gnh1201/reasonableframework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add XOR Encryption when not supported OpenSSL

Browse Source
This commit is contained in:
Namhyeon Go 2018-03-21 12:21:17 +09:00 committed by GitHub
parent e463c7ee80
commit 78265064df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 64 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
system/security.php
View File

@ -67,7 +67,7 @@ if(!function_exists("get_session_token")) {
if(!function_exists("check_token_abuse_by_requests")) { if(!function_exists("check_token_abuse_by_requests")) {
function check_token_abuse_by_requests($name, $method="_POST") { function check_token_abuse_by_requests($name, $method="_POST") {
$requests = get_requests(); global $requests;
$flag = false; $flag = false;
if(array_key_empty($name, $requests[$method])) { if(array_key_empty($name, $requests[$method])) {
@ -126,7 +126,7 @@ if(!function_exists("process_safe_login")) {
$flag = false; $flag = false;
$ss_key = get_session("ss_key"); $ss_key = get_session("ss_key");
$user_id = 0; $user_id = 0;
$stored_password = ""; $stored_password = "";
if(!array_key_empty("user_id", $user_profile)) { if(!array_key_empty("user_id", $user_profile)) {
@ -155,11 +155,15 @@ if(!function_exists("process_safe_login")) {
} }
if(!function_exists("check_empty_requests")) { if(!function_exists("check_empty_requests")) {
function check_empty_requests($no_empty_fields, $method_get=true) { function check_empty_requests($no_empty_fields, $method_get=true, $method_all=false) {
$requests = get_requests(); global $requests;
$errors = array(); $errors = array();
$check_data = $method_get ? $requests['_GET'] : $requests['_POST']; if($method_all) {
$check_data = $requests['_ALL'];
} else {
$check_data = $method_get ? $requests['_GET'] : $requests['_POST'];
}
foreach($no_empty_fields as $fieldname) { foreach($no_empty_fields as $fieldname) {
if(array_key_empty($fieldname, $check_data)) { if(array_key_empty($fieldname, $check_data)) {
@ -277,7 +281,7 @@ if(!function_exists("session_logout")) {
$config = get_config(); $config = get_config();
$flag = false; $flag = false;
$ss_user_name = get_session("ss_user_name"); $ss_user_name = get_session("ss_user_name");
$ss_key = get_session("ss_key"); $ss_key = get_session("ss_key");
@ -316,6 +320,20 @@ if(!function_exists("get_current_user_name")) {
} }
} }
if(!function_exists("check_user_logged")) {
function check_user_logged() {
$logged = false;
$config = get_config();
if(get_current_user_id() > 0) {
$ss_key = get_current_session_data("ss_key");
$logged = check_login_session($ss_key, $config);
}
return $logged;
}
}
if(!function_exists("get_current_session_data")) { if(!function_exists("get_current_session_data")) {
function get_current_session_data($name) { function get_current_session_data($name) {
$current_data = ""; $current_data = "";
@ -350,7 +368,12 @@ if(!function_exists("get_fixed_id")) {
$config = get_config(); $config = get_config();
$init_salt = empty($salt) ? $config['salt'] : $salt; $init_salt = empty($salt) ? $config['salt'] : $salt;
$init_len = ($len < 1) ? $config['autolen'] : $len; $init_len = ($len < 3) ? $config['autolen'] : $len;
if($init_len < 3) {
$init_len = 8;
}
return substr(get_hashed_text(get_hashed_text($str, "sha1") . $init_salt, "sha1"), 0, $init_len); return substr(get_hashed_text(get_hashed_text($str, "sha1") . $init_salt, "sha1"), 0, $init_len);
} }
} }
@ -453,9 +476,12 @@ if(!function_exists("encapsulate_text")) {
if(function_exists("openssl_encrypt")) { if(function_exists("openssl_encrypt")) {
$encrypted_text = @openssl_encrypt($init_text, $algo, $init_key, true, $init_iv); $encrypted_text = @openssl_encrypt($init_text, $algo, $init_key, true, $init_iv);
if(!empty($encrypted_text)) { } else {
$encapsulated_text = base64_encode($encrypted_text); $encrypted_text = xor_this($init_key, $init_text);
} }
if(!empty($encrypted_text)) {
$encapsulated_text = base64_encode($encrypted_text);
} }
} }
@ -480,10 +506,13 @@ if(!function_exists("decapsulate_text")) {
$init_iv = empty($iv) ? $config['masteriv'] : $iv; $init_iv = empty($iv) ? $config['masteriv'] : $iv;
if(function_exists("openssl_decrypt")) { if(function_exists("openssl_decrypt")) {
$encrypted_text = @openssl_decrypt($init_text, $algo, $init_key, true, $init_iv); $decrypted_text = @openssl_decrypt($init_text, $algo, $init_key, true, $init_iv);
if(!empty($encrypted_text)) { } else {
$decapsulate_text = base64_encode($decrypted_text); $decrypted_text = xor_this($init_key, $init_text);
} }
if(!empty($encrypted_text)) {
$decapsulate_text = base64_encode($decrypted_text);
} }
} }
@ -493,11 +522,31 @@ if(!function_exists("decapsulate_text")) {
$decapsulate_text = ""; $decapsulate_text = "";
} }
} }
return $decapsulate_text; return $decapsulate_text;
} }
} }
// https://stackoverflow.com/questions/14673551/encrypt-decrypt-with-xor-in-php
if(!function_exists("xor_this")) {
function xor_this($key, $string, $debug=false) {
$text = $string;
$outText = "";
for($i = 0; $i<strlen($text); ) {
for($j = 0; ($j < strlen($key) && $i < strlen($text)); $j++, $i++) {
$outText .= $text{$i} ^ $key{$j};
if($debug) {
echo 'i=' . $i . ', ' . 'j=' . $j . ', ' . $outText{$i} . '<br />';
}
}
}
return $outText;
}
}
// https://wiki.ubuntu.com/DevelopmentCodeNames // https://wiki.ubuntu.com/DevelopmentCodeNames
if(!function_exists("get_generated_name")) { if(!function_exists("get_generated_name")) {
function get_generated_name() { function get_generated_name() {
@ -517,27 +566,5 @@ if(!function_exists("get_generated_name")) {
} }
} }
if(!function_exists("get_formatted_number")) {
function get_formatted_number($value) {
return number_format(floatval($value));
}
}
if(!function_exists("get_cutted_string")) {
function get_cutted_string($str, $start, $len=0, $charset="utf-8") {
$out_str = "";
if(function_exists("iconv_substr")) {
$out_str = iconv_substr($str, $start, $len, $charset);
} elseif(function_exists("mb_substr")) {
$out_str = mb_substr($str, $start, $len, $charset);
} else {
$out_str = substr($str, $start, $len);
}
return $out_str;
}
}
// start session (enable $_SESSION) // start session (enable $_SESSION)
session_start(); session_start();