| [ Index ] |
|
Code source de eGroupWare 1.2.106-2 |
1 <?php 2 /**************************************************************************\ 3 * eGroupWare API - Crypto * 4 * This file written by Joseph Engo <jengo@phpgroupware.org> * 5 * Handles encrypting strings based on various encryption schemes * 6 * Copyright (C) 2000, 2001 Dan Kuykendall * 7 * -------------------------------------------------------------------------* 8 * This library is part of the eGroupWare API * 9 * http://www.egroupware.org/api * 10 * -------------------------------------------------------------------------* 11 * This library is free software; you can redistribute it and/or modify it * 12 * under the terms of the GNU Lesser General Public License as published by * 13 * the Free Software Foundation; either version 2.1 of the License, * 14 * or any later version. * 15 * This library is distributed in the hope that it will be useful, but * 16 * WITHOUT ANY WARRANTY; without even the implied warranty of * 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * 18 * See the GNU Lesser General Public License for more details. * 19 * You should have received a copy of the GNU Lesser General Public License * 20 * along with this library; if not, write to the Free Software Foundation, * 21 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * 22 \**************************************************************************/ 23 24 /* $Id: class.crypto.inc.php 20295 2006-02-15 12:31:25Z $ */ 25 26 class crypto 27 { 28 var $enabled = False; 29 var $debug = False; 30 31 var $mcrypt_version = ''; 32 var $algo = MCRYPT_TRIPLEDES; 33 var $mode = MCRYPT_MODE_CBC; 34 var $td = False; /* Handle for mcrypt */ 35 var $iv = ''; 36 var $key = ''; 37 38 function crypto($vars='') 39 { 40 if($GLOBALS['egw_info']['flags']['currentapp'] == 'login' || 41 $GLOBALS['egw_info']['flags']['currentapp'] == 'logout' || 42 $GLOBALS['egw_info']['flags']['currentapp'] == 'home' 43 ) 44 { 45 $this->debug = False; 46 } 47 if(is_array($vars)) 48 { 49 $this->init($vars); 50 } 51 } 52 53 function init($vars) 54 { 55 /* _debug_array(mcrypt_list_algorithms()); */ 56 $key = $vars[0]; 57 $iv = $vars[1]; 58 59 if($GLOBALS['egw_info']['server']['mcrypt_enabled'] && extension_loaded('mcrypt')) 60 { 61 if($GLOBALS['egw_info']['server']['mcrypt_algo']) 62 { 63 $this->algo = $GLOBALS['egw_info']['server']['mcrypt_algo']; 64 } 65 if($GLOBALS['egw_info']['server']['mcrypt_mode']) 66 { 67 $this->mode = $GLOBALS['egw_info']['server']['mcrypt_mode']; 68 } 69 70 if($this->debug) 71 { 72 echo '<br>crypto: algorithm=' . $this->algo; 73 echo '<br>crypto: mode =' . $this->mode; 74 } 75 76 $this->enabled = True; 77 $this->mcrypt_version = $GLOBALS['egw_info']['server']['versions']['mcrypt']; 78 if($this->mcrypt_version == 'old') 79 { 80 $this->td = False; 81 if(phpversion() > '4.0.2pl1') 82 { 83 $keysize = mcrypt_get_key_size($this->algo); 84 $ivsize = mcrypt_get_iv_size($this->algo,$this->mode); 85 } 86 else 87 { 88 $keysize = 8; 89 $ivsize = 8; 90 } 91 } 92 else 93 { 94 /* Start up mcrypt */ 95 $this->td = mcrypt_module_open($this->algo, '', $this->mode, ''); 96 97 $ivsize = mcrypt_enc_get_iv_size($this->td); 98 $keysize = mcrypt_enc_get_key_size($this->td); 99 } 100 101 /* Hack IV to be the correct size */ 102 $x = strlen($iv); 103 $this->iv = ''; 104 for($i = 0; $i < $ivsize; $i++) 105 { 106 $this->iv .= $iv[$i % $x]; 107 } 108 109 /* Hack Key to be the correct size */ 110 $x = strlen($key); 111 $this->key = ''; 112 for($i = 0; $i < $keysize; $i++) 113 { 114 $this->key .= $key[$i % $x]; 115 } 116 } 117 else 118 { 119 /* If mcrypt isn't loaded, key and iv are not needed. */ 120 if($this->debug) 121 { 122 echo '<br>crypto: mycrypt unavailable or disabled'; 123 } 124 } 125 } 126 127 function cleanup() 128 { 129 if($this->enabled) 130 { 131 if($this->mcrypt_version != 'old') 132 { 133 if(function_exists('mcrypt_generic_deinit')) 134 { 135 mcrypt_generic_deinit($this->td); 136 } 137 else 138 { 139 mcrypt_generic_end($this->td); 140 } 141 } 142 } 143 } 144 145 function hex2bin($data) 146 { 147 $len = strlen($data); 148 return pack('H'.