function decrypt($key, $c_t)
{
$c_t = trim(chop(base64_decode($c_t)));
$iv = substr(md5($key), 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB));
$p_t = mcrypt_cfb(MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT, $iv);
return trim(chop($p_t));
}
/**
* Расшифровывает данные с помощью расширения mcrypt
* @param string $text Текст, который требуется разшифровать
* @param string $key // 24 битный ключ
* @return string Расшифрованную строку
*/
protected function decrypt($text, $key = CRYPT_KEY)
{
$text = base64_decode($text);
$iv = substr(md5($key), 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB));
$p_t = mcrypt_cfb(MCRYPT_CAST_256, $key, $text, MCRYPT_DECRYPT, $iv);
return unserialize(trim($p_t));
}
public function decrypt($data)
{
// Don't do anything with empty data
if (empty($data) || is_string($data) == false && is_numeric($data) == false) {
return null;
}
// Detect data that is not encrypted
if (strstr($data, '|=|') == false) {
return $data;
}
// This is a serious bug: Base64-encoding can include plus-signs, but JSON thinks these are URL-encoded spaces.
// We have to convert them back manually. Ouch! Another solution would be to migrate from JSON to another transport mechanism. Again ouch!
$data = str_replace(' ', '+', $data);
// Continue with decryption
$array = explode('|=|', $data);
if (isset($array[0]) && isset($array[1])) {
$encrypted = Mage::helper('magebridge/encryption')->base64_decode($array[0]);
$key = Mage::helper('magebridge/encryption')->getKey($array[1]);
$iv = substr($key, 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB));
} else {
return null;
}
try {
$decrypted = mcrypt_cfb(MCRYPT_CAST_256, $key, $encrypted, MCRYPT_DECRYPT, $iv);
$decrypted = trim($decrypted);
return $decrypted;
} catch (Exception $e) {
Mage::getSingleton('magebridge/debug')->error("Error while decrypting: " . $e->getMessage());
return null;
}
}
function decrypt($key, $c_t)
{
// incoming: should be the $key that you encrypted
// with and the $c_t (encrypted text)
// returns plain text
// decode it first :)
$c_t = trim(chop(base64_decode($c_t)));
$iv = substr(md5($key), 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB));
$p_t = mcrypt_cfb(MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT, $iv);
return trim(chop($p_t));
}
/**
* decrypt
* @param string $key
* @param string $c_t
* @return string
* @author Thomas Schedler <*****@*****.**>
* @version 1.0
*/
public static function decrypt(Core &$core, $key, $c_t)
{
$core->logger->debug('massiveart->utilities->Crypt->decrypt: ' . $key . ', ' . $c_t);
try {
$c_t = base64_decode($c_t);
$iv = substr(md5($key), 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB));
$p_t = mcrypt_cfb(MCRYPT_CAST_256, $key, $c_t, MCRYPT_DECRYPT, $iv);
return trim($p_t);
} catch (Exception $exc) {
$core->logger->err($exc);
return false;
}
}
function Decrypt($encoded, &$encode_time)
{
if (GetType($colon = strpos($encoded, ':')) != 'integer' || ($encode_time = intval(substr($encoded, $colon + 1))) == 0 || $encode_time > time() || !($encrypted = base64_decode(substr($encoded, 0, $colon)))) {
return '';
}
$iv_size = mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_CFB);
$iv = str_repeat(chr(0), $iv_size);
$key_size = mcrypt_get_key_size(MCRYPT_3DES, MCRYPT_MODE_CFB);
$key = $encode_time . $this->key;
if (strlen($key) > $key_size) {
$key = substr($key, 0, $key_size);
}
return mcrypt_cfb(MCRYPT_3DES, $key, $encrypted, MCRYPT_DECRYPT, $iv);
}
public function encrypt($data)
{
// Don't do anything with empty data
$data = trim($data);
if (empty($data)) {
