public static function Load($strPostDataState) { // Pull Out intStateIndex if (!is_null(QForm::$EncryptionKey)) { // Use QCryptography to Decrypt $objCrypto = new QCryptography(QForm::$EncryptionKey, true); $intStateIndex = $objCrypto->Decrypt($strPostDataState); } else { $intStateIndex = $strPostDataState; } // Pull FormState from Session // NOTE: if gzcompress is used, we are restoring the *BINARY* data stream of the compressed formstate // In theory, this SHOULD work. But if there is a webserver/os/php version that doesn't like // binary session streams, you can first base64_decode before restoring from session (see note above). if (array_key_exists('qform_' . $intStateIndex, $_SESSION)) { $strSerializedForm = $_SESSION['qform_' . $intStateIndex]; // Uncompress (if available) if (function_exists('gzcompress')) { $strSerializedForm = gzuncompress($strSerializedForm); } return $strSerializedForm; } else { return null; } }
public function testBase64Off() { $strKey = 'i4kl36'; $strHashKey = 'p834875'; $crypt = new QCryptography($strKey, false, null, $strHashKey); $str = "I still haven't found what I'm looking for"; $e = $crypt->Encrypt($str); $this->assertNotEquals($str, $e); $crypt2 = new QCryptography($strKey, false, null, $strHashKey); // test decrypt using 2nd instance of crypto using same key // should use the embedded IV rather than the generated one $str2 = $crypt2->Decrypt($e); $this->assertEquals($str, $str2); }
public static function Load($strPostDataState) { $strSerializedForm = $strPostDataState; if (is_null(QForm::$EncryptionKey)) { // Cleanup from FormState Base64 Encoding $strSerializedForm = str_replace('-', '+', $strSerializedForm); $strSerializedForm = str_replace('_', '/', $strSerializedForm); $strSerializedForm = base64_decode($strSerializedForm); } else { // Use QCryptography to Decrypt $objCrypto = new QCryptography(QForm::$EncryptionKey, true); $strSerializedForm = $objCrypto->Decrypt($strSerializedForm); } // Uncompress (if available) if (function_exists('gzcompress')) { $strSerializedForm = gzuncompress($strSerializedForm); } return $strSerializedForm; }
QCryptography::$Key = 'SampleKey'; // By default, let's leave Base64 encoding turned off QCryptography::$Base64 = false; $objCrypto = new QCryptography(); $strEncrypted = $objCrypto->Encrypt($strOriginal); $strDecrypted = $objCrypto->Decrypt($strEncrypted); printf('Original Data: <b>%s</b><br/>', $strOriginal); printf('Encrypted Data: <b>%s</b><br/>', $strEncrypted); printf('Decrypted Data: <b>%s</b><br/><br/><br/>', $strDecrypted); ?> <h3>TripleDES, Electronic Codebook Encryption (with Base64 encoding)</h3> <?php $strOriginal = 'Just keep examining every low bid quoted for zinc etchings.'; // Modify the base64 mode while making the specification on the constructor, itself // By default, let's instantiate a QCryptography object with Base64 encoding enabled // Note: while the resulting encrypted data is safe for any text-based stream, including // use as GET/POST data, inside the URL, etc., the resulting encrypted data stream will // be 33% larger. $objCrypto = new QCryptography(null, true); $strEncrypted = $objCrypto->Encrypt($strOriginal); $strDecrypted = $objCrypto->Decrypt($strEncrypted); printf('Original Data: <b>%s</b><br/>', $strOriginal); printf('Encrypted Data: <b>%s</b><br/>', $strEncrypted); printf('Decrypted Data: <b>%s</b><br/><br/><br/>', $strDecrypted); ?> <?php require '../includes/footer.inc.php';
public static function Load($strPostDataState) { // Pull Out intStateIndex if (!is_null(QForm::$EncryptionKey)) { // Use QCryptography to Decrypt $objCrypto = new QCryptography(QForm::$EncryptionKey, true); $strPostDataState = $objCrypto->Decrypt($strPostDataState); } $a = explode('_', $strPostDataState); if (count($a) == 2 && is_numeric($a[1]) && !empty($_SESSION['qformstate'][$a[0]][$a[1]])) { $strSerializedForm = $_SESSION['qformstate'][$a[0]][$a[1]]; } else { return null; } // Uncompress (if available) // NOTE: if gzcompress is used, we are restoring the *BINARY* data stream of the compressed formstate // In theory, this SHOULD work. But if there is a webserver/os/php version that doesn't like // binary session streams, you can first base64_decode before restoring from session (see note above). if (function_exists('gzcompress')) { $strSerializedForm = gzuncompress($strSerializedForm); } return $strSerializedForm; }
