example #1
0
 /**
  * 密码加密
  * @param string $pwd
  * @return string
  */
 public function pwdEncrypt($pwd, $isSha1 = false)
 {
     if (!$isSha1) {
         $pwd = sha1($pwd . C('PWD_HASH_ADDON'));
     }
     return aes_encrypt($pwd, C('CRYPT_KEY_PWD'));
 }
Example #2
0
function sessionstart($nuserID)
{
    // session times out after x seconds, eg 30 minutes = 1800 seconds
    global $global_sessionexpiry;
    // session can at most last x seconds, eg 1 week = 604800 seconds
    global $global_sessionmaxtime;
    // create 2 16 digit random tokens
    $sessiontoken1 = makepassword(16);
    $sessiontoken2 = makepassword(16);
    // get ip address and user agent
    $ipaddress = $_SERVER['REMOTE_ADDR'];
    $useragent = substr($_SERVER['HTTP_USER_AGENT'], 0, 64);
    // cookie 1 holds ipaddress, sessiontoken1 and userid
    $cookie1 = $ipaddress . "|||" . $sessiontoken1 . "|||" . $nuserID;
    // cookie 2 holds sessiontoken2 and useragent
    $cookie2 = $sessiontoken2 . "&&&" . $useragent;
    // encrypt the cookies
    $cookie1 = aes_encrypt($cookie1);
    $cookie2 = aes_encrypt($cookie2);
    // send 2 cookies
    setcookie("TOKEN1", $cookie1, time() + $global_sessionmaxtime, "/");
    setcookie("TOKEN2", $cookie2, time() + $global_sessionmaxtime, "/");
    // update COOKIE globals
    $_COOKIE['TOKEN1'] = $cookie1;
    $_COOKIE['TOKEN2'] = $cookie2;
    // save data to the database
    $result = doSQL("update users set sessiontoken1=?, sessiontoken2=?, sessionipaddress=?, sessionuseragent=?, sessionlastdateSQL=now() where userID=?;", $sessiontoken1, $sessiontoken2, $ipaddress, $useragent, $nuserID) or die("ERR");
}
Example #3
0
 /**
  * Save data associated with a user.
  */
 public function putData($username, $data)
 {
     // Encrypt the data, if a plugin in available.
     if (module_exists('aes')) {
         $data = aes_encrypt($data);
     } elseif (module_exists('encrypt')) {
         $data = encrypt($data);
     }
     $result = db_merge('ga_login')->key(array('name' => $username))->fields(array('keydata' => $data))->execute();
     if ($result) {
         return TRUE;
     } else {
         return FALSE;
     }
 }
Example #4
0
function dfrn_deliver($owner, $contact, $atom, $dissolve = false)
{
    $a = get_app();
    $idtosend = $orig_id = $contact['dfrn-id'] ? $contact['dfrn-id'] : $contact['issued-id'];
    if ($contact['duplex'] && $contact['dfrn-id']) {
        $idtosend = '0:' . $orig_id;
    }
    if ($contact['duplex'] && $contact['issued-id']) {
        $idtosend = '1:' . $orig_id;
    }
    $rino = get_config('system', 'rino_encrypt');
    $rino = intval($rino);
    // use RINO1 if mcrypt isn't installed and RINO2 was selected
    if ($rino == 2 and !function_exists('mcrypt_create_iv')) {
        $rino = 1;
    }
    logger("Local rino version: " . $rino, LOGGER_DEBUG);
    $ssl_val = intval(get_config('system', 'ssl_policy'));
    $ssl_policy = '';
    switch ($ssl_val) {
        case SSL_POLICY_FULL:
            $ssl_policy = 'full';
            break;
        case SSL_POLICY_SELFSIGN:
            $ssl_policy = 'self';
            break;
        case SSL_POLICY_NONE:
        default:
            $ssl_policy = 'none';
            break;
    }
