From f4a4bd8fac188ebc9cda822ffc811c218fd92b45 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Thu, 20 Oct 2011 12:18:42 -0500 Subject: adding new license file (OSL 3.0) and updating readme to ReST added notice of license to all source files. OSL to all except the few files we ship inside of the application folder, those are AFL. Updated license in user guide. incrementing next dev version to 3.0 due to licensing change --- system/libraries/Encrypt.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'system/libraries/Encrypt.php') diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index b30a8cf0b..c2cb808dd 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -23,7 +35,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Libraries - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/encryption.html */ class CI_Encrypt { -- cgit v1.2.3-24-g4f1b From d1af1854e3444d58907225f46f473723cdf97628 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 25 Dec 2011 21:59:30 -0600 Subject: Removing previously deprecated SHA1 library and removed SHA1 method in the Encryption Library --- system/libraries/Encrypt.php | 105 +++++++++++-------------------------------- 1 file changed, 27 insertions(+), 78 deletions(-) (limited to 'system/libraries/Encrypt.php') diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index c2cb808dd..92b0b3c4a 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -40,22 +40,19 @@ */ class CI_Encrypt { - var $CI; - var $encryption_key = ''; - var $_hash_type = 'sha1'; - var $_mcrypt_exists = FALSE; - var $_mcrypt_cipher; - var $_mcrypt_mode; + public $encryption_key = ''; + protected $_hash_type = 'sha1'; + protected $_mcrypt_exists = FALSE; + protected $_mcrypt_cipher; + protected $_mcrypt_mode; /** * Constructor * * Simply determines whether the mcrypt library exists. - * */ public function __construct() { - $this->CI =& get_instance(); $this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE; log_message('debug', "Encrypt Class Initialized"); } @@ -68,11 +65,10 @@ class CI_Encrypt { * Returns it as MD5 in order to have an exact-length 128 bit key. * Mcrypt is sensitive to keys that are not the correct length * - * @access public * @param string * @return string */ - function get_key($key = '') + public function get_key($key = '') { if ($key == '') { @@ -84,7 +80,7 @@ class CI_Encrypt { $CI =& get_instance(); $key = $CI->config->item('encryption_key'); - if ($key == FALSE) + if ($key === FALSE) { show_error('In order to use the encryption class requires that you set an encryption key in your config file.'); } @@ -98,13 +94,13 @@ class CI_Encrypt { /** * Set the encryption key * - * @access public * @param string * @return void */ - function set_key($key = '') + public function set_key($key = '') { $this->encryption_key = $key; + return $this; } // -------------------------------------------------------------------- @@ -120,12 +116,11 @@ class CI_Encrypt { * that is randomized with each call to this function, * even if the supplied message and key are the same. * - * @access public * @param string the string to encode * @param string the key * @return string */ - function encode($string, $key = '') + public function encode($string, $key = '') { $key = $this->get_key($key); @@ -148,12 +143,11 @@ class CI_Encrypt { * * Reverses the above process * - * @access public * @param string * @param string * @return string */ - function decode($string, $key = '') + public function decode($string, $key = '') { $key = $this->get_key($key); @@ -191,13 +185,12 @@ class CI_Encrypt { * * For more details, see http://codeigniter.com/user_guide/installation/upgrade_200.html#encryption * - * @access public * @param string * @param int (mcrypt mode constant) * @param string * @return string */ - function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '') + public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '') { if ($this->_mcrypt_exists === FALSE) { @@ -242,12 +235,11 @@ class CI_Encrypt { * Takes a plain-text string and key as input and generates an * encoded bit-string using XOR * - * @access private * @param string * @param string * @return string */ - function _xor_encode($string, $key) + protected function _xor_encode($string, $key) { $rand = ''; while (strlen($rand) < 32) @@ -274,12 +266,11 @@ class CI_Encrypt { * Takes an encoded string and key as input and generates the * plain-text original message * - * @access private * @param string * @param string * @return string */ - function _xor_decode($string, $key) + protected function _xor_decode($string, $key) { $string = $this->_xor_merge($string, $key); @@ -299,12 +290,11 @@ class CI_Encrypt { * * Takes a string and key as input