/**
* Encrypts given string with crypt, blowfish and base64 with private key
*
* @param String $stringToSalt String to encode
* @return String $encodedString encoded String
*/
public function getEncodedString($stringToSalt)
{
$cipherKey = crypt($stringToSalt, $this->getPrivateKey());
$bf = new Blowfish($cipherKey.$this->getPrivateKey());
$encodedString = base64_encode($bf->encrypt($stringToSalt));
return $encodedString;
}
/**
* This method encrypts $content using the password $key.<br />
* If the mcrypt extension is installed, it will use $cipher as cipher and
* $mode as mode.<br />
* If not, no matter what is given in $cipher and $mode, this method will use
* blowfish in CBC mode, with RFC padding style. In this case, it uses Matt Harris'
* blowfish class instead of the mcrypt extension.
* @param str $content The text to encrypt.
* @param str $key The secret key. Defaults to an empty string.
* @param str $cipher One of the MCRYPT_ciphername PHP constants. Defaults to MCRYPT_RIJNDAEL_256.
* @param str $mode One of the MCRYPT_MODE_modename PHP constants. Defaults to MCRYPT_MODE_CBC.
* @return str The encrypted text.
*/
public function crypt($content, $key = '', $cipher = MCRYPT_RIJNDAEL_256, $mode = MCRYPT_MODE_CBC)
{
$this->debug(__FUNCTION__, 2, __LINE__);
$this->debug('Crypting with key ' . $key, 3, __LINE__);
if ($this->mcrypt_active) {
$iv_size = mcrypt_get_iv_size($cipher, $mode);
$iv = substr(md5('hskjdh kjqsdnqndqs; sqnd;qskjdhkjha knd;n;za jkah'), 0, $iv_size);
if ($key == '') {
$key = MD5(__CLASS__ . 'defaultpass');
$this->debug('No key given. We will use ' . $key, 3, __LINE__);
} else {
$key = MD5(__CLASS__ . $key);
$this->debug('A key was given. We will use ' . $key, 3, __LINE__);
}
$ret = $iv . mcrypt_encrypt($cipher, $key, $content, $mode, $iv);
} else {
$iv = md5('jdqlkj ,ql dqd45dq454 ù;:sqmqdqsdd1216qq2s sqqsd!');
// We will use the blowfish class instead of mcrypt
$ret = Blowfish::encrypt($content, $key, Blowfish::BLOWFISH_MODE_CBC, Blowfish::BLOWFISH_PADDING_RFC, $iv);
}
return $ret;
}
/**
* @see FrontController::initContent()
*/
public function initContent()
{
parent::initContent();
// get discount value (ready to display)
$discount_type = (int) Configuration::get('REFERRAL_DISCOUNT_TYPE');
if ($discount_type == 1) {
$discount = Discount::display((double) Configuration::get('REFERRAL_PERCENTAGE'), $discount_type, new Currency($this->context->currency->id));
} else {
$discount = Discount::display((double) Configuration::get('REFERRAL_DISCOUNT_VALUE_' . (int) $this->context->currency->id), $discount_type, new Currency($this->context->currency->id));
}
$activeTab = 'sponsor';
$error = false;
// Mailing invitation to friend sponsor
$invitation_sent = false;
$nbInvitation = 0;
if (Tools::isSubmit('submitSponsorFriends') and Tools::getValue('friendsEmail') and sizeof($friendsEmail = Tools::getValue('friendsEmail')) >= 1) {
$activeTab = 'sponsor';
if (!Tools::getValue('conditionsValided')) {
$error = 'conditions not valided';
} else {
$friendsLastName = Tools::getValue('friendsLastName');
$friendsFirstName = Tools::getValue('friendsFirstName');
$mails_exists = array();
foreach ($friendsEmail as $key => $friendEmail) {
$friendEmail = strval($friendEmail);
