function encrypt($key, $message)
{
static $mcrypt_deinit;
if (extension_loaded('mcrypt')) {
$this->_srand();
$td = @mcrypt_module_open(MCRYPT_GOST, '', MCRYPT_MODE_ECB, '');
if ($td) {
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
@mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mcrypt_generic($td, $message);
if (!isset($mcrypt_deinit)) {
$mcrypt_deinit = function_exists('mcrypt_generic_deinit');
}
if ($mcrypt_deinit) {
mcrypt_generic_deinit($td);
} else {
mcrypt_generic_end($td);
}
return $encrypted_data;
}
}
}
/**
* session_check_session_cookie() - Check that session cookie passed from user is ok
*
* @param string Value of the session cookie
* @return user_id if cookie is ok, false otherwise
*/
function session_check_session_cookie($session_cookie)
{
list($encrypted_session_serial, $hash) = explode('-', $session_cookie);
$encrypted_session_serial = base64_decode($encrypted_session_serial);
$new_hash = md5($encrypted_session_serial . $GLOBALS['sys_session_key']);
if ($hash != $new_hash) {
return false;
}
$td = mcrypt_module_open($GLOBALS['sys_session_cypher'], "", $GLOBALS['sys_session_cyphermode'], "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $GLOBALS['sys_session_key'], $iv);
$session_serial = mdecrypt_generic($td, $encrypted_session_serial);
mcrypt_generic_end($td);
list($user_id, $time, $ip, $user_agent) = explode('-', $session_serial, 4);
if (!session_check_ip($ip, $GLOBALS['REMOTE_ADDR'])) {
return false;
}
if (trim($user_agent) != $GLOBALS['HTTP_USER_AGENT']) {
return false;
}
if ($time - time() >= $GLOBALS['sys_session_expire']) {
return false;
}
return $user_id;
}
<?php call_user_method(); call_user_method_array(); define_syslog_variables(); dl(); ereg(); ereg_replace(); eregi(); eregi_replace(); import_request_variables(); mcrypt_generic_end(); mysql_db_query(); mysql_escape_string(); mysql_list_dbs(); mysqli_bind_param(); mysqli_bind_result(); mysqli_client_encoding(); mysqli_fetch(); mysqli_param_count(); mysqli_get_metadata(); mysqli_send_long_data(); magic_quotes_runtime(); session_register(); session_unregister(); session_is_registered(); set_magic_quotes_runtime(); set_socket_blocking(); split(); spliti(); sql_regcase();
/**
* Encryption function used by plugin
*
* This function does the encryption and decryption of the user
* dictionary. It is only available when PHP is compiled with
* mcrypt support (--with-mcrypt). See doc/CRYPTO for more
* information.
*
* @param $mode A string with either of the two recognized values:
* "encrypt" or "decrypt".
* @param $ckey The key to use for processing (the user's password
* in our case.
* @param $input Content to decrypt or encrypt, according to $mode.
* @return encrypted/decrypted content, or "PANIC" if the
* process bails out.
*/
function sqspell_crypto($mode, $ckey, $input)
{
/**
* Double-check if we have the mcrypt_generic function. Bail out if
* not so.
*/
if (!function_exists('mcrypt_generic')) {
return 'PANIC';
}
/**
* Setup mcrypt routines.
*/
$td = mcrypt_module_open(MCRYPT_Blowfish, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $ckey, $iv);
/**
* See what we have to do depending on $mode.
* 'encrypt' -- Encrypt the content.
* 'decrypt' -- Decrypt the content.
*/
switch ($mode) {
case 'encrypt':
$crypto = mcrypt_generic($td, '{sqspell}' . $input);
break;
case 'decrypt':
$crypto = mdecrypt_generic($td, $input);
if (preg_match("/^\\{sqspell\\}(.*)/", $crypto, $match)) {
$crypto = trim($match[1]);
} else {
$crypto = 'PANIC';
}
break;
}
/**
* Finish up the mcrypt routines and return the processed content.
*/
if (function_exists('mcrypt_generic_deinit')) {
// php 4.1.1+ syntax
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
} else {
// older deprecated function
mcrypt_generic_end($td);
}
return $crypto;
}
/**
* Decrypt password string
* require mcrypt extension
*
* @param [key] encrypt key
* @param [encrypted] encrypted password
*
* @return clean text password
*/
function Decrypt($key, $encrypted)
{
if ($this->__CheckMcryptExtension() == true) {
$td = @mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, "");
$iv = @mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
@mcrypt_generic_init($td, $key, $iv);
$passwd = @mdecrypt_generic($td, base64_decode($encrypted));
@mcrypt_generic_end($td);
return $passwd;
} else {
return $encrypted;
}
}
function cleanup()
{
if ($this->enabled) {
if ($this->mcrypt_version != 'old') {
if (function_exists('mcrypt_generic_deinit')) {
mcrypt_generic_deinit($this->td);
} else {
mcrypt_generic_end($this->td);
}
}
}
}
function decrypt($key, $ciphertext)
{
static $mcrypt_deinit;
if (extension_loaded('mcrypt')) {
_srand();
$td = @mcrypt_module_open(MCRYPT_GOST, '', MCRYPT_MODE_ECB, '');
if ($td) {
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
@mcrypt_generic_init($td, $key, $iv);
$decrypted_data = mdecrypt_generic($td, $ciphertext);
if (!isset($mcrypt_deinit)) {
$mcrypt_deinit = function_exists('mcrypt_generic_deinit');
}
if ($mcrypt_deinit) {
mcrypt_generic_deinit($td);
} else {
mcrypt_generic_end($td);
}
// Strip padding characters.