return null;
}
// Check if SSL is already in use, so encryption is not needed
if (Mage::getSingleton('magebridge/core')->getMetaData('protocol') == 'https') {
return $data;
}
// Disable encryption if configured
if ((bool) Mage::getStoreConfig('magebridge/joomla/encryption') == false) {
return $data;
}
// Generate a random key
$random = str_shuffle('0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz');
$key = Mage::helper('magebridge/encryption')->getSaltedKey($random);
// PHP 5.5 version
if (version_compare(PHP_VERSION, '5.5.0') >= 0) {
try {
$td = mcrypt_module_open(MCRYPT_CAST_256, '', 'ecb', '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$encrypted = mcrypt_generic($td, $data);
$encoded = Mage::helper('magebridge/encryption')->base64_encode($encrypted);
} catch (Exception $e) {
Mage::getSingleton('magebridge/debug')->error("Error while decrypting: " . $e->getMessage());
return null;
}
} else {
try {
$iv = substr($key, 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB));
$encrypted = @mcrypt_cfb(MCRYPT_CAST_256, $key, $data, MCRYPT_ENCRYPT, $iv);
$encoded = Mage::helper('magebridge/encryption')->base64_encode($encrypted);
} catch (Exception $e) {
Mage::getSingleton('magebridge/debug')->error("Error while decrypting: " . $e->getMessage());
return null;
}
}
return $encoded . '|=|' . $random;
}
/**
* Decrypt data after encryption
*
* @param string $data
* @return mixed
*/
public static function decrypt($data)
{
// Don't do anything with empty data
$data = trim($data);
if (empty($data) || is_string($data) == false && is_numeric($data) == false) {
return null;
}
// Detect data that is not encrypted
$data = urldecode($data);
if (strstr($data, '|=|') == false) {
return $data;
}
$array = explode('|=|', $data);
$encrypted = MageBridgeEncryptionHelper::base64_decode($array[0], true);
$key = MageBridgeEncryptionHelper::getSaltedKey($array[1]);
// PHP 5.5 version
if (version_compare(PHP_VERSION, '5.5.0') >= 0) {
try {
$td = mcrypt_module_open(MCRYPT_CAST_256, '', 'ecb', '');
$iv = substr($key, 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB));
mcrypt_generic_init($td, $key, $iv);
$decrypted = mdecrypt_generic($td, $encrypted);
$decrypted = trim($decrypted);
return $decrypted;
} catch (Exception $e) {
Mage::getSingleton('magebridge/debug')->error("Error while decrypting: " . $e->getMessage());
return null;
}
} else {
try {
$iv = substr($key, 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB));
$decrypted = @mcrypt_cfb(MCRYPT_CAST_256, $key, $encrypted, MCRYPT_DECRYPT, $iv);
$decrypted = trim($decrypted);
return $decrypted;
} catch (Exception $e) {
Mage::getSingleton('magebridge/debug')->error("Error while decrypting: " . $e->getMessage());
return null;
}
}
}
eregi_replace(); import_request_variables(); mcrypt_generic_end(); mysql_db_query(); mysql_escape_string(); mysql_list_dbs(); mysqli_bind_param(); mysqli_bind_result(); mysqli_client_encoding(); mysqli_fetch(); mysqli_param_count(); mysqli_get_metadata(); mysqli_send_long_data(); magic_quotes_runtime(); session_register(); session_unregister(); session_is_registered(); set_magic_quotes_runtime(); set_socket_blocking(); split(); spliti(); sql_regcase(); php_logo_guid(); php_egg_logo_guid(); php_real_logo_guid(); zend_logo_guid(); datefmt_set_timezone_id(); mcrypt_ecb(); mcrypt_cbc(); mcrypt_cfb(); mcrypt_ofb();
$key = "pam";
$iv = substr(md5($key), 0,mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB));
$ENCRYPT_PASSWORD = mcrypt_cfb (MCRYPT_CAST_256, $key, $password, MCRYPT_ENCRYPT, $iv);
