Esempio n. 1
0
 /**
  * Alternative decryption using Pure PHP Libraries
  * @http://px.sklar.com/code.html/id=1287
  * Fix and added More Secure Method
  *
  * @param  string $str  string to be decode
  * @param  string $pass the hash key
  * @return mixed        decryption value output
  */
 public static function altDecrypt($enc, $pass = '')
 {
     // if has $enc or invalid no value or not as string stop here
     if (!is_string($enc) || strlen(trim($enc)) < 4 || (strlen($enc) > 10 ? strpos($enc, 'aCb') !== 10 : strpos($enc, 'aCb') !== 2)) {
         // check if mcrypt loaded and crypt using mcrypt
         if (is_string($enc) && strlen(trim($enc)) > 3 && extension_loaded('mcrypt') && (strlen($enc) > 10 ? strpos($enc, 'mCb') === 10 : strpos($enc, 'mCb') === 2)) {
             return static::decrypt($enc, $pass);
         }
         return null;
     }
     /**
      * Replace Injection 3 characters sign
      */
     $enc = strlen($enc) > 10 ? substr_replace($enc, '', 10, 3) : substr_replace($enc, '', 2, 3);
     // this is base64 safe encoded?
     if (preg_match('/[^a-z0-9\\+\\/\\=\\-\\_]/i', $enc)) {
         return null;
     }
     /**
      * ------------------------------------
      * Safe Sanitized
      * ------------------------------------
      */
     $pass = !$pass ? Config::get('security_salt', '') : $pass;
     (is_null($pass) || $pass === false) && ($pass = '');
     // safe is use array orobject as hash
     $pass = StringHelper::maybeSerialize($pass);
     if (!$pass) {
         $pass = Sha1::hash($pass);
     }
     /**
      * Doing decode of input encryption
      */
     $enc = Internal::safeBase64Decode($enc);
     /**
      * ------------------------------------
      * Doing convert encrypted string
      * ------------------------------------
      */
     $enc_arr = str_split($enc);
     $pass_arr = str_split($pass);
     $add = 0;
     $div = strlen($enc) / strlen($pass);
     $newpass = '';
     while ($add <= $div) {
         $newpass .= $pass;
         $add++;
     }
     $pass_arr = str_split($newpass);
     $ascii = '';
     foreach ($enc_arr as $key => $asc) {
         $pass_int = ord($pass_arr[$key]);
         $enc_int = ord($asc);
         $str_int = $enc_int - $pass_int;
         $ascii .= chr($str_int - strlen($enc));
     }
     /* --------------------------------
      * reversing
      * ------------------------------ */
     // unpack
     $unpack = unpack('a*', trim($ascii));
     /**
      * if empty return here
      */
     if (!$unpack) {
         return null;
     }
     // implode the unpacking array
     $unpack = implode('', (array) $unpack);
     /**
      * Doing decode of input encryption from unpacked
      */
     $unpack = Internal::safeBase64Decode($unpack);
     /**
      * Reverse Rotate
      */
     $retval = Internal::rotate($unpack, 13);
     /**
      * For some case packing returning invisible characters
      * remove it
      */
     $retval = StringHelper::removeInvisibleCharacters($retval, false);
     // check if string less than 40 && match end of hash
     if (strlen($retval) < 40 || substr($retval, -40) !== Sha1::hash(Sha256::hash($pass))) {
         return;
     }
     // remove last 40 characters
     $retval = substr($retval, 0, strlen($retval) - 40);
     // check if result is not string it will be need to be unserialize
     $retval = StringHelper::maybeUnserialize($retval);
     /**
      * Check if value is array
      */
     if (is_array($retval) && array_key_exists('acb', $retval)) {
         return $retval['acb'];
     }
     // freed the memory
     unset($retval);
     return null;
 }
Esempio n. 2
0
 /**
  * Serialize Response cookies into raw HTTP header
  *
  * @param  \Enproject\ErSysDucation\Response\Header $header The Response header
  */
 public static function serializeCookies(Headers &$header)
 {
     $instance = static::singleton();
     $config = Config::singleton();
     $cookies = $instance->cookies();
     $prefix = $config->get('cookie_encrypt_prefix', 'enc|');
     is_string($prefix) && trim($prefix) || ($prefix = 'enc|');
     $config->cookie_encrypt = $config->get('cookie_encrypt', true);
     foreach ($cookies as $name => $settings) {
         if (is_string($settings['expires'])) {
             $expires = strtotime($settings['expires']);
         } else {
             $expires = (int) $settings['expires'];
         }
         /**
          * Check if is has encrypted value
          *     if config cookie encrypt has true
          *     and
          *     (__ settings['encrypted'] = has null or not exists)
          *     or not empty $settings['encrypted']
          * @var boolean
          */
         if (!empty($settings['encrypted']) || $config->cookie_encrypt && !isset($settings['encrypted'])) {
             // add prefix enc to make sure if cookie has encrypt
             $settings['value'] = $prefix . Security::encrypt($settings['value'], Sha1::hash($config->security_key . $config->security_salt . $config->session_hash));
         }
         /**
          * Cookie only accept 4KB
          */
         if (strlen($settings['value']) > 4096) {
             ErrorHandler::set(E_USER_WARNING, sprintf('Cookie %s has been generate more than 4KB failed to save! if there was cookie before, it will be not replaced!', $name), __FILE__, __LINE__);
         } else {
             // set header cookies
             static::setCookieHeader($header, $name, $settings);
         }
     }
 }