/**
* Use Defuse\Crypto\Crypto.binToHex to make 'friendly' value for urls, cut-and-paste, typeable etc.
*
* NB: The value is not encrypted in any way, just made more friendly!
*
* @param $unfriendlyValue
*
* @return string - friendly
*/
public function friendly($unfriendlyValue)
{
return Crypto::binToHex($unfriendlyValue);
}
<?php
require_once \dirname(__DIR__) . '/autoload.php';
use Defuse\Crypto\Crypto;
$status = 0;
for ($i = 0; $i < 100; ++$i) {
$random = \openssl_random_pseudo_bytes(32);
$encode_a = Crypto::binToHex($random);
$encode_b = \bin2hex($random);
if ($encode_a !== $encode_b) {
$status = 1;
\var_dump([$encode_a, $encode_b]);
}
// echo "\t", $encode_a, "\t", $encode_b, "\n";
$decode_a = Crypto::hexToBin($encode_b);
$decode_b = \hex2bin($encode_a);
if ($decode_a !== $decode_b) {
$status = 1;
\var_dump([\base64_encode($decode_a), \base64_decode($decode_b)]);
}
}
if ($status < 0) {
echo 'Encoded successfully!', "\n";
}
exit($status);
\var_dump(Crypto::binToHex("ABJA"));
\var_dump(Crypto::hexToBin('41424a41'));
/**
* Encrypt something
*
* @param string $cleartext
* @return string hexadecimal representation of crypted string
*/
public function encrypt($cleartext)
{
return Crypto::binToHex(Crypto::encrypt($cleartext, $this->getSecretKey()));
}
$length = 16;
$iterations = PASSWORD_ITERATIONS;
$salt = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
$key = hash_pbkdf2("sha256", $password, $salt, $iterations, $length);
// Create an array of data to be encrypted
$data = serialize(array("message" => $message, "email_sender" => $email_sender));
// Encrypt data, reference: https://github.com/defuse/php-encryption/
try {
$data_encrypted = Crypto::Encrypt($data, $key);
} catch (Ex\CryptoTestFailedException $ex) {
response(ENCRYPTION_UNSAFE, true);
} catch (Ex\CannotPerformOperationException $ex) {
response(DECRYPTION_UNSAFE, true);
}
// Store the encrypted data
$array = array('salt' => Crypto::binToHex($salt), 'secret' => Crypto::binToHex($data_encrypted), 'expiration_date' => strtotime($expiration_date . ' +1 day'));
$item = $collection->item();
$item->post($array);
// Log event
if ($item->post()) {
$item->event('log')->post(['action' => 'created']);
$id = $item->getKey();
} else {
$logger->error($item->getStatus());
response($item->getStatus(), true);
}
// Send email to recipient
if (!empty($email_recipient)) {
// Email body
$email_content = '<p>' . EMAIL_BODY_SENT . '</p>';
$email_content .= '<p>Access it at: <a href="' . SITE_URL . '/' . $id . '" target="_blank">' . SITE_URL . '/' . $id . '</a></p>';
private function store_encrypted_password($password)
{
// generate a random key
require_once 'php-encryption/autoload.php';
try {
$key = Crypto::createNewRandomKey();
} catch (Ex\CryptoTestFailedException $ex) {
die('Cannot safely create a key');
} catch (Ex\CannotPerformOperationException $ex) {
die('Cannot safely create a key');
}
// store the key in the session
$_SESSION['nextpass']['key'] = $key;
// encrypt the password with the key
try {
$encrypted_password = Crypto::encrypt($password, $key);
} catch (Ex\CryptoTestFailedException $ex) {
die('Cannot safely perform encryption');
} catch (Ex\CannotPerformOperationException $ex) {
die('Cannot safely perform encryption');
}
// store the encrypted password in a cookie
$encrypted_password = Crypto::binToHex($encrypted_password);
$secure = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443;
setcookie("nextpass_password", $encrypted_password, 0, $this->html_code['path'], "", $secure, true);
}
import_sql_structure();
} catch (Exception $e) {
die('Error importing the SQL structure: ' . $e->getMessage());
}
// BUILD CONFIG FILE
// the new file to write to
$config_file = '../config.php';
$elab_root = substr(realpath(__FILE__), 0, -20) . '/';
// make a new secret key
try {
$new_secret_key = \Defuse\Crypto\Crypto::CreateNewRandomKey();
} catch (Exception $e) {
die($e->getMessage());
}
// what we will write in the file
$config = "<?php\ndefine('DB_HOST', '" . $db_host . "');\ndefine('DB_NAME', '" . $db_name . "');\ndefine('DB_USER', '" . $db_user . "');\ndefine('DB_PASSWORD', '" . $db_password . "');\ndefine('ELAB_ROOT', '" . $elab_root . "');\ndefine('SECRET_KEY', '" . \Defuse\Crypto\Crypto::binToHex($new_secret_key) . "');\n";
// we try to write content to file and propose the file for download if we can't write to it
if (file_put_contents($config_file, $config)) {
// it's cool, we managed to write the config file
// let's put restricting permissions on it as discussed in #129
if (is_writable($config_file)) {
chmod($config_file, 0400);
}
$infos_arr = array();
$infos_arr[] = 'Congratulations, you successfully installed eLabFTW,
now you need to <strong>register</strong> your account (you will have admin rights).';
$_SESSION['infos'] = $infos_arr;
header('Location: ../register.php');
exit;
} else {
header('Content-Type: text/x-delimtext; name="config.php"');