Changeset:
438e3e49db53
https://sourceforge.net/p/mrbs/hg-code/ci/438e3e49db53c75f6a2a6a0292959e63b36048ab
Author:
John Beranek <[email protected]>
Date:
Fri Oct 16 21:23:02 2015 +0100
Log message:
Revamped "cookie" session scheme. We no longer use Blowfish
encryption, and instead just use hash_hmac().
diffstat:
web/Crypt/Blowfish.php | 318 -------------------------------------
web/Crypt/Blowfish/CBC.php | 152 ------------------
web/Crypt/Blowfish/DefaultKey.php | 319 --------------------------------------
web/Crypt/Blowfish/ECB.php | 142 ----------------
web/Crypt/Blowfish/MCrypt.php | 179 ---------------------
web/Crypt/Blowfish/PHP.php | 273 --------------------------------
web/session/session_cookie.inc | 99 +++++++---
7 files changed, 66 insertions(+), 1416 deletions(-)
diffs (truncated from 1564 to 300 lines):
diff -r 95deadcd3d44 -r 438e3e49db53 web/Crypt/Blowfish.php
--- a/web/Crypt/Blowfish.php Fri Oct 16 19:58:05 2015 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,318 +0,0 @@
-<?php
-/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
-
-/**
- * Crypt_Blowfish allows for encryption and decryption on the fly using
- * the Blowfish algorithm. Crypt_Blowfish does not require the MCrypt
- * PHP extension, but uses it if available, otherwise it uses only PHP.
- * Crypt_Blowfish supports encryption/decryption with or without a secret key.
- *
- * PHP versions 4 and 5
- *
- * @category Encryption
- * @package Crypt_Blowfish
- * @author Matthew Fonda <[email protected]>
- * @copyright 2005-2008 Matthew Fonda
- * @license http://www.opensource.net/licenses/bsd-license.php New BSD
- * @version CVS: $Id: Blowfish.php,v 1.86 2008/08/30 21:53:50 jausions Exp $
- * @link http://pear.php.net/package/Crypt_Blowfish
- */
-
-/**
- * Required PEAR package(s)
- */
-
-require_once __DIR__ . '/../PEAR.php';
-
-/**
- * Engine choice constants
- */
-/**
- * To let the Crypt_Blowfish package decide which engine to use
- * @since 1.1.0
- */
-define('CRYPT_BLOWFISH_AUTO', 1);
-/**
- * To use the MCrypt PHP extension.
- * @since 1.1.0
- */
-define('CRYPT_BLOWFISH_MCRYPT', 2);
-/**
- * To use the PHP-only engine.
- * @since 1.1.0
- */
-define('CRYPT_BLOWFISH_PHP', 3);
-
-
-/**
- * Example using the factory method in CBC mode
- *
- * <code>
- * $bf =& Crypt_Blowfish::factory('cbc');
- * if (PEAR::isError($bf)) {
- * echo $bf->getMessage();
- * exit;
- * }
- * $iv = 'abc123+=';
- * $key = 'My secret key';
- * $bf->setKey($key, $iv);
- * $encrypted = $bf->encrypt('this is some example plain text');
- * $bf->setKey($key, $iv);
- * $plaintext = $bf->decrypt($encrypted);
- * if (PEAR::isError($plaintext)) {
- * echo $plaintext->getMessage();
- * exit;
- * }
- * // Encrypted text is padded prior to encryption
- * // so you may need to trim the decrypted result.
- * echo 'plain text: ' . trim($plaintext);
- * </code>
- *
- * To disable using the mcrypt library, define the CRYPT_BLOWFISH_NOMCRYPT
- * constant. This is useful for instance on Windows platform with a buggy
- * mdecrypt_generic() function.
- * <code>
- * define('CRYPT_BLOWFISH_NOMCRYPT', true);
- * </code>
- *
- * @category Encryption
- * @package Crypt_Blowfish
- * @author Matthew Fonda <[email protected]>
- * @author Philippe Jausions <[email protected]>
- * @copyright 2005-2008 Matthew Fonda
- * @license http://www.opensource.net/licenses/bsd-license.php New BSD
- * @link http://pear.php.net/package/Crypt_Blowfish
- * @version 1.1.0RC2
- * @access public
- */
-class Crypt_Blowfish
-{
- /**
- * Implementation-specific Crypt_Blowfish object
- *
- * @var object
- * @access private
- */
- var $_crypt = null;
-
- /**
- * Initialization vector
- *
- * @var string
- * @access protected
- */
- var $_iv = null;
-
- /**
- * Holds block size
- *
- * @var integer
- * @access protected
- */
- var $_block_size = 8;
-
- /**
- * Holds IV size
- *
- * @var integer
- * @access protected
- */
- var $_iv_size = 8;
-
- /**
- * Holds max key size
- *
- * @var integer
- * @access protected
- */
- var $_key_size = 56;
-
- /**
- * Crypt_Blowfish Constructor
- * Initializes the Crypt_Blowfish object (in EBC mode), and sets
- * the secret key
- *
- * @param string $key
- * @access public
- * @deprecated Since 1.1.0
- * @see Crypt_Blowfish::factory()
- */
- function __construct($key)
- {
- $this->_crypt =& Crypt_Blowfish::factory('ecb', $key);
- if (!PEAR::isError($this->_crypt)) {
- $this->_crypt->setKey($key);
- }
- }
-
- /**
- * Crypt_Blowfish object factory
- *
- * This is the recommended method to create a Crypt_Blowfish instance.