$len, $data); 149 } 150 151 function encrypt($data) 152 { 153 if($this->debug) 154 { 155 echo '<br>' . time() . ' crypto->encrypt() unencrypted data: ---->>>>' . $data . "\n"; 156 } 157 158 if(@is_array($data) || @is_object($data)) 159 { 160 if($this->debug) 161 { 162 echo '<br>' . time() . ' crypto->encrypt() found an "' . gettype($data) . '". Serializing...' . "\n"; 163 } 164 $data = serialize($data); 165 $_obj = True; 166 } 167 else 168 { 169 if($this->debug) 170 { 171 echo '<br>' . time() . ' crypto->encrypt() found "' . gettype($data) . '". No serialization...' . "\n"; 172 } 173 } 174 175 /* Disable all encryption if the admin didn't set it up */ 176 if($this->enabled) 177 { 178 if($_obj) 179 { 180 if($this->debug) 181 { 182 echo '<br>' . time() . ' crypto->encrypt() adding slashes' . "\n"; 183 } 184 $data = addslashes($data); 185 } 186 187 if($this->debug) 188 { 189 echo '<br>' . time() . ' crypto->encrypt() data: ---->>>>' . $data; 190 } 191 192 switch($this->mcrypt_version) 193 { 194 case 'old': 195 /* The old code, only works with mcrypt <= 2.2.x */ 196 $encrypteddata = mcrypt_cbc($this->algo, $this->key, $data, MCRYPT_ENCRYPT); 197 break; 198 default: 199 /* Handle 2.4 and newer API */ 200 mcrypt_generic_init($this->td, $this->key, $this->iv); 201 $encrypteddata = mcrypt_generic($this->td, $data); 202 break; 203 } 204 $encrypteddata = bin2hex($encrypteddata); 205 if($this->debug) 206 { 207 echo '<br>' . time() . ' crypto->encrypt() crypted data: ---->>>>' . $encrypteddata; 208 } 209 return $encrypteddata; 210 } 211 else 212 { 213 /* No mcrypt == insecure ! */ 214 if($this->debug) 215 { 216 echo '<br>' . time() . ' crypto->encrypt() crypted data: ---->>>>' . $data; 217 } 218 return $data; 219 } 220 } 221 222 function decrypt($encrypteddata) 223 { 224 if($this->debug) 225 { 226 echo '<br>' . time() . ' crypto->decrypt() crypted data: ---->>>>' . $encrypteddata; 227 } 228 /* Disable all encryption if the admin didn't set it up */ 229 if($this->enabled) 230 { 231 $data = $this->hex2bin($encrypteddata); 232 switch($this->mcrypt_version) 233 { 234 case 'old': 235 /* The old code, only works with mcrypt <= 2.2.x */ 236 $data = mcrypt_cbc($this->algo, $this->key, $data, MCRYPT_DECRYPT); 237 break; 238 default: 239 /* Handle 2.4 and newer API */ 240 mcrypt_generic_init($this->td, $this->key, $this->iv); 241 $data = mdecrypt_generic($this->td, $data); 242 break; 243 } 244 245 if($this->debug) 246 { 247 echo '<br>' . time() . ' crypto->decrypt() decrypted data: ---->>>>' . $data; 248 } 249 $test = stripslashes($data); 250 if(@unserialize($test)) 251 { 252 if($this->debug) 253 { 254 echo '<br>' . time() . ' crypto->decrypt() stripping slashes' . "\n"; 255 } 256 $data = $test; 257 } 258 unset($test); 259 260 if($this->debug) 261 { 262 echo '<br>' . time() . ' crypto->decrypt() data: ---->>>>' . $data . "\n"; 263 } 264 } 265 else 266 { 267 /* No mcrypt == insecure ! */ 268 $data = $encrypteddata; 269 } 270 271 // Fix strange bug 272 // Without this, somes ^@^@^@^@ appears in data 273 $data = chop($data); 274 275 $newdata = @unserialize($data); 276 /* Check whether an array or object exists, even if empty. These should be the only ones originally serialized. */ 277 if(@is_array($newdata) || @is_object($newdata)) 278 { 279 /* array or object */ 280 if($this->debug) 281 { 282 echo '<br>' . time() . ' crypto->decrypt() found serialized "' . gettype($newdata) . '". Unserializing...' . "\n"; 283 echo '<br>' . time() . ' crypto->decrypt() returning: '; _debug_array($newdata); 284 } 285 return $newdata; 286 } 287 else 288 { 289 /* Other types */ 290 if($this->debug) 291 { 292 echo '<br>' . time() . ' crypto->decrypt() found UNserialized "' . gettype($data) . '". No unserialization...' . "\n"; 293 echo '<br>' . time() . ' crypto->decrypt() returning: ' . $data; 294 } 295 return $data; 296 } 297 } 298 } // class crypto 299 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 17:20:01 2007 | par Balluche grâce à PHPXref 0.7 |