-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');\r
-/**\r
- * CodeIgniter\r
- *\r
- * An open source application development framework for PHP 4.3.2 or newer\r
- *\r
- * @package CodeIgniter\r
- * @author ExpressionEngine Dev Team\r
- * @copyright Copyright (c) 2008, EllisLab, Inc.\r
- * @license http://codeigniter.com/user_guide/license.html\r
- * @link http://codeigniter.com\r
- * @since Version 1.0\r
- * @filesource\r
- */\r
-\r
-// ------------------------------------------------------------------------\r
-\r
-/**\r
- * CodeIgniter Encryption Class\r
- *\r
- * Provides two-way keyed encoding using XOR Hashing and Mcrypt\r
- *\r
- * @package CodeIgniter\r
- * @subpackage Libraries\r
- * @category Libraries\r
- * @author ExpressionEngine Dev Team\r
- * @link http://codeigniter.com/user_guide/libraries/encryption.html\r
- */\r
-class CI_Encrypt {\r
-\r
- var $CI;\r
- var $encryption_key = '';\r
- var $_hash_type = 'sha1';\r
- var $_mcrypt_exists = FALSE;\r
- var $_mcrypt_cipher;\r
- var $_mcrypt_mode;\r
-\r
- /**\r
- * Constructor\r
- *\r
- * Simply determines whether the mcrypt library exists.\r
- *\r
- */\r
- function CI_Encrypt()\r
- {\r
- $this->CI =& get_instance();\r
- $this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE;\r
- log_message('debug', "Encrypt Class Initialized");\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Fetch the encryption key\r
- *\r
- * Returns it as MD5 in order to have an exact-length 128 bit key.\r
- * Mcrypt is sensitive to keys that are not the correct length\r
- *\r
- * @access public\r
- * @param string\r
- * @return string\r
- */\r
- function get_key($key = '')\r
- {\r
- if ($key == '')\r
- {\r
- if ($this->encryption_key != '')\r
- {\r
- return $this->encryption_key;\r
- }\r
-\r
- $CI =& get_instance();\r
- $key = $CI->config->item('encryption_key');\r
-\r
- if ($key === FALSE)\r
- {\r
- show_error('In order to use the encryption class requires that you set an encryption key in your config file.');\r
- }\r
- }\r
-\r
- return md5($key);\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Set the encryption key\r
- *\r
- * @access public\r
- * @param string\r
- * @return void\r
- */\r
- function set_key($key = '')\r
- {\r
- $this->encryption_key = $key;\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Encode\r
- *\r
- * Encodes the message string using bitwise XOR encoding.\r
- * The key is combined with a random hash, and then it\r
- * too gets converted using XOR. The whole thing is then run\r
- * through mcrypt (if supported) using the randomized key.\r
- * The end result is a double-encrypted message string\r
- * that is randomized with each call to this function,\r
- * even if the supplied message and key are the same.\r
- *\r
- * @access public\r
- * @param string the string to encode\r
- * @param string the key\r
- * @return string\r
- */\r
- function encode($string, $key = '')\r
- {\r
- $key = $this->get_key($key);\r
- $enc = $this->_xor_encode($string, $key);\r
- \r
- if ($this->_mcrypt_exists === TRUE)\r
- {\r
- $enc = $this->mcrypt_encode($enc, $key);\r
- }\r
- return base64_encode($enc);\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Decode\r
- *\r
- * Reverses the above process\r
- *\r
- * @access public\r
- * @param string\r
- * @param string\r
- * @return string\r
- */\r
- function decode($string, $key = '')\r
- {\r
- $key = $this->get_key($key);\r
- \r
- if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))\r
- {\r
- return FALSE;\r
- }\r
-\r
- $dec = base64_decode($string);\r
-\r
- if ($this->_mcrypt_exists === TRUE)\r
- {\r
- if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE)\r
- {\r
- return FALSE;\r
- }\r
- }\r
-\r
- return $this->_xor_decode($dec, $key);\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * XOR Encode\r
- *\r