- *
- * When using CRYPT_BLOWFISH_AUTO, you can force the package to ignore
- * the MCrypt extension, by defining CRYPT_BLOWFISH_NOMCRYPT.
- *
- * @param string $mode operating mode 'ecb' or 'cbc' (case insensitive)
- * @param string $key
- * @param string $iv initialization vector (must be provided for CBC mode)
- * @param integer $engine one of CRYPT_BLOWFISH_AUTO, CRYPT_BLOWFISH_PHP
- * or CRYPT_BLOWFISH_MCRYPT
- * @return object Crypt_Blowfish object or PEAR_Error object on error
- * @access public
- * @static
- * @since 1.1.0
- */
- function &factory($mode = 'ecb', $key = null, $iv = null, $engine =
CRYPT_BLOWFISH_AUTO)
- {
- switch ($engine) {
- case CRYPT_BLOWFISH_AUTO:
- if (!defined('CRYPT_BLOWFISH_NOMCRYPT')
- && extension_loaded('mcrypt')) {
- $engine = CRYPT_BLOWFISH_MCRYPT;
- } else {
- $engine = CRYPT_BLOWFISH_PHP;
- }
- break;
- case CRYPT_BLOWFISH_MCRYPT:
- if (!PEAR::loadExtension('mcrypt')) {
- return PEAR::raiseError('MCrypt extension is not
available.');
- }
- break;
- }
-
- switch ($engine) {
- case CRYPT_BLOWFISH_PHP:
- $mode = strtoupper($mode);
- $class = 'Crypt_Blowfish_' . $mode;
- include_once 'Blowfish/' . $mode . '.php';
- $crypt = new $class(null);
- break;
-
- case CRYPT_BLOWFISH_MCRYPT:
- include_once 'Blowfish/MCrypt.php';
- $crypt = new Crypt_Blowfish_MCrypt(null, $mode);
- break;
- }
-
- if (!is_null($key) || !is_null($iv)) {
- $result = $crypt->setKey($key, $iv);
- if (PEAR::isError($result)) {
- return $result;
- }
- }
-
- return $crypt;
- }
-
- /**
- * Returns the algorithm's block size
- *
- * @return integer
- * @access public
- * @since 1.1.0
- */
- function getBlockSize()
- {
- return $this->_block_size;
- }
-
- /**
- * Returns the algorithm's IV size
- *
- * @return integer
- * @access public
- * @since 1.1.0
- */
- function getIVSize()
- {
- return $this->_iv_size;
- }
-
- /**
- * Returns the algorithm's maximum key size
- *
- * @return integer
- * @access public
- * @since 1.1.0
- */
- function getMaxKeySize()
- {
- return $this->_key_size;
- }
-
- /**
- * Deprecated isReady method
- *
- * @return bool
- * @access public
- * @deprecated
- */
- function isReady()
- {
- return true;
- }
-
- /**
- * Deprecated init method - init is now a private
- * method and has been replaced with _init
- *
- * @return bool
- * @access public
- * @deprecated
- */
- function init()
- {
- return $this->_crypt->init();
- }
-
- /**
- * Encrypts a string
- *
- * Value is padded with NUL characters prior to encryption. You may
- * need to trim or cast the type when you decrypt.
- *
- * @param string $plainText the string of characters/bytes to encrypt
- * @return string|PEAR_Error Returns cipher text on success, PEAR_Error on
failure
- * @access public
- */
- function encrypt($plainText)
- {
- return $this->_crypt->encrypt($plainText);
- }
-
-
- /**
- * Decrypts an encrypted string
- *
- * The value was padded with NUL characters when encrypted. You may
- * need to trim the result or cast its type.
- *
- * @param string $cipherText the binary string to decrypt
- * @return string|PEAR_Error Returns plain text on success, PEAR_Error on
failure
- * @access public
- */
- function decrypt($cipherText)
- {
------------------------------------------------------------------------------
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
