Provides two-way keyed encoding using XOR Hashing and Mcrypt
Author: ExpressionEngine Dev Team
Exemple #1
0
 private function _session_read()
 {
     if (empty($this->_session)) {
         $config = get_config();
         $session = filter_input(INPUT_COOKIE, $config['sess_cookie_name']);
         require_once BASEPATH . 'libraries/Encrypt.php';
         $encrypt = new CI_Encrypt();
         $this->_session = unserialize($encrypt->decode($session, $config['encryption_key']));
     }
     return $this->_session;
 }
 function login_after($args)
 {
     $rcmail = rcmail::get_instance();
     $dbh = new PDO($this->get_db_driver() . ':dbname=' . $rcmail->config->get('agendav_dbname', false) . ';host=' . $rcmail->config->get('agendav_dbhost', false), $rcmail->config->get('agendav_dbuser', false), $rcmail->config->get('agendav_dbpass', false));
     $stmt = $dbh->prepare('insert into ' . $rcmail->config->get('agendav_dbprefix', false) . 'sessions(session_id, ip_address, user_agent,last_activity,user_data) values (:id, :ip, :user_agent, :last_activity, :user_data)');
     $stmt->bindParam(':id', $guid);
     $stmt->bindParam(':ip', $ip);
     $stmt->bindParam(':user_agent', $user_agent);
     $stmt->bindParam(':last_activity', $last_activity);
     $stmt->bindParam(':user_data', $user_data);
     // encrypt password
     $encrypt = new CI_Encrypt();
     $encrypt->set_key(md5($rcmail->config->get('agendav_encryption_key', false)));
     // create all necessary infos for the agendav session line
     $password = $encrypt->encode($rcmail->get_user_password());
     $username = $rcmail->get_user_name();
     $guid = sprintf('%04x%04x%04x%04x%04x%04x%04x%04x', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535));
     $ip = rcube_utils::remote_addr();
     $user_agent = $_SERVER['HTTP_USER_AGENT'];
     $last_activity = time();
     // read existing preferences array
     $pref_stmt = $dbh->prepare('select options from ' . $rcmail->config->get('agendav_dbprefix', false) . 'prefs where username=:username');
     $pref_stmt->bindParam(':username', $rcmail->get_user_name());
     $pref_stmt->execute();
     $prefs = $pref_stmt->fetch(PDO::FETCH_ASSOC);
     $options = serialize(json_decode($prefs['options'], true));
     $options = $options == "N;" ? "a:0:{}" : $options;
     // need to replace 'null' with an empty array, otherwise agendav fails to load calendars if user prefs are empty
     $user_data = 'a:4:{s:4:"user";s:' . strlen($username) . ':"' . $username . '";s:6:"passwd";s:' . strlen($password) . ':"' . $password . '";s:5:"prefs";' . $options . 's:19:"available_calendars";a:0:{}}';
     // create session in agendav
     $stmt->execute();
     // destroy database connection
     $dbh = null;
     // create cookie containing the agendav session_id
     setcookie('agendav_sessid', $guid, 0);
     // save agendav session_id in the session, so it can be used on during roundcube logoff to kill the agendav session
     $_SESSION['agendav_sessid'] = $guid;
 }
    {
        if ($this->_mcrypt_mode === NULL) {
            return $this->_mcrypt_mode = MCRYPT_MODE_CBC;
        }
        return $this->_mcrypt_mode;
    }
    public function set_hash($type = 'sha1')
    {
        $this->_hash_type = in_array($type, hash_algos()) ? $type : 'sha1';
    }
    public function hash($str)
    {
        return hash($this->_hash_type, $str);
    }
}
$encryption = new CI_Encrypt();
$encryption->set_key(KEY);
// WRITE YOUR OWN COOKIE HERE!
$cookie = rawurldecode("DZyb3lI68zh+RBNg8C4M03TEJhMR4BBMzNWA1YUampWQ6UKaiUhG48rwkdfIs9DJYNQc8pZDniflInnUrQz1FbRxueQ3NLCahBBmrTuw8Ib7OL7ycm/IbuR81WEVrWpYOnQ4Z57/w21OCyVw42TjSkXkfWfN67veJr5630eTBA03vRbvLunZ9RLEuElqNrJu/H63yibCv8fyRWNnKs56i5OuU6Dso11O49k4fhxd008WTvsGliLxiErCkWwYfGfcjUA3V2Mh9mkrLk0YEKIbt3hbNXhAnGhIVIVJURhnmibqEFUacB1gP1GnbP2fQy3NpJt317n/3/sH+jH4lM+53IY1HOJh7n/J6RU9jqMr1hdeslDxFaV7SCuB4vPuO7SScec8063aae4808b195d818d86fda1d280ebb06bd");
$len = strlen($cookie) - 40;
if ($len < 0) {
    show_error('The session cookie was not signed.');
}
// Check cookie authentication
$hmac = substr($cookie, $len);
$session = substr($cookie, 0, $len);
if ($hmac !== hash_hmac('sha1', $session, KEY)) {
    show_error('The session cookie data did not match what was expected.');
}
// Detect target encryption method and Decrypt session
$_mcrypt = $encryption->mcrypt_decode(base64_decode($session));
Exemple #4
0
 public function __construct()
 {
     parent::__construct();
     //$this->set_mode('MCRYPT_MODE_CFB');
 }
Exemple #5
0
 /**
  * Constructor
  *
  */
 public function __construct()
 {
     parent::__construct();
 }
Exemple #6
0
 /**
  * Class constructor
  *
  * @param	array	$params	Configuration parameters
  * @return	void
  */
 public function __construct(array $params = array())
 {
     $this->_drivers = array('mcrypt' => defined('MCRYPT_DEV_URANDOM'), 'openssl' => is_php('5.3.3') && extension_loaded('openssl'));
     if (!$this->_drivers['mcrypt'] && !$this->_drivers['openssl']) {
         show_error('Encryption: Unable to find an available encryption driver.');
     }
     isset(self::$func_override) or self::$func_override = extension_loaded('mbstring') && ini_get('mbstring.func_override');
     $this->initialize($params);
     if (!isset($this->_key) && self::strlen($key = config_item('encryption_key')) > 0) {
         $this->_key = $key;
     }
     log_message('info', 'Encryption Class Initialized');
 }
Exemple #7
0
 function decode($string, $key = "")
 {
     $string = strtr($string, array('.' => '+', '_' => '=', '~' => '/'));
     return parent::decode($string, $key);
 }
	public function __construct()
	{
		parent::__construct();
		$this->_CI =& get_instance();
	}