    $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . ($rino ? '&rino=' . $rino : '');
    logger('dfrn_deliver: ' . $url);
    $xml = fetch_url($url);
    $curl_stat = $a->get_curl_code();
    if (!$curl_stat) {
        return -1;
    }
    // timed out
    logger('dfrn_deliver: ' . $xml, LOGGER_DATA);
    if (!$xml) {
        return 3;
    }
    if (strpos($xml, '<?xml') === false) {
        logger('dfrn_deliver: no valid XML returned');
        logger('dfrn_deliver: returned XML: ' . $xml, LOGGER_DATA);
        return 3;
    }
    $res = parse_xml_string($xml);
    if (intval($res->status) != 0 || !strlen($res->challenge) || !strlen($res->dfrn_id)) {
        return $res->status ? $res->status : 3;
    }
    $postvars = array();
    $sent_dfrn_id = hex2bin((string) $res->dfrn_id);
    $challenge = hex2bin((string) $res->challenge);
    $perm = $res->perm ? $res->perm : null;
    $dfrn_version = (double) ($res->dfrn_version ? $res->dfrn_version : 2.0);
    $rino_remote_version = intval($res->rino);
    $page = $owner['page-flags'] == PAGE_COMMUNITY ? 1 : 0;
    logger("Remote rino version: " . $rino_remote_version . " for " . $contact["url"], LOGGER_DEBUG);
    if ($owner['page-flags'] == PAGE_PRVGROUP) {
        $page = 2;
    }
    $final_dfrn_id = '';
    if ($perm) {
        if ($perm == 'rw' && !intval($contact['writable']) || $perm == 'r' && intval($contact['writable'])) {
            q("update contact set writable = %d where id = %d", intval($perm == 'rw' ? 1 : 0), intval($contact['id']));
            $contact['writable'] = (string) 1 - intval($contact['writable']);
        }
    }
    if ($contact['duplex'] && strlen($contact['pubkey']) || $owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']) || $contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey'])) {
        openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']);
        openssl_public_decrypt($challenge, $postvars['challenge'], $contact['pubkey']);
    } else {
        openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']);
        openssl_private_decrypt($challenge, $postvars['challenge'], $contact['prvkey']);
    }
    $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
    if (strpos($final_dfrn_id, ':') == 1) {
        $final_dfrn_id = substr($final_dfrn_id, 2);
    }
    if ($final_dfrn_id != $orig_id) {
        logger('dfrn_deliver: wrong dfrn_id.');
        // did not decode properly - cannot trust this site
        return 3;
    }
    $postvars['dfrn_id'] = $idtosend;
    $postvars['dfrn_version'] = DFRN_PROTOCOL_VERSION;
    if ($dissolve) {
        $postvars['dissolve'] = '1';
    }
    if ($contact['rel'] && $contact['rel'] != CONTACT_IS_SHARING && !$contact['blocked'] || $owner['page-flags'] == PAGE_COMMUNITY) {
        $postvars['data'] = $atom;
        $postvars['perm'] = 'rw';
    } else {
        $postvars['data'] = str_replace('<dfrn:comment-allow>1', '<dfrn:comment-allow>0', $atom);
        $postvars['perm'] = 'r';
    }
    $postvars['ssl_policy'] = $ssl_policy;
    if ($page) {
        $postvars['page'] = $page;
    }
    if ($rino > 0 && $rino_remote_version > 0 && !$dissolve) {
        logger('rino version: ' . $rino_remote_version);
        switch ($rino_remote_version) {
            case 1:
                // Deprecated rino version!