$ENCRYPT_PASSWORD = trim(chop(base64_encode($ENCRYPT_PASSWORD)));
$ENCRYPT_PASSWORD_TMP = str_replace ("/", "\\/", $ENCRYPT_PASSWORD);
# We need to read the config file and confim it
$fileContent = file($configFileName);
$stringToCheck = "SQL_PASSWORD = \"$ENCRYPT_PASSWORD_TMP\"";
$isPasswordCorrent = preg_grep ("/$stringToCheck/", $fileContent);
if (!count ($isPasswordCorrent)) {
echo "<p><b>You entered the wrong webpatrol password - Password not changed</p></b>";
}
else {
# We need to encrypt the new password
$newPassEncrypt = mcrypt_cfb (MCRYPT_CAST_256, $key, $newPassword, MCRYPT_ENCRYPT, $iv);
$newPassEncrypt = trim(chop(base64_encode($newPassEncrypt)));
$stringToChange = "SQL_PASSWORD = \"$ENCRYPT_PASSWORD\"";
$newString = "SQL_PASSWORD = \"$newPassEncrypt\"";
# Update the password in the database
update_db_password($SQL_USER, $newPassword);
# We need to update the file
$fileContentString = implode ("", $fileContent);
$newFile = str_replace($stringToChange, $newString, $fileContentString);
# Backing up the old file
$backupfile = $backupFileName;
$fp = fopen ($backupfile, "w");
fwrite ($fp, $fileContentString);
<?php $key = "FooBar"; $secret = "PHP Testfest 2008"; $cipher = MCRYPT_RIJNDAEL_128; $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher, MCRYPT_MODE_CFB), MCRYPT_RAND); $enc_data = mcrypt_cfb($cipher, $key, $secret, MCRYPT_ENCRYPT, $iv); // we have to trim as AES rounds the blocks and decrypt doesnt detect that echo trim(mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n"; // a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT);
function decrypt_aes($key, $c_t)
{
$c_t = base64_decode($c_t);
$iv = substr(md5($key), 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_CFB));
$p_t = mcrypt_cfb(MCRYPT_RIJNDAEL_256, $key, $c_t, MCRYPT_DECRYPT, $iv);
return trim($p_t);
}
public static function CardEncrypt($plain_text)
{
$msg_key = defined('CARD_ENCRYPT_KEY') ? CARD_ENCRYPT_KEY : '';
$plain_text = trim($plain_text);
$iv = substr(md5($msg_key), 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB));
$c_t = mcrypt_cfb(MCRYPT_CAST_256, $key, $plain_text, MCRYPT_ENCRYPT, $iv);
return trim(urlencode(chop(base64_encode($c_t))));
}
<tr>
<td colspan=2 align=center>
<input type="submit" value="Submit">
<p>
</td>
</tr>
</form>
</table>
<?
exit;
} else {
$key = "pam";
$iv = substr(md5($key), 0,mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB));
$DECRIPT_PASSWORD = trim(chop(base64_decode($SQL_PASSWORD)));
$DECRIPT_PASSWORD = mcrypt_cfb (MCRYPT_CAST_256, $key, $DECRIPT_PASSWORD, MCRYPT_DECRYPT, $iv);
$connection = mysql_connect("$SQL_SERVER","$SQL_USER","$DECRIPT_PASSWORD") or die ("Unable to connect to MySQL server.");
}
if($_SESSION[SQL_DATABASE] == "") {
?>
<table>
<form action="<? print $PHP_SELF; ?>" method="post">
<tr>
<td align=right><b>MySQL Database:</b></td>
<td><input type="text" name="SQL_DATABASE"></td>
</tr>
<tr>
<td colspan=2 align=center>
<input type="submit" value="Submit">
$enc = mcrypt_encrypt(MCRYPT_XTEA, $key, $text, MCRYPT_MODE_ECB, $iv); VS(bin2hex($enc), "f522c62002fa16129c8576bcddc6dd0f7ea81991103ba42962d94c8bfff3ee660d53b187d7e989540abf5a729c2f7baf"); $crypttext = mcrypt_decrypt(MCRYPT_XTEA, $key, $enc, MCRYPT_MODE_ECB, $iv); VS($crypttext, $text); ////////////////////////////////////////////////////////////////////// $key = "123456789012345678901234567890123456789012345678901234567890"; $CC = "4007000000027"; $encrypted = mcrypt_cbc(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $CC, MCRYPT_ENCRYPT, substr($key, 32, 16)); $decrypted = mcrypt_cbc(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $encrypted, MCRYPT_DECRYPT, substr($key, 32, 16)); VERIFY($encrypted !