- * Takes a plain-text string and key as input and generates an\r
- * encoded bit-string using XOR\r
- *\r
- * @access private\r
- * @param string\r
- * @param string\r
- * @return string\r
- */\r
- function _xor_encode($string, $key)\r
- {\r
- $rand = '';\r
- while (strlen($rand) < 32)\r
- {\r
- $rand .= mt_rand(0, mt_getrandmax());\r
- }\r
-\r
- $rand = $this->hash($rand);\r
-\r
- $enc = '';\r
- for ($i = 0; $i < strlen($string); $i++)\r
- { \r
- $enc .= substr($rand, ($i % strlen($rand)), 1).(substr($rand, ($i % strlen($rand)), 1) ^ substr($string, $i, 1));\r
- }\r
-\r
- return $this->_xor_merge($enc, $key);\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * XOR Decode\r
- *\r
- * Takes an encoded string and key as input and generates the\r
- * plain-text original message\r
- *\r
- * @access private\r
- * @param string\r
- * @param string\r
- * @return string\r
- */\r
- function _xor_decode($string, $key)\r
- {\r
- $string = $this->_xor_merge($string, $key);\r
-\r
- $dec = '';\r
- for ($i = 0; $i < strlen($string); $i++)\r
- {\r
- $dec .= (substr($string, $i++, 1) ^ substr($string, $i, 1));\r
- }\r
-\r
- return $dec;\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * XOR key + string Combiner\r
- *\r
- * Takes a string and key as input and computes the difference using XOR\r
- *\r
- * @access private\r
- * @param string\r
- * @param string\r
- * @return string\r
- */\r
- function _xor_merge($string, $key)\r
- {\r
- $hash = $this->hash($key);\r
- $str = '';\r
- for ($i = 0; $i < strlen($string); $i++)\r
- {\r
- $str .= substr($string, $i, 1) ^ substr($hash, ($i % strlen($hash)), 1);\r
- }\r
-\r
- return $str;\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Encrypt using Mcrypt\r
- *\r
- * @access public\r
- * @param string\r
- * @param string\r
- * @return string\r
- */\r
- function mcrypt_encode($data, $key)\r
- {\r
- $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());\r
- $init_vect = mcrypt_create_iv($init_size, MCRYPT_RAND);\r
- return $this->_add_cipher_noise($init_vect.mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), $key);\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Decrypt using Mcrypt\r
- *\r
- * @access public\r
- * @param string\r
- * @param string\r
- * @return string\r
- */\r
- function mcrypt_decode($data, $key)\r
- {\r
- $data = $this->_remove_cipher_noise($data, $key);\r
- $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());\r
-\r
- if ($init_size > strlen($data))\r
- {\r
- return FALSE;\r
- }\r
-\r
- $init_vect = substr($data, 0, $init_size);\r
- $data = substr($data, $init_size);\r
- return rtrim(mcrypt_decrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), "\0");\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Adds permuted noise to the IV + encrypted data to protect\r
- * against Man-in-the-middle attacks on CBC mode ciphers\r
- * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV\r
- *\r
- * Function description\r
- *\r
- * @access private\r
- * @param string\r
- * @param string\r
- * @return string\r
- */\r
- function _add_cipher_noise($data, $key)\r
- {\r
- $keyhash = $this->hash($key);\r
- $keylen = strlen($keyhash);\r
- $str = '';\r
-\r
- for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)\r
- {\r
- if ($j >= $keylen)\r
- {\r
- $j = 0;\r
- }\r
-\r
- $str .= chr((ord($data[$i]) + ord($keyhash[$j])) % 256);\r
- }\r
-\r
- return $str;\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Removes permuted noise from the IV + encrypted data, reversing\r
- * _add_cipher_noise()\r
- *\r
- * Function description\r
- *\r
- * @access public\r
- * @param type\r
- * @return type\r
- */\r
- function _remove_cipher_noise($data, $key)\r
- {\r
- $keyhash = $this->hash($key);\r
- $keylen = strlen($keyhash);\r
- $str = '';\r
-\r
- for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)\r
- {\r
- if ($j >= $keylen)\r