                $key = substr(random_string(), 0, 16);
                $data = aes_encrypt($postvars['data'], $key);
                break;
            case 2:
                // RINO 2 based on php-encryption
                try {
                    $key = Crypto::createNewRandomKey();
                } catch (CryptoTestFailed $ex) {
                    logger('Cannot safely create a key');
                    return -1;
                } catch (CannotPerformOperation $ex) {
                    logger('Cannot safely create a key');
                    return -1;
                }
                try {
                    $data = Crypto::encrypt($postvars['data'], $key);
                } catch (CryptoTestFailed $ex) {
                    logger('Cannot safely perform encryption');
                    return -1;
                } catch (CannotPerformOperation $ex) {
                    logger('Cannot safely perform encryption');
                    return -1;
                }
                break;
            default:
                logger("rino: invalid requested verision '{$rino_remote_version}'");
                return -1;
        }
        $postvars['rino'] = $rino_remote_version;
        $postvars['data'] = bin2hex($data);
        #logger('rino: sent key = ' . $key, LOGGER_DEBUG);
        if ($dfrn_version >= 2.1) {
            if ($contact['duplex'] && strlen($contact['pubkey']) || $owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']) || $contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey'])) {
                openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']);
            } else {
                openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']);
            }
        } else {
            if ($contact['duplex'] && strlen($contact['prvkey']) || $owner['page-flags'] == PAGE_COMMUNITY) {
                openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']);
            } else {
                openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']);
            }
        }
        logger('md5 rawkey ' . md5($postvars['key']));
        $postvars['key'] = bin2hex($postvars['key']);
    }
    logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars, true), LOGGER_DATA);
    $xml = post_url($contact['notify'], $postvars);
    logger('dfrn_deliver: ' . "RECEIVED: " . $xml, LOGGER_DATA);
    $curl_stat = $a->get_curl_code();
    if (!$curl_stat || !strlen($xml)) {
        return -1;
    }
    // timed out
    if ($curl_stat == 503 && stristr($a->get_curl_headers(), 'retry-after')) {
        return -1;
    }
    if (strpos($xml, '<?xml') === false) {
        logger('dfrn_deliver: phase 2: no valid XML returned');
        logger('dfrn_deliver: phase 2: returned XML: ' . $xml, LOGGER_DATA);
        return 3;
    }
    if ($contact['term-date'] != '0000-00-00 00:00:00') {
        logger("dfrn_deliver: {$url} back from the dead - removing mark for death");
        require_once 'include/Contact.php';
        unmark_for_death($contact);
    }
    $res = parse_xml_string($xml);
    return $res->status;
}
Example #5
0
function dfrn_deliver($owner, $contact, $atom, $dissolve = false)
{
    $a = get_app();
    $idtosend = $orig_id = $contact['dfrn-id'] ? $contact['dfrn-id'] : $contact['issued-id'];
    if ($contact['duplex'] && $contact['dfrn-id']) {
        $idtosend = '0:' . $orig_id;
    }
    if ($contact['duplex'] && $contact['issued-id']) {
        $idtosend = '1:' . $orig_id;
    }
    $rino = function_exists('mcrypt_encrypt') ? 1 : 0;
    $rino_enable = get_config('system', 'rino_encrypt');
    if (!$rino_enable) {
        $rino = 0;
    }
    $ssl_val = intval(get_config('system', 'ssl_policy'));
    $ssl_policy = '';
    switch ($ssl_val) {
        case SSL_POLICY_FULL:
            $ssl_policy = 'full';
            break;
        case SSL_POLICY_SELFSIGN:
            $ssl_policy = 'self';
            break;
        case SSL_POLICY_NONE:
        default:
            $ssl_policy = 'none';
            break;
    }
    $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . ($rino ? '&rino=1' : '');
    logger('dfrn_deliver: ' . $url);
    $xml = fetch_url($url);
    $curl_stat = $a->get_curl_code();
    if (!$curl_stat) {
        return -1;
    }
    // timed out
    logger('dfrn_deliver: ' . $xml, LOGGER_DATA);
    if (!$xml) {
        return 3;
    }
    if (strpos($xml, '<?xml') === false) {
        logger('dfrn_deliver: no valid XML returned');
        logger('dfrn_deliver: returned XML: ' . $xml, LOGGER_DATA);
