<?php/*** @version $Id: crypto.php 48641 2011-05-30 17:24:41Z kt $* @category

1. <?php
2. /**
3. * @version $Id: crypto.php 48641 2011-05-30 17:24:41Z kt $
4. * @category Divinity
5. * @package Framework
6. * @subpackage Crypt
7. */
8.  
9. ///////////////////////////////////////////////////////////////////////////////
10.  
11. /**
12. * Cryptographic-related functionality
13. *
14. * @package Framework
15. * @subpackage Crypt
16. */
17. class crypto {
18.  
19. /**
20. * Encrypt a string
21. *
22. * @param string $input plain original text for encryption
23. * @param string $cipher algorithm for encryption
24. * @param string $mode mode for encryprtion
25. * @return string
26. */
27. public static function encrypt($input, $key = null, $cipher = 'blowfish', $mode = 'ecb') {
28.  
29. if (!isset($key)) {
30. $key = vars::get_var('crypt_key');
31. }
32.  
33. $td = mcrypt_module_open($cipher, '', $mode, '');
34.  
35. $random_seed = strstr(PHP_OS, 'WIN')
36. ? MCRYPT_RAND
37. : MCRYPT_DEV_URANDOM;
38.  
39. $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), $random_seed);
40. $ks = mcrypt_enc_get_key_size($td);
41. $key = substr(sha1($key), 0, $ks); // Create key
42.  
43. mcrypt_generic_init($td, $key, $iv);
44. $encrypted_data = base64_encode(mcrypt_generic($td, $input));
45. mcrypt_generic_deinit($td);
46. mcrypt_module_close($td);
47.  
48. return $encrypted_data;
49. }
50.  
51.  
52. /**
53. * Decrypt a string
54. *
55. * @param string $input encrypted string for decryption
56. * @param string $cipher algorithm for decryption
57. * @param string $mode mode for decryption
58. * @return string
59. */
60. public static function decrypt($input, $key = null, $cipher = 'blowfish', $mode = 'ecb') {
61.  
62. if (!isset($key)) {
63. $key = vars::get_var('crypt_key');
64. }
65.  
66. $td = mcrypt_module_open($cipher, '', $mode, '');
67.  
68. $random_seed = strstr(PHP_OS, 'WIN')
69. ? MCRYPT_RAND
70. : MCRYPT_DEV_URANDOM;
71.  
72. $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), $random_seed);
73. $ks = mcrypt_enc_get_key_size($td);
74. $key = substr(sha1($key), 0, $ks); // Create key
75.  
76. mcrypt_generic_init($td, $key, $iv);
77. $decrypted = @mdecrypt_generic($td, base64_decode($input));
78. mcrypt_generic_deinit($td);
79. mcrypt_module_close($td);
80.  
81. return trim($decrypted);
82. }
83.  
84. // -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
85.  
86. /**
87. * Returns all supported algorithms
88. * @return array
89. */
90. public static function algorithms() {
91. return mcrypt_list_algorithms();
92. }
93.  
94. /**
95. * Returns all supported modes
96. * @return array
97. */
98. public static function modes() {
99. return mcrypt_list_modes();
100. }
101.  
102. // -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
103.  
104. /**
105. * Returns a random unique (by default) id
106. *
107. * @param string $prefix
108. * @param boolean $pseudo return a pseudo random id
109. * @return string
110. */
111. public static function id($prefix = '', $pseudo = false) {
112.  
113. if ($prefix == '') {
114. $prefix = site::hostnames_and_uris(null, 'hostname');
115. }
116.  
117. if ($pseudo) {
118. return sha1(uniqid($prefix, true));
119. }
120.  
121. // todo ?? same as the pseudo option
122. //
123. return sha1(uniqid($prefix, true));
124. }
125.  
126. /**
127. * Returns a pseudo random id
128. */
129. public static function pseudo_id($prefix = '') {
130. return self::id($prefix, true);
131. }
132.  
133. /**
134. * Generates a HMAC using the default MAS key
135. */
136. public static function hmac($data, $key = null) {
137. return self::hmac_sha1($data, $key);
138. }
139.  
140. /**
141. * Generates a SHA1 HMAC using the default MAS key
142. * @uses Crypt_HMAC
143. */
144. public static function hmac_sha1($data, $key = null) {
145.  
146. require_once 'Crypt/HMAC.php';
147.  