$friendLastName = strval($friendsLastName[$key]);
$friendFirstName = strval($friendsFirstName[$key]);
if (empty($friendEmail) and empty($friendLastName) and empty($friendFirstName)) {
continue;
} elseif (empty($friendEmail) or !Validate::isEmail($friendEmail)) {
$error = 'email invalid';
} elseif (empty($friendFirstName) or empty($friendLastName) or !Validate::isName($friendLastName) or !Validate::isName($friendFirstName)) {
$error = 'name invalid';
} elseif (ReferralProgramModule::isEmailExists($friendEmail) or Customer::customerExists($friendEmail)) {
$mails_exists[] = $friendEmail;
} else {
$referralprogram = new ReferralProgramModule();
$referralprogram->id_sponsor = (int) $this->context->customer->id;
$referralprogram->firstname = $friendFirstName;
$referralprogram->lastname = $friendLastName;
$referralprogram->email = $friendEmail;
if (!$referralprogram->validateFields(false)) {
$error = 'name invalid';
} else {
if ($referralprogram->save()) {
if (Configuration::get('PS_CIPHER_ALGORITHM')) {
$cipherTool = new Rijndael(_RIJNDAEL_KEY_, _RIJNDAEL_IV_);
} else {
$cipherTool = new Blowfish(_COOKIE_KEY_, _COOKIE_IV_);
}
$vars = array('{email}' => strval($this->context->customer->email), '{lastname}' => strval($this->context->customer->lastname), '{firstname}' => strval($this->context->customer->firstname), '{email_friend}' => $friendEmail, '{lastname_friend}' => $friendLastName, '{firstname_friend}' => $friendFirstName, '{link}' => Context::getContext()->link->getPageLink('authentication', true, Context::getContext()->language->id, 'create_account=1&sponsor=' . urlencode($cipherTool->encrypt($referralprogram->id . '|' . $referralprogram->email . '|')), false), '{discount}' => $discount);
Mail::Send((int) $this->context->language->id, 'referralprogram-invitation', Mail::l('Referral Program', (int) $this->context->language->id), $vars, $friendEmail, $friendFirstName . ' ' . $friendLastName, strval(Configuration::get('PS_SHOP_EMAIL')), strval(Configuration::get('PS_SHOP_NAME')), NULL, NULL, dirname(__FILE__) . '/../../mails/');
$invitation_sent = true;
$nbInvitation++;
$activeTab = 'pending';
} else {
$error = 'cannot add friends';
}
}
}
if ($error) {
break;
}
}
if ($nbInvitation > 0) {
unset($_POST);
}
//Not to stop the sending of e-mails in case of doubloon
if (sizeof($mails_exists)) {
$error = 'email exists';
}
}
}
// Mailing revive
$revive_sent = false;
$nbRevive = 0;
if (Tools::isSubmit('revive')) {
$activeTab = 'pending';
if (Tools::getValue('friendChecked') and sizeof($friendsChecked = Tools::getValue('friendChecked')) >= 1) {
foreach ($friendsChecked as $key => $friendChecked) {
if (ReferralProgramModule::isSponsorFriend((int) $this->context->customer->id, (int) $friendChecked)) {
if (Configuration::get('PS_CIPHER_ALGORITHM')) {
$cipherTool = new Rijndael(_RIJNDAEL_KEY_, _RIJNDAEL_IV_);
} else {
$cipherTool = new Blowfish(_COOKIE_KEY_, _COOKIE_IV_);
}
$referralprogram = new ReferralProgramModule((int) $key);