- {\r
- $j = 0;\r
- }\r
-\r
- $temp = ord($data[$i]) - ord($keyhash[$j]);\r
-\r
- if ($temp < 0)\r
- {\r
- $temp = $temp + 256;\r
- }\r
- \r
- $str .= chr($temp);\r
- }\r
-\r
- return $str;\r
- }\r
-\r
- // --------------------------------------------------------------------\r
- \r
- /**\r
- * Set the Mcrypt Cipher\r
- *\r
- * @access public\r
- * @param constant\r
- * @return string\r
- */\r
- function set_cipher($cipher)\r
- {\r
- $this->_mcrypt_cipher = $cipher;\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Set the Mcrypt Mode\r
- *\r
- * @access public\r
- * @param constant\r
- * @return string\r
- */\r
- function set_mode($mode)\r
- {\r
- $this->_mcrypt_mode = $mode;\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Get Mcrypt cipher Value\r
- *\r
- * @access private\r
- * @return string\r
- */\r
- function _get_cipher()\r
- {\r
- if ($this->_mcrypt_cipher == '')\r
- {\r
- $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256;\r
- }\r
-\r
- return $this->_mcrypt_cipher;\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Get Mcrypt Mode Value\r
- *\r
- * @access private\r
- * @return string\r
- */\r
- function _get_mode()\r
- {\r
- if ($this->_mcrypt_mode == '')\r
- {\r
- $this->_mcrypt_mode = MCRYPT_MODE_ECB;\r
- }\r
- \r
- return $this->_mcrypt_mode;\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Set the Hash type\r
- *\r
- * @access public\r
- * @param string\r
- * @return string\r
- */\r
- function set_hash($type = 'sha1')\r
- {\r
- $this->_hash_type = ($type != 'sha1' AND $type != 'md5') ? 'sha1' : $type;\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Hash encode a string\r
- *\r
- * @access public\r
- * @param string\r
- * @return string\r
- */ \r
- function hash($str)\r
- {\r
- return ($this->_hash_type == 'sha1') ? $this->sha1($str) : md5($str);\r
- }\r
-\r
- // --------------------------------------------------------------------\r
-\r
- /**\r
- * Generate an SHA1 Hash\r
- *\r
- * @access public\r
- * @param string\r
- * @return string\r
- */\r
- function sha1($str)\r
- {\r
- if ( ! function_exists('sha1'))\r
- {\r
- if ( ! function_exists('mhash'))\r
- {\r
- require_once(BASEPATH.'libraries/Sha1'.EXT);\r
- $SH = new CI_SHA;\r
- return $SH->generate($str);\r
- }\r
- else\r
- {\r
- return bin2hex(mhash(MHASH_SHA1, $str));\r
- }\r
- }\r
- else\r
- {\r
- return sha1($str);\r
- }\r
- }\r
-\r
-}\r
-\r
-// END CI_Encrypt class\r
-\r
-/* End of file Encrypt.php */\r
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+/**
+ * CodeIgniter
+ *
+ * An open source application development framework for PHP 4.3.2 or newer
+ *
+ * @package CodeIgniter
+ * @author ExpressionEngine Dev Team
+ * @copyright Copyright (c) 2008, EllisLab, Inc.
+ * @license http://codeigniter.com/user_guide/license.html
+ * @link http://codeigniter.com
+ * @since Version 1.0
+ * @filesource
+ */
+
+// ------------------------------------------------------------------------
+
+/**
+ * CodeIgniter Encryption Class
+ *
+ * Provides two-way keyed encoding using XOR Hashing and Mcrypt
+ *
+ * @package CodeIgniter
+ * @subpackage Libraries
+ * @category Libraries
+ * @author ExpressionEngine Dev Team
+ * @link http://codeigniter.com/user_guide/libraries/encryption.html
+ */
+class CI_Encrypt {
+
+ var $CI;
+ var $encryption_key = '';
+ var $_hash_type = 'sha1';
+ var $_mcrypt_exists = FALSE;
+ var $_mcrypt_cipher;
+ var $_mcrypt_mode;
+
+ /**
+ * Constructor
+ *
+ * Simply determines whether the mcrypt library exists.
+ *
+ */
+ function CI_Encrypt()
+ {
+ $this->CI =& get_instance();
+ $this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE;
+ log_message('debug', "Encrypt Class Initialized");
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Fetch the encryption key
+ *
+ * Returns it as MD5 in order to have an exact-length 128 bit key.