        return 3;
    }
    $res = parse_xml_string($xml);
    if (intval($res->status) != 0 || !strlen($res->challenge) || !strlen($res->dfrn_id)) {
        return $res->status ? $res->status : 3;
    }
    $postvars = array();
    $sent_dfrn_id = hex2bin((string) $res->dfrn_id);
    $challenge = hex2bin((string) $res->challenge);
    $perm = $res->perm ? $res->perm : null;
    $dfrn_version = (double) ($res->dfrn_version ? $res->dfrn_version : 2.0);
    $rino_allowed = intval($res->rino) === 1 ? 1 : 0;
    $page = $owner['page-flags'] == PAGE_COMMUNITY ? 1 : 0;
    if ($owner['page-flags'] == PAGE_PRVGROUP) {
        $page = 2;
    }
    $final_dfrn_id = '';
    if ($perm) {
        if ($perm == 'rw' && !intval($contact['writable']) || $perm == 'r' && intval($contact['writable'])) {
            q("update contact set writable = %d where id = %d limit 1", intval($perm == 'rw' ? 1 : 0), intval($contact['id']));
            $contact['writable'] = (string) 1 - intval($contact['writable']);
        }
    }
    if ($contact['duplex'] && strlen($contact['pubkey']) || $owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']) || $contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey'])) {
        openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']);
        openssl_public_decrypt($challenge, $postvars['challenge'], $contact['pubkey']);
    } else {
        openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']);
        openssl_private_decrypt($challenge, $postvars['challenge'], $contact['prvkey']);
    }
    $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
    if (strpos($final_dfrn_id, ':') == 1) {
        $final_dfrn_id = substr($final_dfrn_id, 2);
    }
    if ($final_dfrn_id != $orig_id) {
        logger('dfrn_deliver: wrong dfrn_id.');
        // did not decode properly - cannot trust this site
        return 3;
    }
    $postvars['dfrn_id'] = $idtosend;
    $postvars['dfrn_version'] = DFRN_PROTOCOL_VERSION;
    if ($dissolve) {
        $postvars['dissolve'] = '1';
    }
    if ($contact['rel'] && $contact['rel'] != CONTACT_IS_SHARING && !$contact['blocked'] || $owner['page-flags'] == PAGE_COMMUNITY) {
        $postvars['data'] = $atom;
        $postvars['perm'] = 'rw';
    } else {
        $postvars['data'] = str_replace('<dfrn:comment-allow>1', '<dfrn:comment-allow>0', $atom);
        $postvars['perm'] = 'r';
    }
    $postvars['ssl_policy'] = $ssl_policy;
    if ($page) {
        $postvars['page'] = $page;
    }
    if ($rino && $rino_allowed && !$dissolve) {
        $key = substr(random_string(), 0, 16);
        $data = bin2hex(aes_encrypt($postvars['data'], $key));
        $postvars['data'] = $data;
        logger('rino: sent key = ' . $key, LOGGER_DEBUG);
        if ($dfrn_version >= 2.1) {
            if ($contact['duplex'] && strlen($contact['pubkey']) || $owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']) || $contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey'])) {
                openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']);
            } else {
                openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']);
            }
        } else {
            if ($contact['duplex'] && strlen($contact['prvkey']) || $owner['page-flags'] == PAGE_COMMUNITY) {
                openssl_private_encrypt($key, $postvars['key'], $contact['prvkey']);
            } else {
                openssl_public_encrypt($key, $postvars['key'], $contact['pubkey']);
            }
        }
        logger('md5 rawkey ' . md5($postvars['key']));
        $postvars['key'] = bin2hex($postvars['key']);
    }
    logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars, true), LOGGER_DATA);
    $xml = post_url($contact['notify'], $postvars);
    logger('dfrn_deliver: ' . "RECEIVED: " . $xml, LOGGER_DATA);
    $curl_stat = $a->get_curl_code();
    if (!$curl_stat || !strlen($xml)) {
        return -1;
    }
    // timed out
    if ($curl_stat == 503 && stristr($a->get_curl_headers(), 'retry-after')) {
        return -1;
    }
    if (strpos($xml, '<?xml') === false) {
        logger('dfrn_deliver: phase 2: no valid XML returned');
        logger('dfrn_deliver: phase 2: returned XML: ' . $xml, LOGGER_DATA);
        return 3;
    }
    $res = parse_xml_string($xml);
    return $res->status;
}
Example #6
0
/**
 * 通信信息加密
 * @param string $id
 * @return string
 */
function act_encrypt($id)
{
    if (!$id) {
        return '';
    }
    return 'encrypt_act-' . aes_encrypt(session_id() . $id, C('CRYPT_KEY_ACT'));
}