== $decrypted); VS(trim((string) $decrypted), $CC); ////////////////////////////////////////////////////////////////////// $key = "123456789012345678901234567890123456789012345678901234567890"; $CC = "4007000000027"; $encrypted = mcrypt_cfb(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $CC, MCRYPT_ENCRYPT, substr($key, 32, 16)); $decrypted = mcrypt_cfb(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $encrypted, MCRYPT_DECRYPT, substr($key, 32, 16)); VERIFY($encrypted !== $decrypted); VS(trim((string) $decrypted), $CC); ////////////////////////////////////////////////////////////////////// $key = "123456789012345678901234567890123456789012345678901234567890"; $CC = "4007000000027"; $encrypted = mcrypt_ecb(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $CC, MCRYPT_ENCRYPT, substr($key, 32, 16)); $decrypted = mcrypt_ecb(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $encrypted, MCRYPT_DECRYPT, substr($key, 32, 16)); VERIFY($encrypted !== $decrypted); VS(trim((string) $decrypted), $CC); ////////////////////////////////////////////////////////////////////// $key = "123456789012345678901234567890123456789012345678901234567890"; $CC = "4007000000027"; $encrypted = mcrypt_ofb(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $CC, MCRYPT_ENCRYPT, substr($key, 32, 16)); $decrypted = mcrypt_ofb(MCRYPT_RIJNDAEL_128, substr($key, 0, 32), $encrypted, MCRYPT_DECRYPT, substr($key, 32, 16)); VERIFY($encrypted !== $decrypted);
<?php $key = "0123456789012345"; $secret = "PHP Testfest 2008"; $cipher = MCRYPT_RIJNDAEL_128; $iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher, MCRYPT_MODE_CFB), MCRYPT_RAND); $enc_data = mcrypt_cfb($cipher, $key, $secret, MCRYPT_ENCRYPT, $iv); // we have to trim as AES rounds the blocks and decrypt doesnt detect that echo trim(mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT, $iv)) . "\n"; // a warning must be issued if we don't use a IV on a AES cipher, that usually requires an IV var_dump(mcrypt_cfb($cipher, $key, $enc_data, MCRYPT_DECRYPT));
/**
* sessDecrypt - Decrypts encrypted text created by the sessEncrypt member.
* It needs to be passed the same Initialization Vector (IV) used in the
* encryption process. When you have a few/many fields to decrypt in one
* script cycle, choose to keep the mcrypt module open to speed up
* decryption (only for libmcrypt >= 2.4.x). A correctly decrypted field
* will be returned as a string, so if you're expecting/wanting an integer
* then you have to type cast or use intval() function.
*
* @param string $_enc Pass the encrypted text you would like to decrypt.
* @param string $_IV Pass the same IV used in the encryption phase.
* @param bool $_keep_open TRUE to keep mcrypt module open, FALSE close.
* @return mixed Returns the original plain text or FALSE on error.
* @access public
*/
function sessDecrypt($_enc, $_IV, $_keep_open = FALSE)
{
static $_open_already = FALSE;
// Open encrypt flag For ver >= 2.4.x
static $_module = NULL;
if (!is_bool($_keep_open)) {
$_keep_open = FALSE;
}
if (is_numeric($_IV) && strlen($_IV) > 0 && strlen($_IV) < 4 && intval($_IV) > 0 && intval($_IV) < 501) {
$_text = $this->sessDecode($_enc, intval($_IV));
} else {
if ($this->_MCRYPT && !empty($this->_ENC_ALGO) && !empty($this->_ENC_MODE)) {
$_IV = @base64_decode($_IV);
$_enc = @base64_decode($_enc);
if ($this->_MCRYPT_LATEST) {
// For >= 2.4.x
if (!$_open_already) {
$_module = @mcrypt_module_open($this->_ENC_ALGO, '', $this->_ENC_MODE, '');