+ * Mcrypt is sensitive to keys that are not the correct length
+ *
+ * @access public
+ * @param string
+ * @return string
+ */
+ function get_key($key = '')
+ {
+ if ($key == '')
+ {
+ if ($this->encryption_key != '')
+ {
+ return $this->encryption_key;
+ }
+
+ $CI =& get_instance();
+ $key = $CI->config->item('encryption_key');
+
+ if ($key === FALSE)
+ {
+ show_error('In order to use the encryption class requires that you set an encryption key in your config file.');
+ }
+ }
+
+ return md5($key);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Set the encryption key
+ *
+ * @access public
+ * @param string
+ * @return void
+ */
+ function set_key($key = '')
+ {
+ $this->encryption_key = $key;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Encode
+ *
+ * Encodes the message string using bitwise XOR encoding.
+ * The key is combined with a random hash, and then it
+ * too gets converted using XOR. The whole thing is then run
+ * through mcrypt (if supported) using the randomized key.
+ * The end result is a double-encrypted message string
+ * that is randomized with each call to this function,
+ * even if the supplied message and key are the same.
+ *
+ * @access public
+ * @param string the string to encode
+ * @param string the key
+ * @return string
+ */
+ function encode($string, $key = '')
+ {
+ $key = $this->get_key($key);
+ $enc = $this->_xor_encode($string, $key);
+
+ if ($this->_mcrypt_exists === TRUE)
+ {
+ $enc = $this->mcrypt_encode($enc, $key);
+ }
+ return base64_encode($enc);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Decode
+ *
+ * Reverses the above process
+ *
+ * @access public
+ * @param string
+ * @param string
+ * @return string
+ */
+ function decode($string, $key = '')
+ {
+ $key = $this->get_key($key);
+
+ if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))
+ {
+ return FALSE;
+ }
+
+ $dec = base64_decode($string);
+
+ if ($this->_mcrypt_exists === TRUE)
+ {
+ if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE)
+ {
+ return FALSE;
+ }
+ }
+
+ return $this->_xor_decode($dec, $key);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * XOR Encode
+ *
+ * Takes a plain-text string and key as input and generates an
+ * encoded bit-string using XOR
+ *
+ * @access private
+ * @param string
+ * @param string
+ * @return string
+ */
+ function _xor_encode($string, $key)
+ {
+ $rand = '';
+ while (strlen($rand) < 32)
+ {
+ $rand .= mt_rand(0, mt_getrandmax());
+ }
+
+ $rand = $this->hash($rand);
+
+ $enc = '';
+ for ($i = 0; $i < strlen($string); $i++)
+ {
+ $enc .= substr($rand, ($i % strlen($rand)), 1).(substr($rand, ($i % strlen($rand)), 1) ^ substr($string, $i, 1));
+ }
+
+ return $this->_xor_merge($enc, $key);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * XOR Decode
+ *
+ * Takes an encoded string and key as input and generates the
+ * plain-text original message
+ *
+ * @access private
+ * @param string
+ * @param string
+ * @return string
+ */
+ function _xor_decode($string, $key)
+ {
+ $string = $this->_xor_merge($string, $key);
+
+ $dec = '';
+ for ($i = 0; $i < strlen($string); $i++)
+ {
+ $dec .= (substr($string, $i++, 1) ^ substr($string, $i, 1));
+ }
+
+ return $dec;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * XOR key + string Combiner
+ *
+ * Takes a string and key as input and computes the difference using XOR
+ *
+ * @access private
+ * @param string
+ * @param string
+ * @return string
+ */
+ function _xor_merge($string, $key)
+ {
+ $hash = $this->hash($key);
+ $str = '';
+ for ($i = 0; $i < strlen($string); $i++)
+ {
+ $str .= substr($string, $i, 1) ^ substr($hash, ($i % strlen($hash)), 1);
+ }
+
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Encrypt using Mcrypt
+ *
+ * @access public
+ * @param string
+ * @param string
+ * @return string
+ */
+ function mcrypt_encode($data, $key)
+ {
+ $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());
