/**
* Function to encrypt the sensitive data on its first run. For rest of the run, this function decrypts the encrypted data for use.
* @return string The string in plain-text
* @throws FileNotWritable Thrown when the file is not writable
*/
function confidentialString()
{
$trace = debug_backtrace();
//get the trace of this function call.
//From this trace, find the proper sub-array which contains this function call. That call would be when the array's function parameter would contain this __FUNCTION__ value.
$arraySlot = null;
foreach ($trace as $count => $oncCall) {
if ($oncCall['function'] == __FUNCTION__) {
$arraySlot = $count;
break;
}
}
//If no value is passed to this function, then there is nothing to protect. Hence exit.
if (count($trace[$arraySlot]['args']) == 0) {
return "";
}
//Every encrypted string will contain ":" in the beginning. If this character is found in the string, then this is an encrypted string.
if ($trace[$arraySlot]['args'][0][0] == ":") {
$decodedString = substr($trace[$arraySlot]['args'][0], 1);
//remove the ":" character form the string.
$decodedString = base64_decode($decodedString);
//the string was base64 encoded. Hence decode it back.
$decryptedString = mcrypt_decrypt(Encryption::getCipher(), Encryption::getKey(), $decodedString, Encryption::getMode(), Encryption::getIV());
//decrypt the string.
return unserialize(rtrim($decryptedString, ""));
//return the decrypted string.
} else {
$origString = $trace[$arraySlot]['args'][0];
//store the original value.
$encryptedString = mcrypt_encrypt(Encryption::getCipher(), Encryption::getKey(), serialize($origString), Encryption::getMode(), Encryption::getIV());
//encrypt the value.
$encryptedString = base64_encode($encryptedString);
//base 64 encode it.
$encryptedString = ":" . $encryptedString;
//append ":" at the beginning of the encrypted string.
$fileData = file($trace[$arraySlot]['file']);
//get file contents as an array.
$prevLine = $fileData[(int) $trace[$arraySlot]['line'] - 1];
//get the line that needs to be replaced i.e. the string that contains the plain-text sensitive data.
$functionName = str_replace(__NAMESPACE__ . "\\", '', __FUNCTION__);
//calculate the function name of this function (without any namespace).
$pos = strpos($prevLine, $functionName);
//find the position of this function-name in the original string.
$endPos = strpos($prevLine, ")", $pos);
//search where this function ends, but start the search from the start of the function.
$newLine = substr($prevLine, 0, $pos) . $functionName . "('{$encryptedString}')";
//generate the new line i.e. with encrypted String.
$fileData[(int) $trace[$arraySlot]['line'] - 1] = $newLine . substr($prevLine, $endPos + 1);
//replace the old line with the new line.
$fileData = implode("", $fileData);
//get the data from the array.
//check if file is writable or not.
if (!is_writable($trace[$arraySlot]['file'])) {
throw new FileNotWritable("ERROR: This file is not Writable!!");
}
//write this new data to file.
$fp = fopen($trace[$arraySlot]['file'], 'w');
fwrite($fp, $fileData);
fclose($fp);
//return the un-encrypted string for use.
return $origString;
}
}