$vars = array('{email}' => $this->context->customer->email, '{lastname}' => $this->context->customer->lastname, '{firstname}' => $this->context->customer->firstname, '{email_friend}' => $referralprogram->email, '{lastname_friend}' => $referralprogram->lastname, '{firstname_friend}' => $referralprogram->firstname, '{link}' => Context::getContext()->link->getPageLink('authentication', true, Context::getContext()->language->id, 'create_account=1&sponsor=' . urlencode($cipherTool->encrypt($referralprogram->id . '|' . $referralprogram->email . '|')), false), '{discount}' => $discount);
$referralprogram->save();
Mail::Send((int) $this->context->language->id, 'referralprogram-invitation', Mail::l('Referral Program', (int) $this->context->language->id), $vars, $referralprogram->email, $referralprogram->firstname . ' ' . $referralprogram->lastname, strval(Configuration::get('PS_SHOP_EMAIL')), strval(Configuration::get('PS_SHOP_NAME')), NULL, NULL, dirname(__FILE__) . '/../../mails/');
$revive_sent = true;
$nbRevive++;
}
}
} else {
$error = 'no revive checked';
}
}
$customer = new Customer((int) $this->context->customer->id);
$stats = $customer->getStats();
$orderQuantity = (int) Configuration::get('REFERRAL_ORDER_QUANTITY');
$canSendInvitations = false;
if ((int) $stats['nb_orders'] >= $orderQuantity) {
$canSendInvitations = true;
}
// Smarty display
$this->context->smarty->assign(array('activeTab' => $activeTab, 'discount' => $discount, 'orderQuantity' => $orderQuantity, 'canSendInvitations' => $canSendInvitations, 'nbFriends' => (int) Configuration::get('REFERRAL_NB_FRIENDS'), 'error' => $error, 'invitation_sent' => $invitation_sent, 'nbInvitation' => $nbInvitation, 'pendingFriends' => ReferralProgramModule::getSponsorFriend((int) $this->context->customer->id, 'pending'), 'revive_sent' => $revive_sent, 'nbRevive' => $nbRevive, 'subscribeFriends' => ReferralProgramModule::getSponsorFriend((int) $this->context->customer->id, 'subscribed'), 'mails_exists' => isset($mails_exists) ? $mails_exists : array()));
$this->setTemplate('program.tpl');
}
}
// Mailing revive
$revive_sent = false;
$nbRevive = 0;
if (Tools::isSubmit('revive')) {
$activeTab = 'pending';
if (Tools::getValue('friendChecked') and sizeof($friendsChecked = Tools::getValue('friendChecked')) >= 1) {
foreach ($friendsChecked as $key => $friendChecked) {
if (ReferralProgramModule::isSponsorFriend((int) $cookie->id_customer, (int) $friendChecked)) {
if (Configuration::get('PS_CIPHER_ALGORITHM')) {
$cipherTool = new Rijndael(_RIJNDAEL_KEY_, _RIJNDAEL_IV_);
} else {
$cipherTool = new Blowfish(_COOKIE_KEY_, _COOKIE_IV_);
}
$referralprogram = new ReferralProgramModule((int) $key);
$vars = array('{email}' => $cookie->email, '{lastname}' => $cookie->customer_lastname, '{firstname}' => $cookie->customer_firstname, '{email_friend}' => $referralprogram->email, '{lastname_friend}' => $referralprogram->lastname, '{firstname_friend}' => $referralprogram->firstname, '{link}' => 'authentication.php?create_account=1&sponsor=' . base64_encode($cipherTool->encrypt($referralprogram->id . '|' . $referralprogram->email . '|')), '{discount}' => $discount);
$referralprogram->save();
Mail::Send((int) $cookie->id_lang, 'referralprogram-invitation', Mail::l('Referral Program'), $vars, $referralprogram->email, $referralprogram->firstname . ' ' . $referralprogram->lastname, strval(Configuration::get('PS_SHOP_EMAIL')), strval(Configuration::get('PS_SHOP_NAME')), NULL, NULL, dirname(__FILE__) . '/mails/');
$revive_sent = true;