+ $init_vect = mcrypt_create_iv($init_size, MCRYPT_RAND);
+ return $this->_add_cipher_noise($init_vect.mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), $key);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Decrypt using Mcrypt
+ *
+ * @access public
+ * @param string
+ * @param string
+ * @return string
+ */
+ function mcrypt_decode($data, $key)
+ {
+ $data = $this->_remove_cipher_noise($data, $key);
+ $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());
+
+ if ($init_size > strlen($data))
+ {
+ return FALSE;
+ }
+
+ $init_vect = substr($data, 0, $init_size);
+ $data = substr($data, $init_size);
+ return rtrim(mcrypt_decrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), "\0");
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Adds permuted noise to the IV + encrypted data to protect
+ * against Man-in-the-middle attacks on CBC mode ciphers
+ * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV
+ *
+ * Function description
+ *
+ * @access private
+ * @param string
+ * @param string
+ * @return string
+ */
+ function _add_cipher_noise($data, $key)
+ {
+ $keyhash = $this->hash($key);
+ $keylen = strlen($keyhash);
+ $str = '';
+
+ for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)
+ {
+ if ($j >= $keylen)
+ {
+ $j = 0;
+ }
+
+ $str .= chr((ord($data[$i]) + ord($keyhash[$j])) % 256);
+ }
+
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Removes permuted noise from the IV + encrypted data, reversing
+ * _add_cipher_noise()
+ *
+ * Function description
+ *
+ * @access public
+ * @param type
+ * @return type
+ */
+ function _remove_cipher_noise($data, $key)
+ {
+ $keyhash = $this->hash($key);
+ $keylen = strlen($keyhash);
+ $str = '';
+
+ for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j)
+ {
+ if ($j >= $keylen)
+ {
+ $j = 0;
+ }
+
+ $temp = ord($data[$i]) - ord($keyhash[$j]);
+
+ if ($temp < 0)
+ {
+ $temp = $temp + 256;
+ }
+
+ $str .= chr($temp);
+ }
+
+ return $str;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Set the Mcrypt Cipher
+ *
+ * @access public
+ * @param constant
+ * @return string
+ */
+ function set_cipher($cipher)
+ {
+ $this->_mcrypt_cipher = $cipher;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Set the Mcrypt Mode
+ *
+ * @access public
+ * @param constant
+ * @return string
+ */
+ function set_mode($mode)
+ {
+ $this->_mcrypt_mode = $mode;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Get Mcrypt cipher Value
+ *
+ * @access private
+ * @return string
+ */
+ function _get_cipher()
+ {
+ if ($this->_mcrypt_cipher == '')
+ {
+ $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256;
+ }
+
+ return $this->_mcrypt_cipher;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Get Mcrypt Mode Value
+ *
+ * @access private
+ * @return string
+ */
+ function _get_mode()
+ {
+ if ($this->_mcrypt_mode == '')
+ {
+ $this->_mcrypt_mode = MCRYPT_MODE_ECB;
+ }
+
+ return $this->_mcrypt_mode;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Set the Hash type
+ *
+ * @access public
+ * @param string
+ * @return string
+ */
+ function set_hash($type = 'sha1')
+ {
+ $this->_hash_type = ($type != 'sha1' AND $type != 'md5') ? 'sha1' : $type;
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Hash encode a string
+ *
+ * @access public
+ * @param string
+ * @return string
+ */
+ function hash($str)
+ {
+ return ($this->_hash_type == 'sha1') ? $this->sha1($str) : md5($str);
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * Generate an SHA1 Hash
+ *
+ * @access public
+ * @param string
+ * @return string
+ */
+ function sha1($str)
+ {
+ if ( ! function_exists('sha1'))
+ {
+ if ( ! function_exists('mhash'))
+ {
+ require_once(BASEPATH.'libraries/Sha1'.EXT);
+ $SH = new CI_SHA;
+ return $SH->generate($str);
+ }
+ else
+ {
+ return bin2hex(mhash(MHASH_SHA1, $str));
+ }
+ }
+ else
+ {
+ return sha1($str);
+ }
+ }
+
+}
+
+// END CI_Encrypt class
+
+/* End of file Encrypt.php */