and computes the difference using XOR * - * @access private * @param string * @param string * @return string */ - function _xor_merge($string, $key) + protected function _xor_merge($string, $key) { $hash = $this->hash($key); $str = ''; @@ -321,12 +311,11 @@ class CI_Encrypt { /** * Encrypt using Mcrypt * - * @access public * @param string * @param string * @return string */ - function mcrypt_encode($data, $key) + public function mcrypt_encode($data, $key) { $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); $init_vect = mcrypt_create_iv($init_size, MCRYPT_RAND); @@ -338,12 +327,11 @@ class CI_Encrypt { /** * Decrypt using Mcrypt * - * @access public * @param string * @param string * @return string */ - function mcrypt_decode($data, $key) + public function mcrypt_decode($data, $key) { $data = $this->_remove_cipher_noise($data, $key); $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode()); @@ -365,14 +353,11 @@ class CI_Encrypt { * against Man-in-the-middle attacks on CBC mode ciphers * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV * - * Function description - * - * @access private * @param string * @param string * @return string */ - function _add_cipher_noise($data, $key) + protected function _add_cipher_noise($data, $key) { $keyhash = $this->hash($key); $keylen = strlen($keyhash); @@ -399,11 +384,10 @@ class CI_Encrypt { * * Function description * - * @access public * @param type * @return type */ - function _remove_cipher_noise($data, $key) + protected function _remove_cipher_noise($data, $key) { $keyhash = $this->hash($key); $keylen = strlen($keyhash); @@ -434,13 +418,13 @@ class CI_Encrypt { /** * Set the Mcrypt Cipher * - * @access public * @param constant * @return string */ - function set_cipher($cipher) + public function set_cipher($cipher) { $this->_mcrypt_cipher = $cipher; + return $this; } // -------------------------------------------------------------------- @@ -448,13 +432,13 @@ class CI_Encrypt { /** * Set the Mcrypt Mode * - * @access public * @param constant * @return string */ function set_mode($mode) { $this->_mcrypt_mode = $mode; + return $this; } // -------------------------------------------------------------------- @@ -462,10 +446,9 @@ class CI_Encrypt { /** * Get Mcrypt cipher Value * - * @access private * @return string */ - function _get_cipher() + protected function _get_cipher() { if ($this->_mcrypt_cipher == '') { @@ -480,10 +463,9 @@ class CI_Encrypt { /** * Get Mcrypt Mode Value * - * @access private * @return string */ - function _get_mode() + protected function _get_mode() { if ($this->_mcrypt_mode == '') { @@ -498,11 +480,10 @@ class CI_Encrypt { /** * Set the Hash type * - * @access public * @param string * @return string */ - function set_hash($type = 'sha1') + public function set_hash($type = 'sha1') { $this->_hash_type = ($type != 'sha1' AND $type != 'md5') ? 'sha1' : $type; } @@ -512,45 +493,13 @@ class CI_Encrypt { /** * Hash encode a string * - * @access public * @param string * @return string */ - function hash($str) + public function hash($str) { - return ($this->_hash_type == 'sha1') ? $this->sha1($str) : md5($str); + return ($this->_hash_type == 'sha1') ? sha1($str) : md5($str); } - - // -------------------------------------------------------------------- - - /** - * Generate an SHA1 Hash - * - * @access public - * @param string - * @return string - */ - function sha1($str) - { - if ( ! function_exists('sha1')) - { - if ( ! function_exists('mhash')) - { - require_once(BASEPATH.'libraries/Sha1.php'); - $SH = new CI_SHA; - return $SH->generate($str); - } - else - { - return bin2hex(mhash(MHASH_SHA1, $str)); - } - } - else - { - return sha1($str); - } - } - } // END CI_Encrypt class -- cgit v1.2.3-24-g4f1b From 7c251b38b690183b590adeb31d5155d043b6f74b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 27 Dec 2011 16:37:23 +0200 Subject: Improve the Encryption library --- system/libraries/Encrypt.php | 92 +++++++++++++++----------------------------- 1 file changed, 32 insertions(+), 60 deletions(-) (limited to 'system/libraries/Encrypt.php') diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index 92b0b3c4a..d9f40b0d5 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -1,13 +1,13 @@ -get_key($key); - - if ($this->_mcrypt_exists === TRUE) - { - $enc = $this->mcrypt_encode($string, $key); - } - else - { - $enc = $this->_xor_encode($string, $key); - } - - return base64_encode($enc); + $method = ($this->_mcrypt_exists === TRUE) ? 