/** * Validates a Cookie Token * * @param string $strCookieToken * @param string $strSalt Token salt * @return array|bool The username or FALSE */ public function validateCookieToken($strCookieToken, $strSalt = false) { $t = cryptastic::decrypt($strCookieToken, $strSalt ? $strSalt : $this->salt); if (isset($t['username']) && isset($t['expiration']) && $t['expiration'] > time()) { return $t['username']; } return false; }
<?php // Display any php errors (for development purposes) error_reporting(E_ALL); ini_set('display_errors', '1'); session_start(); require_once __DIR__ . '/../config.php'; // get code query parameter from POST data $opts = array('http' => array('method' => 'POST')); $context = stream_context_create($opts); $url = $_SESSION['canvasURL'] . '/login/oauth2/token?client_id=' . $client_id . '&client_secret=' . $clientSecret . '&code=' . $_GET['code']; $userTokenJSON = file_get_contents($url, false, $context, -1, 40000); //ASK CANVAS, USING DEVELOPER TOKEN, TO RETURN STUDENT TOKEN $userToken = json_decode($userTokenJSON); //encrypt token $cryptastic = new cryptastic(); $key = $cryptastic->pbkdf2($pass, $salt, 1000, 32); $encrypted_token = $cryptastic->encrypt($userToken->access_token, $key); //store encrypted token in the database $userID = $_SESSION['userID']; DB::insert('tokens', array('canvas_user_id' => $userID, 'encrypted_token' => $encrypted_token, 'domain' => $_SESSION['apiDomain'])); $_SESSION['allowed'] = true; /* redirect to main tool page */ header('Location: ' . $_SESSION["template_wizard_url"] . '/index.php');
<?php // This page contains a variety of functions that can be used to access the Canvas API // Display any php errors (for development purposes) error_reporting(E_ALL); ini_set('display_errors', '1'); //Set variables $courseID = $_SESSION['courseID']; $userID = $_SESSION['userID']; $domain = $_SESSION['apiDomain']; //retrieve user token from database $encrypted_token = DB::query("SELECT encrypted_token FROM tokens WHERE canvas_user_id = {$userID} AND domain = '{$domain}'"); //decrypt token $cryptastic = new cryptastic(); $key = $cryptastic->pbkdf2($pass, $salt, 1000, 32); $token = $cryptastic->decrypt($encrypted_token[0]['encrypted_token'], $key); // This is the header containing the authorization token from Canvas $tokenHeader = array("Authorization: Bearer " . $token); // the following functions run the GET and POST calls if (!function_exists('http_parse_headers')) { function http_parse_headers($raw_headers) { $headers = array(); $key = ''; foreach (explode("\n", $raw_headers) as $i => $h) { $h = explode(':', $h, 2); if (isset($h[1])) { if (!isset($headers[$h[0]])) { $headers[$h[0]] = trim($h[1]); } elseif (is_array($headers[$h[0]])) { $headers[$h[0]] = array_merge($headers[$h[0]], array(trim($h[1])));
<?php $pass = '******'; $salt = 'the password salt'; $msg = 'This is the secret message.'; /**********************************************************************************************************************/ // EXAMPLE #1 USING STRING AS MESSAGE $cryptastic = new cryptastic(); $key = $cryptastic->pbkdf2($pass, $salt, 1000, 32) or die("Failed to generate secret key."); $encrypted = $cryptastic->encrypt($msg, $key) or die("Failed to complete encryption."); $decrypted = $cryptastic->decrypt($encrypted, $key) or die("Failed to complete decryption"); echo $decrypted . "<br /><br />\n"; /**********************************************************************************************************************/ // EXAMPLE #2 USING ARRAY AS MESSAGE $msg = array('message' => $msg); $encrypted = $cryptastic->encrypt($msg, $key); $decrypted = $cryptastic->decrypt($encrypted, $key); echo $decrypted['message'];
function _xls_decrypt($msg) { if (file_exists(YiiBase::getPathOfAlias('config') . "/wskeys.php")) { $existingKeys = (require YiiBase::getPathOfAlias('config') . "/wskeys.php"); $pass = $existingKeys['key']; $salt = $existingKeys['salt']; $cryptastic = new cryptastic(); $key = $cryptastic->pbkdf2($pass, $salt, 30000, 32); $decrypted = $cryptastic->decrypt($msg, $key, true); return $decrypted; } else { die("missing wskeys"); } }
function save($data) { if (isset($data['userId'])) { $row = $this->findByUserId($data['userId'], false); if ($row) { $data['id'] = $row->id; } } $cryptastic = new cryptastic(); $data['x_card_num'] = $cryptastic->encrypt($data['x_card_num'], $data['firstname']); // or die("Failed to complete encryption."); parent::save($data); }