Example #1
0
 /**
  * Use Defuse\Crypto\Crypto.binToHex to make 'friendly' value for urls, cut-and-paste, typeable etc.
  *
  * NB: The value is not encrypted in any way, just made more friendly!
  *
  * @param $unfriendlyValue
  *
  * @return string - friendly
  */
 public function friendly($unfriendlyValue)
 {
     return Crypto::binToHex($unfriendlyValue);
 }
Example #2
0
<?php

require_once \dirname(__DIR__) . '/autoload.php';
use Defuse\Crypto\Crypto;
$status = 0;
for ($i = 0; $i < 100; ++$i) {
    $random = \openssl_random_pseudo_bytes(32);
    $encode_a = Crypto::binToHex($random);
    $encode_b = \bin2hex($random);
    if ($encode_a !== $encode_b) {
        $status = 1;
        \var_dump([$encode_a, $encode_b]);
    }
    // echo "\t", $encode_a, "\t", $encode_b, "\n";
    $decode_a = Crypto::hexToBin($encode_b);
    $decode_b = \hex2bin($encode_a);
    if ($decode_a !== $decode_b) {
        $status = 1;
        \var_dump([\base64_encode($decode_a), \base64_decode($decode_b)]);
    }
}
if ($status < 0) {
    echo 'Encoded successfully!', "\n";
}
exit($status);
\var_dump(Crypto::binToHex("ABJA"));
\var_dump(Crypto::hexToBin('41424a41'));
Example #3
0
 /**
  * Encrypt something
  *
  * @param string $cleartext
  * @return string hexadecimal representation of crypted string
  */
 public function encrypt($cleartext)
 {
     return Crypto::binToHex(Crypto::encrypt($cleartext, $this->getSecretKey()));
 }
Example #4
0
 $length = 16;
 $iterations = PASSWORD_ITERATIONS;
 $salt = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
 $key = hash_pbkdf2("sha256", $password, $salt, $iterations, $length);
 // Create an array of data to be encrypted
 $data = serialize(array("message" => $message, "email_sender" => $email_sender));
 // Encrypt data, reference: https://github.com/defuse/php-encryption/
 try {
     $data_encrypted = Crypto::Encrypt($data, $key);
 } catch (Ex\CryptoTestFailedException $ex) {
     response(ENCRYPTION_UNSAFE, true);
 } catch (Ex\CannotPerformOperationException $ex) {
     response(DECRYPTION_UNSAFE, true);
 }
 // Store the encrypted data
 $array = array('salt' => Crypto::binToHex($salt), 'secret' => Crypto::binToHex($data_encrypted), 'expiration_date' => strtotime($expiration_date . ' +1 day'));
 $item = $collection->item();
 $item->post($array);
 // Log event
 if ($item->post()) {
     $item->event('log')->post(['action' => 'created']);
     $id = $item->getKey();
 } else {
     $logger->error($item->getStatus());
     response($item->getStatus(), true);
 }
 // Send email to recipient
 if (!empty($email_recipient)) {
     // Email body
     $email_content = '<p>' . EMAIL_BODY_SENT . '</p>';
     $email_content .= '<p>Access it at: <a href="' . SITE_URL . '/' . $id . '" target="_blank">' . SITE_URL . '/' . $id . '</a></p>';
Example #5
0
 private function store_encrypted_password($password)
 {
     // generate a random key
     require_once 'php-encryption/autoload.php';
     try {
         $key = Crypto::createNewRandomKey();
     } catch (Ex\CryptoTestFailedException $ex) {
         die('Cannot safely create a key');
     } catch (Ex\CannotPerformOperationException $ex) {
         die('Cannot safely create a key');
     }
     // store the key in the session
     $_SESSION['nextpass']['key'] = $key;
     // encrypt the password with the key
     try {
         $encrypted_password = Crypto::encrypt($password, $key);
     } catch (Ex\CryptoTestFailedException $ex) {
         die('Cannot safely perform encryption');
     } catch (Ex\CannotPerformOperationException $ex) {
         die('Cannot safely perform encryption');
     }
     // store the encrypted password in a cookie
     $encrypted_password = Crypto::binToHex($encrypted_password);
     $secure = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443;
     setcookie("nextpass_password", $encrypted_password, 0, $this->html_code['path'], "", $secure, true);
 }
Example #6
0
    import_sql_structure();
} catch (Exception $e) {
    die('Error importing the SQL structure: ' . $e->getMessage());
}
// BUILD CONFIG FILE
// the new file to write to
$config_file = '../config.php';
$elab_root = substr(realpath(__FILE__), 0, -20) . '/';
// make a new secret key
try {
    $new_secret_key = \Defuse\Crypto\Crypto::CreateNewRandomKey();
} catch (Exception $e) {
    die($e->getMessage());
}
// what we will write in the file
$config = "<?php\ndefine('DB_HOST', '" . $db_host . "');\ndefine('DB_NAME', '" . $db_name . "');\ndefine('DB_USER', '" . $db_user . "');\ndefine('DB_PASSWORD', '" . $db_password . "');\ndefine('ELAB_ROOT', '" . $elab_root . "');\ndefine('SECRET_KEY', '" . \Defuse\Crypto\Crypto::binToHex($new_secret_key) . "');\n";
// we try to write content to file and propose the file for download if we can't write to it
if (file_put_contents($config_file, $config)) {
    // it's cool, we managed to write the config file
    // let's put restricting permissions on it as discussed in #129
    if (is_writable($config_file)) {
        chmod($config_file, 0400);
    }
    $infos_arr = array();
    $infos_arr[] = 'Congratulations, you successfully installed eLabFTW, 
    now you need to <strong>register</strong> your account (you will have admin rights).';
    $_SESSION['infos'] = $infos_arr;
    header('Location: ../register.php');
    exit;
} else {
    header('Content-Type: text/x-delimtext; name="config.php"');