move mcrypt code in-line (avoid one require); also add a constant for better protection

2007-09-23 15:12:42 +00:00
parent 76b0a1a915
commit 235fc3679c
3 changed files with 86 additions and 96 deletions
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -8,19 +8,98 @@
 * @version $Id$
 */

-/**
- * @todo replace by constant
- * $coming_from_common can be set from outside with register_globals on
- */
-if (!isset($coming_from_common)) {
+if (! defined('PMA_COMING_FROM_COMMON')) {
   exit;
 }

 if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) {
    /**
     * Uses faster mcrypt library if available
+     * (as this is not called from anywhere else, put the code in-line
+     *  for faster execution)
     */
-    require_once './libraries/mcrypt.lib.php';
+
+    /**
+     * Initialization
+     * Store the initialization vector because it will be needed for
+     * further decryption. I don't think necessary to have one iv
+     * per server so I don't put the server number in the cookie name.
+     */
+    if (!isset($_COOKIE['pma_mcrypt_iv'])) {
+        srand((double) microtime() * 1000000);
+        $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC), MCRYPT_RAND);
+        PMA_setCookie('pma_mcrypt_iv', base64_encode($iv));
+    } else {
+        $iv = base64_decode($_COOKIE['pma_mcrypt_iv']);
+    }
+
+    /**
+     * String padding
+     *
+     * @param   string  input string
+     * @param   integer length of the result
+     * @param   string  the filling string
+     * @param   integer padding mode
+     *
+     * @return  string  the padded string
+     *
+     * @access  public
+     */
+    function full_str_pad($input, $pad_length, $pad_string = '', $pad_type = 0) {
+        $str = '';
+        $length = $pad_length - strlen($input);
+        if ($length > 0) { // str_repeat doesn't like negatives
+            if ($pad_type == STR_PAD_RIGHT) { // STR_PAD_RIGHT == 1
+                $str = $input.str_repeat($pad_string, $length);
+            } elseif ($pad_type == STR_PAD_BOTH) { // STR_PAD_BOTH == 2
+                $str = str_repeat($pad_string, floor($length/2));
+                $str .= $input;
+                $str .= str_repeat($pad_string, ceil($length/2));
+            } else { // defaults to STR_PAD_LEFT == 0
+                $str = str_repeat($pad_string, $length).$input;
+            }
+        } else { // if $length is negative or zero we don't need to do anything
+            $str = $input;
+        }
+        return $str;
+    }
+    /**
+     * Encryption using blowfish algorithm (mcrypt)
+     *
+     * @param   string  original data
+     * @param   string  the secret
+     *
+     * @return  string  the encrypted result
+     *
+     * @access  public
+     *
+     * @author  lem9
+     */
+    function PMA_blowfish_encrypt($data, $secret) {
+        global $iv;
+        // Seems we don't need the padding. Anyway if we need it,
+        // we would have to replace 8 by the next 8-byte boundary.
+        //$data = full_str_pad($data, 8, "\0", STR_PAD_RIGHT);
+        return base64_encode(mcrypt_encrypt(MCRYPT_BLOWFISH, $secret, $data, MCRYPT_MODE_CBC, $iv));
+    }
+
+    /**
+     * Decryption using blowfish algorithm (mcrypt)
+     *
+     * @param   string  encrypted data
+     * @param   string  the secret
+     *
+     * @return  string  original data
+     *
+     * @access  public
+     *
+     * @author  lem9
+     */
+    function PMA_blowfish_decrypt($encdata, $secret) {
+        global $iv;
+        return trim(mcrypt_decrypt(MCRYPT_BLOWFISH, $secret, base64_decode($encdata), MCRYPT_MODE_CBC, $iv));
+    }
+
 } else {
    require_once './libraries/blowfish.php';
    /**