/** * Alternative decryption using Pure PHP Libraries * @http://px.sklar.com/code.html/id=1287 * Fix and added More Secure Method * * @param string $str string to be decode * @param string $pass the hash key * @return mixed decryption value output */ public static function altDecrypt($enc, $pass = '') { // if has $enc or invalid no value or not as string stop here if (!is_string($enc) || strlen(trim($enc)) < 4 || (strlen($enc) > 10 ? strpos($enc, 'aCb') !== 10 : strpos($enc, 'aCb') !== 2)) { // check if mcrypt loaded and crypt using mcrypt if (is_string($enc) && strlen(trim($enc)) > 3 && extension_loaded('mcrypt') && (strlen($enc) > 10 ? strpos($enc, 'mCb') === 10 : strpos($enc, 'mCb') === 2)) { return static::decrypt($enc, $pass); } return null; } /** * Replace Injection 3 characters sign */ $enc = strlen($enc) > 10 ? substr_replace($enc, '', 10, 3) : substr_replace($enc, '', 2, 3); // this is base64 safe encoded? if (preg_match('/[^a-z0-9\\+\\/\\=\\-\\_]/i', $enc)) { return null; } /** * ------------------------------------ * Safe Sanitized * ------------------------------------ */ $pass = !$pass ? Config::get('security_salt', '') : $pass; (is_null($pass) || $pass === false) && ($pass = ''); // safe is use array orobject as hash $pass = StringHelper::maybeSerialize($pass); if (!$pass) { $pass = Sha1::hash($pass); } /** * Doing decode of input encryption */ $enc = Internal::safeBase64Decode($enc); /** * ------------------------------------ * Doing convert encrypted string * ------------------------------------ */ $enc_arr = str_split($enc); $pass_arr = str_split($pass); $add = 0; $div = strlen($enc) / strlen($pass); $newpass = ''; while ($add <= $div) { $newpass .= $pass; $add++; } $pass_arr = str_split($newpass); $ascii = ''; foreach ($enc_arr as $key => $asc) { $pass_int = ord($pass_arr[$key]); $enc_int = ord($asc); $str_int = $enc_int - $pass_int; $ascii .= chr($str_int - strlen($enc)); } /* -------------------------------- * reversing * ------------------------------ */ // unpack $unpack = unpack('a*', trim($ascii)); /** * if empty return here */ if (!$unpack) { return null; } // implode the unpacking array $unpack = implode('', (array) $unpack); /** * Doing decode of input encryption from unpacked */ $unpack = Internal::safeBase64Decode($unpack); /** * Reverse Rotate */ $retval = Internal::rotate($unpack, 13); /** * For some case packing returning invisible characters * remove it */ $retval = StringHelper::removeInvisibleCharacters($retval, false); // check if string less than 40 && match end of hash if (strlen($retval) < 40 || substr($retval, -40) !== Sha1::hash(Sha256::hash($pass))) { return; } // remove last 40 characters $retval = substr($retval, 0, strlen($retval) - 40); // check if result is not string it will be need to be unserialize $retval = StringHelper::maybeUnserialize($retval); /** * Check if value is array */ if (is_array($retval) && array_key_exists('acb', $retval)) { return $retval['acb']; } // freed the memory unset($retval); return null; }