return rtrim($decrypted_data, "");
}
}
}
function decrypt($phpbb_root_path, $phpEx, $data_input, $key)
{
// This function encrypts $data_input with the given $key using the TRIPLEDES encryption algorithm. If mcrypt is not available then private access is not supported.
$cipher = mcrypt_module_open(MCRYPT_TRIPLEDES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($cipher, $key, constants::SMARTFEED_IV);
$decrypted_data = mdecrypt_generic($cipher, base64_decode_urlsafe($data_input));
mcrypt_generic_end($cipher);
return $decrypted_data;
}
function VERIFY($x)
{
VS($x != false, true);
}
//////////////////////////////////////////////////////////////////////
$td = mcrypt_module_open("rijndael-256", "", "ofb", "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_RANDOM);
$ks = mcrypt_enc_get_key_size($td);
$key = substr(md5("very secret key"), 0, $ks);
mcrypt_generic_init($td, $key, $iv);
$encrypted = mcrypt_generic($td, "This is very important data");
VERIFY($encrypted !== "This is very important data");
mcrypt_generic_deinit($td);
mcrypt_generic_init($td, $key, $iv);
$decrypted = mdecrypt_generic($td, $encrypted);
mcrypt_generic_end($td);
mcrypt_module_close($td);
VS($decrypted, "This is very important data");
VERIFY(in_array("blowfish", mcrypt_list_algorithms()));
VERIFY(in_array("cbc", mcrypt_list_modes()));
VS(mcrypt_module_get_algo_block_size("blowfish"), 8);
VS(mcrypt_module_get_algo_key_size("blowfish"), 56);
VS(mcrypt_module_get_supported_key_sizes("blowfish"), array());
VS(mcrypt_module_get_supported_key_sizes("twofish"), array(16, 24, 32));
VS(mcrypt_module_is_block_algorithm_mode("cbc"), true);
VS(mcrypt_module_is_block_algorithm("blowfish"), true);
VS(mcrypt_module_is_block_mode("cbc"), true);
VS(mcrypt_module_self_test(MCRYPT_RIJNDAEL_128), true);
VS(mcrypt_module_self_test("bogus"), false);
$text = "boggles the inivisble monkey will rule the world";
$key = "very secret key";
/**
* This function does the encryption and decryption of the user
* dictionary. It is only available when PHP is compiled with
* mcrypt support (--with-mcrypt). See doc/CRYPTO for more
* information.
*
* @param $mode A string with either of the two recognized values:
* "encrypt" or "decrypt".
* @param $ckey The key to use for processing (the user's password
* in our case.
* @param $input Content to decrypt or encrypt, according to $mode.
* @return encrypted/decrypted content, or "PANIC" if the
* process bails out.
*/
function sqspell_crypto($mode, $ckey, $input)
{
/**
* Double-check if we have the mcrypt_generic function. Bail out if
* not so.
*/
if (!function_exists('mcrypt_generic')) {
return 'PANIC';
}
/**
* Setup mcrypt routines.
*/
$td = mcrypt_module_open(MCRYPT_Blowfish, "", MCRYPT_MODE_ECB, "");
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $ckey, $iv);
/**
* See what we have to do depending on $mode.
* 'encrypt' -- Encrypt the content.
* 'decrypt' -- Decrypt the content.
*/
switch ($mode) {
case 'encrypt':
$crypto = mcrypt_generic($td, $input);
break;
case 'decrypt':
$crypto = mdecrypt_generic($td, $input);
/**
* See if it decrypted successfully. If so, it should contain
* the string "# SquirrelSpell". If not, then bail out.
*/
if (!strstr($crypto, "# SquirrelSpell")) {
$crypto = 'PANIC';
}
break;
}
/**
* Finish up the mcrypt routines and return the processed content.
*/
if (function_exists('mcrypt_generic_deinit')) {
// php 4.1.1+ syntax
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
} else {
// older deprecated function
mcrypt_generic_end($td);
}
return $crypto;
}
/**
* Destructor
*
*/
function _Crypt_CBC()
{
@mcrypt_generic_end($this->TD);
@mcrypt_module_close($this->TD);
}