if (FALSE === $_module) {
// Could not open encryption module for decryption
$this->_setErrMsg('DEC_OPEN_FAIL', NULL, $this->_ENC_ALGO, $this->_ENC_MODE);
$this->_handleErrors();
return FALSE;
}
$_open_already = TRUE;
}
$_key = substr($this->_ENC_KEY_HASHED, 0, @mcrypt_enc_get_key_size($_module));
$_result = @mcrypt_generic_init($_module, $_key, $_IV);
if ($_result < 0) {
switch ($_result) {
case -3:
// Key length for decryption is incorrect
$this->_setErrMsg('DEC_KEY_LEN', NULL, $this->_ENC_ALGO, $this->_ENC_MODE, strlen($_key));
case -4:
// There were memory allocation problems - decrypt
$this->_setErrMsg('DEC_MEMORY', NULL, $this->_ENC_ALGO, $this->_ENC_MODE);
default:
// There were unknown errors while trying to decrypt
$this->_setErrMsg('DEC_UNKNOWN', NULL, $this->_ENC_ALGO, $this->_ENC_MODE);
}
$this->_handleErrors();
return FALSE;
}
// trim is especially needed in Cipher Block Chaining (CBC) mode
$_text = trim(@mdecrypt_generic($_module, $_enc));
if (!$_keep_open) {
@mcrypt_generic_deinit($_module);
@mcrypt_module_close($_module);
$_open_already = FALSE;
$_module = NULL;
}
} else {
// For 2.2.x
$_key = substr($this->_ENC_KEY_HASHED, 0, @mcrypt_get_key_size($this->_ENC_ALGO));
switch ($this->_ENC_MODE) {
case MCRYPT_MODE_ECB:
$_text = @mcrypt_ecb($this->_ENC_ALGO, $_key, $_enc, MCRYPT_DECRYPT);
break;
case MCRYPT_MODE_CFB:
$_text = @mcrypt_cfb($this->_ENC_ALGO, $_key, $_enc, MCRYPT_DECRYPT, $_IV);
break;
case MCRYPT_MODE_OFB:
$_text = @mcrypt_ofb($this->_ENC_ALGO, $_key, $_enc, MCRYPT_DECRYPT, $_IV);
break;
default:
$_text = @mcrypt_cbc($this->_ENC_ALGO, $_key, $_enc, MCRYPT_DECRYPT, $_IV);
}
$_text = trim($_text);
// Especially needed for CBC mode
}
} else {
$_text = FALSE;
}
}
return $_text;
}
public static function decrypt($data)
{
// Don't do anything with empty data
$data = trim($data);
if (empty($data) || is_string($data) == false && is_numeric($data) == false) {
return null;
}
// Detect data that is not encrypted
if (strstr($data, '|=|') == false) {
return $data;
}
$array = explode('|=|', $data);
$encrypted = MageBridgeEncryptionHelper::base64_decode($array[0], true);
$key = MageBridgeEncryptionHelper::getSaltKey($array[1]);
$iv = substr($key, 0, mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB));
try {
$decrypted = mcrypt_cfb(MCRYPT_CAST_256, $key, $encrypted, MCRYPT_DECRYPT, $iv);
$decrypted = trim($decrypted);
return $decrypted;
} catch (Exception $e) {
Mage::getSingleton('magebridge/debug')->error("Error while decrypting: " . $e->getMessage());
return null;
}
}
function run_sql_cmd($cmd) {
// These are set in the configuration file
global $SQL_SERVER;
global $SQL_USER;
global $SQL_PASSWORD;
global $SQL_DATABASE;
global $WITH_MCRYPT;
debug_var("Executing query:",$cmd);
if ($WITH_MCRYPT) {
$key = "pam";
$iv = substr(md5($key), 0,mcrypt_get_iv_size (MCRYPT_CAST_256,MCRYPT_MODE_CFB));
$DECRIPT_PASSWORD = trim(chop(base64_decode($SQL_PASSWORD)));
$DECRIPT_PASSWORD = mcrypt_cfb (MCRYPT_CAST_256, $key, $DECRIPT_PASSWORD, MCRYPT_DECRYPT, $iv);
} else {
$DECRIPT_PASSWORD = $SQL_PASSWORD;
}
if (($SQL_SERVER == "") || ($SQL_USER == "") || ($DECRIPT_PASSWORD == "") || ($SQL_DATABASE == "")) {
echo "Configuration settings missing, please contact the admin";
exit;
}
$connection = mysql_pconnect("$SQL_SERVER","$SQL_USER","$DECRIPT_PASSWORD") or die ("Unable to connect to MySQL server.");
$db = mysql_select_db("$SQL_DATABASE") or die ("Unable to select requested database.");
$sql = mysql_query($cmd, $connection) or die(mysql_error());
// Need to add some error checking statements
}