/** * Return a LoginTicket based on cookie information, if applicable * @return LoginTicket */ public static function GetLoginTicketFromCookie() { if (array_key_exists('strTicket', $_COOKIE) && $_COOKIE['strTicket']) { try { $objCrypto = new QCryptography(); $strTicket = $objCrypto->Decrypt($_COOKIE['strTicket']); $strTicketArray = explode('_', $strTicket); $intTicketId = $strTicketArray[0]; $intPersonId = $strTicketArray[1]; $objTicket = LoginTicket::Load($intTicketId); if ($objTicket && $objTicket->PersonId == $intPersonId) { return $objTicket; } } catch (Exception $objExc) { // If we are here, there is something wrong with the cookie, so let's return null return null; } } // If we're here, no valid login ticket existed in the cookie return null; }
public static function Load($strPostDataState) { // Pull Out strPageId $strPageId = $strPostDataState; //Get database $objDatabase = QApplication::$Database[self::$intDbIndex]; // The query to run $strQuery = ' SELECT ' . $objDatabase->EscapeIdentifier('state_data') . ' FROM ' . $objDatabase->EscapeIdentifier(self::$strTableName) . ' WHERE ' . $objDatabase->EscapeIdentifier('page_id') . ' = ' . $objDatabase->SqlVariable($strPageId); if ($strSessionId = session_id()) { $strQuery .= ' AND ' . $objDatabase->EscapeIdentifier('session_id') . ' = ' . $objDatabase->SqlVariable($strSessionId); } // Perform the Query $objDbResult = $objDatabase->Query($strQuery); $strFormStateRow = $objDbResult->FetchRow()[0]; if (empty($strFormStateRow)) { // The formstate with that page ID was not found, or session expired. return null; } $strSerializedForm = $strFormStateRow; if (self::$blnBase64) { $strSerializedForm = base64_decode($strSerializedForm); if ($strSerializedForm === false) { throw new Exception("Failed decoding formstate " . $strSerializedForm); } } if (defined('__DB_BACKED_FORM_STATE_HANDLER_ENCRYPTION_KEY__')) { try { $crypt = new QCryptography(__DB_BACKED_FORM_STATE_HANDLER_ENCRYPTION_KEY__, false, null, __DB_BACKED_FORM_STATE_HANDLER_HASH_KEY__); $strSerializedForm = $crypt->Decrypt($strSerializedForm); } catch (Exception $e) { } } if (function_exists('gzcompress') && self::$blnCompress) { try { $strSerializedForm = gzuncompress($strSerializedForm); } catch (Exception $e) { print "Error on uncompress of page id " . $strPageId; throw $e; } } return $strSerializedForm; }
<?php require dirname(__FILE__) . '/../../includes/prepend.inc.php'; $strPayload = QApplication::PathInfo(0); try { QCryptography::$Key = file_get_contents(__INCLUDES__ . '/../sso_key.txt'); $objCrypto = new QCryptography(); $strPayload = $objCrypto->Decrypt($strPayload); } catch (Exception $objExc) { QApplication::Logout(); QApplication::Redirect('/'); } $strTokens = explode("_", $strPayload); if (count($strTokens) != 2) { QApplication::Logout(); QApplication::Redirect('/'); } $strUsername = $strTokens[0]; $intTime = $strTokens[1]; if ($intTime < time() - 5 || $intTime > time() + 5) { QApplication::Logout(); QApplication::Redirect('/'); } $objLogin = Login::LoadByUsername($strUsername); if (!$objLogin) { QApplication::Logout(); QApplication::Redirect('/'); } QApplication::Login($objLogin); QApplication::Redirect('/');