$nbRevive++;
}
}
} else {
$error = 'no revive checked';
}
}
$customer = new Customer((int) $cookie->id_customer);
$stats = $customer->getStats();
$orderQuantity = (int) Configuration::get('REFERRAL_ORDER_QUANTITY');
$canSendInvitations = false;
if ((int) $stats['nb_orders'] >= $orderQuantity) {
function hookFooter($params)
{
global $protocol_content, $server_host;
// Identification information are encrypted to prevent hacking attempts
$blowfish = new Blowfish(_COOKIE_KEY_, _COOKIE_IV_);
if (!isset($params['cookie']->id_guest)) {
Guest::setNewGuest($params['cookie']);
// Ajax request sending browser information
$token = $blowfish->encrypt($params['cookie']->id_guest);
$this->_html = '
<script type="text/javascript" src="' . $protocol_content . $server_host . __PS_BASE_URI__ . 'js/pluginDetect.js"></script>
<script type="text/javascript">
plugins = new Object;
plugins.adobe_director = (PluginDetect.getVersion("Shockwave") != null) ? 1 : 0;
plugins.adobe_flash = (PluginDetect.getVersion("Flash") != null) ? 1 : 0;
plugins.apple_quicktime = (PluginDetect.getVersion("QuickTime") != null) ? 1 : 0;
plugins.windows_media = (PluginDetect.getVersion("WindowsMediaPlayer") != null) ? 1 : 0;
plugins.sun_java = (PluginDetect.getVersion("java") != null) ? 1 : 0;
plugins.real_player = (PluginDetect.getVersion("RealPlayer") != null) ? 1 : 0;
$(document).ready(
function() {
navinfo = new Object;
navinfo = { screen_resolution_x: screen.width, screen_resolution_y: screen.height, screen_color:screen.colorDepth};
for (var i in plugins)
navinfo[i] = plugins[i];
navinfo.type = "navinfo";
navinfo.token = "' . $token . '";
$.post("' . $protocol_content . $server_host . __PS_BASE_URI__ . 'statistics.php", navinfo);
}
);
</script>';
}
// Record the guest path then increment the visit counter of the page
$tokenArray = Connection::setPageConnection($params['cookie']);
ConnectionsSource::logHttpReferer();
Page::setPageViewed($tokenArray['id_page']);
// Ajax request sending the time spend on the page
$token = $blowfish->encrypt($tokenArray['id_connections'] . '|' . $tokenArray['id_page'] . '|' . $tokenArray['time_start']);
$this->_html .= '
<script type="text/javascript">
var time_start;
$(window).load(
function() {
time_start = new Date();
}
);
$(window).unload(
function() {
var time_end = new Date();
var pagetime = new Object;
pagetime.type = "pagetime";
pagetime.token = "' . $token . '";
pagetime.time = time_end-time_start;
$.post("' . $protocol_content . $server_host . __PS_BASE_URI__ . 'statistics.php", pagetime);
}
);
</script>';
return $this->_html;
}
$referenceFields = $referenceName ? $_SESSION[$projectName]['settings']['labels'][$referenceName] : array('id' => 1);
$objectFields = $_SESSION[$projectName]['settings']['labels'][$objectName];
foreach ($_POST as $k => $v) {
switch (substr($k, 0, 2)) {
// base64-encode Content
case 'e_':
$_POST[$k] = base64_encode($v);
break;
// encrypt Content (Blowfish) OR prevent replacing encrypted Content
// encrypt Content (Blowfish) OR prevent replacing encrypted Content
case 'c_':
if (isset($_SESSION[$projectName]['config']['crypt'][$objectName][$k])) {
require_once 'inc/php/crypt.php';
// the Key is buid MD5( projectname + objectname + fieldname + entry_id + password )
