gnh1201/reasonableframework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update security.php

Browse Source
This commit is contained in:
Namhyeon Go 2018-03-07 13:11:59 +09:00 committed by GitHub
parent ea39c6d7c2
commit e6bb3fbd3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
system/security.php
View File

@ -425,12 +425,20 @@ if(!function_exists("get_callable_token")) {
} }
if(!function_exists("encapsulate_text")) { if(!function_exists("encapsulate_text")) {
function encapsulate_text($text, $algo="aes-128-cbc", $key="", $iv="") { function encapsulate_text($text, $algo="aes-128-cbc", $key="", $iv="", $hash="", $hash_algo="sha1") {
global $config; global $config;
$encapsulated_text = ""; $encapsulated_text = "";
$encrypted_text = ""; $encrypted_text = "";
// when fail hash test
if(!empty($hash)) {
if($hash != get_hashed_text($text, $hash_algo)) {
return $encapsulated_text;
}
}
// initialize text
$init_text = base64_encode($text); $init_text = base64_encode($text);
if($algo == "base64") { if($algo == "base64") {
@ -440,7 +448,7 @@ if(!function_exists("encapsulate_text")) {
$init_iv = empty($iv) ? $config['masteriv'] : $iv; $init_iv = empty($iv) ? $config['masteriv'] : $iv;
if(function_exists("openssl_encrypt")) { if(function_exists("openssl_encrypt")) {
$encrypted_text = @openssl_encrypt($init_text ,$algo, $init_key, true, $init_iv); $encrypted_text = @openssl_encrypt($init_text, $algo, $init_key, true, $init_iv);
if(!empty($encrypted_text)) { if(!empty($encrypted_text)) {
$encapsulated_text = base64_encode($encrypted_text); $encapsulated_text = base64_encode($encrypted_text);
} }
@ -452,12 +460,13 @@ if(!function_exists("encapsulate_text")) {
} }
if(!function_exists("decapsulate_text")) { if(!function_exists("decapsulate_text")) {
function decapsulate_text($text, $algo="aes-128-cbc", $key="", $iv="") { function decapsulate_text($text, $algo="aes-128-cbc", $key="", $iv="", $hash="", $hash_algo="sha1") {
global $config; global $config;
$decapsulate_text = ""; $decapsulate_text = "";
$decrypted_text = ""; $decrypted_text = "";
// initialize text
$init_text = base64_decode($text); $init_text = base64_decode($text);
if($algo = "base64") { if($algo = "base64") {
@ -467,13 +476,20 @@ if(!function_exists("decapsulate_text")) {
$init_iv = empty($iv) ? $config['masteriv'] : $iv; $init_iv = empty($iv) ? $config['masteriv'] : $iv;
if(function_exists("openssl_decrypt")) { if(function_exists("openssl_decrypt")) {
$encrypted_text = @openssl_decrypt($init_text ,$algo, $init_key, true, $init_iv); $encrypted_text = @openssl_decrypt($init_text, $algo, $init_key, true, $init_iv);
if(!empty($encrypted_text)) { if(!empty($encrypted_text)) {
$decapsulate_text = base64_encode($decrypted_text); $decapsulate_text = base64_encode($decrypted_text);
} }
} }
} }
// when fail hash test
if(!empty($hash)) {
if($hash != get_hashed_text($decapsulate_text, $hash_algo)) {
$decapsulate_text = "";
}
}
return $decapsulate_text; return $decapsulate_text;
} }
} }