<?php QCryptography::$Key = CRYPTO_KEY; $objCrypto = new QCryptography(null, false); // iterate through all recurring payments within the time period. $objRecurringPaymentCursor = RecurringPayments::QueryCursor(QQ::AndCondition(QQ::LessOrEqual(QQN::RecurringPayments()->StartDate, date('Y-m-d')), QQ::GreaterOrEqual(QQN::RecurringPayments()->EndDate, date('Y-m-d')))); while ($objRecurringPayment = RecurringPayments::InstantiateCursor($objRecurringPaymentCursor)) { // display information.. print sprintf("Payment of: %s within time period: %s - %s\n", $objRecurringPayment->Amount, $objRecurringPayment->StartDate, $objRecurringPayment->EndDate); print sprintf("name : %s\nAddress: %s %s\n City: %s\nState: %s\nZip: %s\n", $objCrypto->Decrypt($objRecurringPayment->CardHolderName), $objCrypto->Decrypt($objRecurringPayment->Address1), $objCrypto->Decrypt($objRecurringPayment->Address2), $objCrypto->Decrypt($objRecurringPayment->City), $objRecurringPayment->State, $objCrypto->Decrypt($objRecurringPayment->Zip)); print sprintf("Account Number: %s\nExpiration Date: %s\nSecurity code: %s\n", $objCrypto->Decrypt($objRecurringPayment->AccountNumber), $objRecurringPayment->ExpirationDate, $objCrypto->Decrypt($objRecurringPayment->SecurityCode)); print sprintf("CreditCard Type: %d\n", $objRecurringPayment->CreditCardTypeId); // identify if any are due today $startDate = $objRecurringPayment->StartDate; $timePeriod = 0; switch ($objRecurringPayment->PaymentPeriod->Id) { case 1: // weekly $timePeriod = 7 * 24 * 60 * 60; break; case 2: // bi-weekly $timePeriod = 2 * 7 * 24 * 60 * 60; break; case 3: // monthly $timePeriod = 30 * 24 * 60 * 60; break; case 4: // quarterly $timePeriod = 4 * 30 * 24 * 60 * 60;
/** * Read the session data (used by PHP when the session handler is active) * @param string $id * * @return string the session data, base64 decoded * @throws QCallerException */ public static function SessionRead($id) { $id = self::$strSessionName . '.' . $id; $objDatabase = QApplication::$Database[self::$intDbIndex]; $query = ' SELECT ' . $objDatabase->EscapeIdentifier('data') . ' FROM ' . $objDatabase->EscapeIdentifier(self::$strTableName) . ' WHERE ' . $objDatabase->EscapeIdentifier('id') . ' = ' . $objDatabase->SqlVariable($id); $result = $objDatabase->Query($query); $result_row = $result->FetchRow(); if (!$result_row) { // either the data was empty or the row was not found return ''; } $strData = $result_row[0]; /** A kludge to fix a particular problem. Would require a complete rewrite of our database adapters to do this right. */ if (!static::$blnBase64 && strstr($objDatabase->Adapter, 'PostgreSql')) { if (function_exists('pg_unescape_bytea')) { $strData = pg_unescape_bytea($strData); } else { throw new QCallerException('pg_unescape_bytea method needed for DbBackedSessionHandler to operate on a PostgreSQL database. Please install the "pgsql" PHP extension.'); } } if (!$strData) { return ''; } if (self::$blnBase64) { $strData = base64_decode($strData); if ($strData === false) { throw new Exception("Failed decoding formstate " . $strData); } } // The session exists and was accessed. Return the data. if (defined('DB_BACKED_SESSION_HANDLER_ENCRYPTION_KEY')) { try { $crypt = new QCryptography(DB_BACKED_SESSION_HANDLER_ENCRYPTION_KEY, false, null, DB_BACKED_SESSION_HANDLER_HASH_KEY); $strData = $crypt->Decrypt($strData); } catch (Exception $e) { } } if (self::$blnCompress) { $strData = gzuncompress($strData); } return $strData; }
public function __construct($objParentObject, $strControlId = null, Address $objAddress = null, $strFirstName = null, $strLastName = null, RecurringPayments $objRecurringPayment = null) { parent::__construct($objParentObject, $strControlId); $this->strTemplate = dirname(__FILE__) . '/RecurringPaymentPanel.tpl.php'; if (!$objAddress) { $objAddress = new Address(); } $this->txtFirstName = new QTextBox($this); $this->txtFirstName->Name = 'Cardholder Name'; $this->txtFirstName->Required = true; $this->txtFirstName->Text = $strFirstName; $this->txtFirstName->Width = '120px'; $this->txtLastName = new QTextBox($this); $this->txtLastName->Name = 'Cardholder Last Name'; $this->txtLastName->Required = true; $this->txtLastName->Text = $strLastName; $this->txtLastName->Width = '120px'; QCryptography::$Key = CRYPTO_KEY; $objCrypto = new QCryptography(null, false); if ($objRecurringPayment) { $strOriginal = $objCrypto->Decrypt($objRecurringPayment->CardHolderName); $nameArray = explode(' ', $strOriginal); $this->txtFirstName->Text = $nameArray[0]; $this->txtLastName->Text = $nameArray[1]; } $this->txtAddress1 = new QTextBox($this); $this->txtAddress1->Name = 'Address 1'; if (!