$key = md5($projectName . $objectName . $k . $objectId . $_SESSION[$projectName]['config']['crypt'][$objectName][$k]);
$_POST[$k] = Blowfish::encrypt($v, $key, md5($_CONF::$DB_PASSWORD[$objectDB]));
} else {
unset($_POST[$k]);
}
break;
}
}
$objectHooks = $objects[$objectName]['hooks'];
$c->lang = $lang;
$c->LL = $LL;
$c->projectName = $projectName;
$c->ppath = $projectPath;
$c->objects = $objects;
$c->objectName = $objectName;
$c->objectId = $objectId;
$c->objectFields = $objectFields;
} else {
list($key, $plaintext, $expected_ciphertext) = preg_split('/\\s+/', $v);
$iv = NULL;
}
$key = trim($key);
$key = pack('H' . strlen($key), $key);
if ($mode == Blowfish::BLOWFISH_MODE_CBC) {
$iv = trim($iv);
$iv = pack('H' . strlen($iv), $iv);
}
$plaintext = trim($plaintext);
$plaintext = pack('H' . strlen($plaintext), $plaintext);
$expected_ciphertext = trim($expected_ciphertext);
$expected_ciphertext = pack('H' . strlen($expected_ciphertext), $expected_ciphertext);
# test vectors were created with different padding types
if ($mode == Blowfish::BLOWFISH_MODE_CBC) {
$padding = Blowfish::BLOWFISH_PADDING_ZERO;
} else {
$padding = Blowfish::BLOWFISH_PADDING_NONE;
}
$actual_ciphertext = Blowfish::encrypt($plaintext, $key, $mode, $padding, $iv);
$actual_deciphered = Blowfish::decrypt($expected_ciphertext, $key, $mode, $padding, $iv);
$cipher_result = $actual_ciphertext == $expected_ciphertext ? 'PASS' : 'FAIL';
$plain_result = $actual_deciphered == $plaintext ? 'PASS' : 'FAIL';
if ($mode != Blowfish::BLOWFISH_MODE_CBC) {
echo sprintf('%-50s%-20s%-20s%-10s%-20s%-20s%-10s%s', base64_encode($key), base64_encode($plaintext), base64_encode($actual_deciphered), $plain_result, base64_encode($expected_ciphertext), base64_encode($actual_ciphertext), $cipher_result, PHP_EOL);
} else {
echo sprintf('%-21s%-50s%-50s%-10s%s%-21s%-50s%-50s%-10s%s', $key, base64_encode($plaintext), base64_encode($actual_deciphered), $plain_result, PHP_EOL, $iv, base64_encode($expected_ciphertext), base64_encode($actual_ciphertext), $cipher_result, PHP_EOL);
}
}
}
<?php
require_once '../blowfish.php';
$examples = array(array('d)U>tQwbUWIozi2R"fOvK0Wuxyl79P%Uxr>;7iiy,b0hByATUB', 'x03nMwK34x&ciSUH0I1got', 'password'), array('RiV3wc615X6J2lzK', 'QndancjtdZ&b_J5aeId62x7Kxu`[dFFt{t7yGcS+O!w7JbAlQe', 'p'), array('d)U>tQwbUWIozi2R"fOvK0Wuxyl79P%Uxr>;7iiy,b0hByATUB', 'x03nMwK34x&ciSUH0I1got', 'Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.'), array('This is my secret key and it can be plain text', 'What about this initialisation vector?', 'I hope you know this invalidates my warranty'), array('This is my secret key and it can be plain test', 'What about this initialisation vector?', ''));
foreach ($examples as $ex) {
$ciphertext = Blowfish::encrypt($ex[2], $ex[0], Blowfish::BLOWFISH_MODE_CBC, Blowfish::BLOWFISH_PADDING_RFC, $ex[1]);
$deciphered = Blowfish::decrypt($ciphertext, $ex[0], Blowfish::BLOWFISH_MODE_CBC, Blowfish::BLOWFISH_PADDING_RFC, $ex[1]);
echo '<pre>';
printf('Plaintext: %s (length %d)%s', $ex[2], strlen($ex[2]), PHP_EOL);
printf('Ciphertext: %s (length %d)%s', $ciphertext, strlen($ciphertext), PHP_EOL);
printf('Deciphered text: %s (length %d)%s', $deciphered, strlen($deciphered), PHP_EOL);
}