'mcrypt_encode' : '_xor_encode'; + return base64_encode($this->$method($string, $this->get_key($key))); } // -------------------------------------------------------------------- @@ -149,28 +139,13 @@ class CI_Encrypt { */ public function decode($string, $key = '') { - $key = $this->get_key($key); - if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string)) { return FALSE; } - $dec = base64_decode($string); - - if ($this->_mcrypt_exists === TRUE) - { - if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE) - { - return FALSE; - } - } - else - { - $dec = $this->_xor_decode($dec, $key); - } - - return $dec; + $method = ($this->_mcrypt_exists === TRUE) ? 'mcrypt_decode' : '_xor_decode'; + return $this->$method(base64_decode($string), $this->get_key($key)); } // -------------------------------------------------------------------- @@ -197,6 +172,10 @@ class CI_Encrypt { log_message('error', 'Encoding from legacy is available only when Mcrypt is in use.'); return FALSE; } + elseif (preg_match('/[^a-zA-Z0-9\/\+=]/', $string)) + { + return FALSE; + } // decode it first // set mode temporarily to what it was when string was encoded with the legacy @@ -205,12 +184,6 @@ class CI_Encrypt { $this->set_mode($legacy_mode); $key = $this->get_key($key); - - if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string)) - { - return FALSE; - } - $dec = base64_decode($string); if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE) @@ -242,17 +215,18 @@ class CI_Encrypt { protected function _xor_encode($string, $key) { $rand = ''; - while (strlen($rand) < 32) + do { $rand .= mt_rand(0, mt_getrandmax()); } + while (strlen($rand) < 32); $rand = $this->hash($rand); $enc = ''; - for ($i = 0; $i < strlen($string); $i++) + for ($i = 0, $ls = strlen($string), $lr = strlen($rand); $i < $ls; $i++) { - $enc .= substr($rand, ($i % strlen($rand)), 1).(substr($rand, ($i % strlen($rand)), 1) ^ substr($string, $i, 1)); + $enc .= $rand[($i % $lr)].($rand[($i % $lr)] ^ $string[$i]); } return $this->_xor_merge($enc, $key); @@ -275,9 +249,9 @@ class CI_Encrypt { $string = $this->_xor_merge($string, $key); $dec = ''; - for ($i = 0; $i < strlen($string); $i++) + for ($i = 0, $l = strlen($string); $i < $l; $i++) { - $dec .= (substr($string, $i++, 1) ^ substr($string, $i, 1)); + $dec .= ($string[$i++] ^ $string[$i]); } return $dec; @@ -298,9 +272,9 @@ class CI_Encrypt { { $hash = $this->hash($key); $str = ''; - for ($i = 0; $i < strlen($string); $i++) + for ($i = 0, $ls = strlen($string), $lh = strlen($hash); $i < $ls; $i++) { - $str .= substr($string, $i, 1) ^ substr($hash, ($i % strlen($hash)), 1); + $str .= $string[$i] ^ $hash[($i % $lh)]; } return $str; @@ -359,18 +333,17 @@ class CI_Encrypt { */ protected function _add_cipher_noise($data, $key) { - $keyhash = $this->hash($key); - $keylen = strlen($keyhash); + $key = $this->hash($key); $str = ''; - for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j) + for ($i = 0, $j = 0, $ld = strlen($data), $lk = strlen($key); $i < $ld; ++$i, ++$j) { - if ($j >= $keylen) + if ($j >= $lk) { $j = 0; } - $str .= chr((ord($data[$i]) + ord($keyhash[$j])) % 256); + $str .= chr((ord($data[$i]) + ord($key[$j])) % 256); } return $str; @@ -389,22 +362,21 @@ class CI_Encrypt { */ protected function _remove_cipher_noise($data, $key) { - $keyhash = $this->hash($key); - $keylen = strlen($keyhash); + $key = $this->hash($key); $str = ''; - for ($i = 0, $j = 0, $len = strlen($data); $i < $len; ++$i, ++$j) + for ($i = 0, $j = 0, $ld = strlen($data), $lk = strlen($key); $i < $ld; ++$i, ++$j) { - if ($j >= $keylen) + if ($j >= $lk) { $j = 0; } - $temp = ord($data[$i]) - ord($keyhash[$j]); + $temp = ord($data[$i]) - ord($key[$j]); if ($temp < 0) { - $temp = $temp + 256; + $temp += 256; } $str .= chr($temp); @@ -435,7 +407,7 @@ class CI_Encrypt { * @param constant * @return string */ - function set_mode($mode) + public function set_mode($mode) { $this->_mcrypt_mode = $mode; return $this; @@ -485,7 +457,7 @@ class CI_Encrypt { */ public function set_hash($type = 'sha1') { - $this->_hash_type = ($type != 'sha1' AND $type != 'md5') ? 'sha1' : $type; + $this->_hash_type = ($type !== 'sha1' AND $type !== 'md5') ? 'sha1' : $type; } // -------------------------------------------------------------------- @@ -498,11 +470,11 @@ class CI_Encrypt { */ public function hash($str) { - return ($this->_hash_type == 'sha1') ? sha1($str) : md5($str); + return ($this->_hash_type === 'sha1') ? sha1($str) : md5($str); } } // END CI_Encrypt class /* End of file Encrypt.php */ -/* Location: ./system/libraries/Encrypt.php */ \ No newline at end of file +/* Location: ./system/libraries/Encrypt.php */ -- cgit v1.2.3-24-g4f1b From 0defe5d33ee2633f377a109519ca818becc60f64 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 1 Jan 2012 18:46:41 -0600 Subject: Updating copyright date to 2012 --- system/libraries/Encrypt.