$objRecurringPayment) { $this->txtAddress1->Text = $objAddress->Address1; } else { $this->txtAddress1->Text = $objCrypto->Decrypt($objRecurringPayment->Address1); } $this->txtAddress1->Required = true; $this->txtAddress2 = new QTextBox($this); $this->txtAddress2->Name = 'Address 2'; if (!$objRecurringPayment) { $this->txtAddress2->Text = $objAddress->Address2; } else { $this->txtAddress2->Text = $objCrypto->Decrypt($objRecurringPayment->Address2); } $this->txtCity = new QTextBox($this); $this->txtCity->Name = 'City, State and Zip'; if (!$objRecurringPayment) { $this->txtCity->Text = $objAddress->City; } else { $this->txtCity->Text = $objCrypto->Decrypt($objRecurringPayment->City); } $this->txtCity->Required = true; $this->lstState = new QListBox($this); $this->lstState->Name = QApplication::Translate('State'); $this->lstState->AddItem(QApplication::Translate('- Select One -'), null); foreach (UsState::LoadAll(QQ::OrderBy(QQN::UsState()->Name)) as $objUsState) { $this->lstState->AddItem($objUsState->Name, $objUsState->Abbreviation, $objAddress->State == $objUsState->Abbreviation); } $this->lstState->Required = true; $this->txtZipCode = new QTextBox($this); $this->txtZipCode->Name = 'Zip Code'; if (!$objRecurringPayment) { $this->txtZipCode->Text = $objAddress->ZipCode; } else { $this->txtZipCode->Text = $objCrypto->Decrypt($objRecurringPayment->Zip); } $this->txtZipCode->Width = '80px'; $this->txtZipCode->Required = true; $this->lstCcType = new QListBox($this); $this->lstCcType->Name = 'Credit Card'; $this->lstCcType->Required = true; $this->lstCcType->AddItem('- Select One -'); foreach (CreditCardType::$NameArray as $intId => $strName) { if ($objRecurringPayment) { $this->lstCcType->AddItem($strName, $intId, $objRecurringPayment->CreditCardTypeId == $intId); } else { $this->lstCcType->AddItem($strName, $intId); } } $this->txtCcNumber = new QTextBox($this); $this->txtCcNumber->Name = 'Account Number'; $this->txtCcNumber->Required = true; $this->txtCcNumber->MaxLength = 16; if ($objRecurringPayment) { $this->txtCcNumber->Text = $objCrypto->Decrypt($objRecurringPayment->AccountNumber); $objExpirationDate = $objRecurringPayment->ExpirationDate; //$objCrypto->Decrypt($objRecurringPayment->ExpirationDate); $intSelectedMonth = substr($objExpirationDate, 0, 2); $intSelectedYear = substr($objExpirationDate, 2, 2); } $this->lstCcExpMonth = new QListBox($this); $this->lstCcExpMonth->Name = 'Expiration Date'; $this->lstCcExpMonth->Required = true; $this->lstCcExpMonth->AddItem('- Select One -'); for ($intMonth = 1; $intMonth <= 12; $intMonth++) { $strMonth = date('F', mktime(0, 0, 0, $intMonth, 1, 2000)); if (!$objRecurringPayment) { $this->lstCcExpMonth->AddItem(sprintf('%02s - %s', $intMonth, $strMonth), $intMonth); } else { $this->lstCcExpMonth->AddItem(sprintf('%02s - %s', $intMonth, $strMonth), $intMonth, $intSelectedMonth == $intMonth); } } $this->lstCcExpYear = new QListBox($this); $this->lstCcExpYear->Required = true; $this->lstCcExpYear->AddItem('---'); for ($intYear = 0; $intYear <= 11; $intYear++) { $intYearToUse = date('Y') + $intYear; $intCmpYear = substr($intYearToUse, 2, 2); if (!$objRecurringPayment) { $this->lstCcExpYear->AddItem($intYearToUse, $intYearToUse); } else { $this->lstCcExpYear->AddItem($intYearToUse, $intYearToUse, $intSelectedYear == $intCmpYear); } } $this->txtCcCsc = new QTextBox($this); $this->txtCcCsc->Name = 'Security Code (CSC/CVV2)'; $this->txtCcCsc->Required = true; $this->txtCcCsc->Width = '80px'; $this->txtCcCsc->MinLength = 3; $this->txtCcCsc->MaxLength = 4; if ($objRecurringPayment) { $this->txtCcCsc->Text = $objCrypto->Decrypt($objRecurringPayment->SecurityCode); } }