148. if (!isset($key)) {
149. $key = vars::get_var('hmac_key');
150. }
151.  
152. $crypt = new Crypt_HMAC($key, 'sha1');
153. return $crypt->hash($data);
154. }
155.  
156. /**
157. * Checks HMACs used in URLs
158. *
159. * @param string $data serialized hmac and data
160. * @param boolean $error_redirect the user should be redirected to a security error page
161. * @return string
162. */
163. public static function get_from_hmac($data, $error_redirect = true) {
164.  
165. list($hmac, $string) = unserialize($data);
166.  
167. if (self::hmac($string) != $hmac) {
168. info('Invalid HMAC.');
169.  
170. if ($error_redirect) {
171. http::redirect(http::html_url() . 'index.php?page=errors&id=security');
172. }
173. return '';
174. }
175.  
176. return $string;
177. }
178.  
179. /**
180. * Adds a HMAC to a value
181. *
182. * @param string $data serialized data
183. * @return string
184. */
185. public static function add_hmac($data) {
186. return serialize(array(self::hmac($data), $data));
187. }
188.  
189. /**
190. * Generates a random password (do not use O/0, I/l/1)
191. *
192. * 35-126 alphanumeric + symbols
193. * 65-122 alphanumeric + less symbols
194. *
195. * @param integer $min_length
196. * @param integer $max_length
197. * @return string
198. */
199. public static function random_password($min_length = 6, $max_length = 8) {
200.  
201. $password = '';
202. $length = mt_rand($min_length, $max_length);
203. $avoid = array(73, 76, 79, 105, 108, 111);
204.  
205. while (strlen($password) < $length) {
206. $rand = mt_rand(50, 122);
207.  
208. if ($rand > 90 and $rand < 97) {
209. continue;
210. }
211.  
212. if ($rand > 57 and $rand < 65) {
213. continue;
214. }
215.  
216. if (in_array($rand, $avoid)) {
217. continue;
218. }
219.  
220. $password .= chr($rand);
221. }
222.  
223. return $password;
224. }
225.  
226. /**
227. * Generates a random string of digits
228. *
229. * @param integer $min_length
230. * @param integer $max_length
231. * @return string
232. */
233. public static function random_digits($min_length = 4, $max_length = 8) {
234.  
235. $password = '';
236. $length = mt_rand($min_length, $max_length);
237.  
238. for ($i = 0; $i < $length; $i++) {
239. $password .= mt_rand(0, 9);
240. }
241.  
242. return $password;
243. }
244.  
245. /**
246. * Generate random user password
247. *
248. * @param string $type type of the password: "admin" for toolkit accounts and empty for regular
249. * @return boolean
250. */
251. public static function generate_user_password ($type = '') {
252.  
253. $password = '';
254. $avoid = array(48, 73, 76, 79, 105, 108, 111);
255. $spec_chars = array(
256. '`', '~', '!', '@', '#', '$', '%', '^', '&', '*', '(',
257. ')', '-', '_', '=', '+', '[', '{', ']', '}', '\\', '|',
258. ';', ':', '\'', '"', ',', '<', '.', '>', '/', '?'
259. );
260.  
261. while (!user::validate_password($password, $type)) {
262.  
263. $char = chr(mt_rand(97, 122));
264.  
265. if (!in_array($char, $avoid)) {
266. $password .= $char;
267. }
268.  
269. $char = chr(mt_rand(65, 90));
270. if (!in_array($char, $avoid)) {
271. $password .= $char;
272. }
273.  
274. $char = chr(mt_rand(48, 57));
275. if (!in_array($char, $avoid)) {
276. $password .= $char;
277. }
278.  
279. if ($type == 'admin') {
280. $password .= $spec_chars[array_rand($spec_chars)];
281. }
282. }
283.  
284. return $password;
285. }
286.  
287. /**
288. * Reverse the bin2hex func
289. *
290. * @param string $h
291. * @return string
292. */
293. public static function hex2bin($h) {
294.  
295. if (!is_string($h)) {
296. return null;
297. }
298.  
299. $r = '';
300.  
301. for ($a=0; $a<strlen($h); $a+=2) {
302. $r .= chr(hexdec($h{$a} . $h{($a+1)}));
303. }
304.  
305. return $r;
306. }
307.  
308. ////--end-of-file----
309. }