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Encrypt.php') diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index 92b0b3c4a..e297576e6 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 -- cgit v1.2.3-24-g4f1b From cc6dbda62c1c04d4e247308f980e64d5d13c932d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 8 Jan 2012 06:35:17 +0200 Subject: Some more misc. stuff --- system/libraries/Encrypt.php | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) (limited to 'system/libraries/Encrypt.php') diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index d9f40b0d5..63e3bb55e 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -46,15 +46,10 @@ class CI_Encrypt { protected $_mcrypt_cipher; protected $_mcrypt_mode; - /** - * Constructor - * - * Simply determines whether the mcrypt library exists. - */ public function __construct() { $this->_mcrypt_exists = ( ! function_exists('mcrypt_encrypt')) ? FALSE : TRUE; - log_message('debug', "Encrypt Class Initialized"); + log_message('debug', 'Encrypt Class Initialized'); } // -------------------------------------------------------------------- @@ -95,7 +90,7 @@ class CI_Encrypt { * Set the encryption key * * @param string - * @return void + * @return object */ public function set_key($key = '') { @@ -457,7 +452,7 @@ class CI_Encrypt { */ public function set_hash($type = 'sha1') { - $this->_hash_type = ($type !== 'sha1' AND $type !== 'md5') ? 'sha1' : $type; + $this->_hash_type = ($type !== 'sha1' && $type !== 'md5') ? 'sha1' : $type; } // -------------------------------------------------------------------- @@ -474,7 +469,5 @@ class CI_Encrypt { } } -// END CI_Encrypt class - /* End of file Encrypt.php */ /* Location: ./system/libraries/Encrypt.php */ -- cgit v1.2.3-24-g4f1b From d655a997f7b98da29ea932084e2fb50956188141 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 10 Jan 2012 22:31:29 +0200 Subject: Two returns --- system/libraries/Encrypt.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'system/libraries/Encrypt.php') diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index 63e3bb55e..8cb4b1b19 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -180,7 +180,6 @@ class CI_Encrypt { $key = $this->get_key($key); $dec = base64_decode($string); - if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE) { return FALSE; @@ -419,7 +418,7 @@ class CI_Encrypt { { if ($this->_mcrypt_cipher == '') { - $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256; + return $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256; } return $this->_mcrypt_cipher; @@ -436,7 +435,7 @@ class CI_Encrypt { { if ($this->_mcrypt_mode == '') { - $this->_mcrypt_mode = MCRYPT_MODE_CBC; + return $this->_mcrypt_mode = MCRYPT_MODE_CBC; } return $this->_mcrypt_mode; -- cgit v1.2.3-24-g4f1b From f4cb94ef0fdc81f6d9d908a4a2d2efda62add379 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 19 Jan 2012 15:16:55 +0200 Subject: Some more cleaning --- system/libraries/Encrypt.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'system/libraries/Encrypt.php') diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index 8cb4b1b19..7c8720fd6 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -9,7 +9,7 @@ * Licensed under the Open Software License version 3.0 * * This source file is subject to the Open Software License (OSL 3.0) that is - * bundled with this package in the files license.txt / license.rst. It is + * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: * http://opensource.org/licenses/OSL-3.0 * If you did not receive a copy of the license and are unable to obtain it @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * CodeIgniter Encryption Class * @@ -447,7 +445,7 @@ class CI_Encrypt { * Set the Hash type * * @param string - * @return string + * @return void */ public function set_hash($type = 'sha1') { -- cgit v1.2.3-24-g4f1b From ed6531362e9eb98eeb477c63e3c365f79333e724 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 24 Jan 2012 15:26:42 +0200 Subject: Revert a space in the license agreement :) --- system/libraries/Encrypt.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Encrypt.php') diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php index 7c8720fd6..f6eea3b7e 100644 --- a/system/libraries/Encrypt.php +++ b/system/libraries/Encrypt.php @@ -9,7 +9,7 @@ * Licensed under the Open Software License version 3.0 * * This source file is subject to the Open Software License (OSL 3.0) that is - * bundled with this package in the files license.txt / license.rst. It is + * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: * http://opensource.org/licenses/OSL-3.0 * If you did not receive a copy of the license and are unable to obtain it -- cgit v1.2.3-24-g4f1b