From: Roland Haeder Date: Sat, 4 Apr 2015 01:47:30 +0000 (+0200) Subject: Added encryption stuff + rewrote sendWernisApiRequest() to handle the decryption. X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=commitdiff_plain;h=82c5c7d37ee00f628b4fdd445f7fc453523ed1dd Added encryption stuff + rewrote sendWernisApiRequest() to handle the decryption. Signed-off-by: Roland Häder --- diff --git a/inc/encryption-functions.php b/inc/encryption-functions.php new file mode 100644 index 0000000000..e90a2a9991 --- /dev/null +++ b/inc/encryption-functions.php @@ -0,0 +1,331 @@ += 48) && ($hashLength <= 80)); + + // Is the salt set? + if (empty($salt)) { + // Then generate it from various data + $salt = hashSha256($hashLength . ':' . mt_rand(100000, 999999) . ':' . getSiteKey()); + } // END - if + + // Shorten salt ... + $salt = substr($salt, 0, $hashLength - 64); + + // Return salt + return $salt; +} + +// Hashes a string with SHA256, salts it and returns it hexdecimal-encoded +function hashString ($str, $salt = '') { + // Generate salt + $salt = generateSalt($salt, 64); + + // Generate salt + $hash = hashSha256($salt . $str); + + // Return it + return $salt . $hash; +} + +// Hash string with SHA256 and encode it to hex +function hashSha256 ($str) { + /// Hash string + $hash = mhash(MHASH_SHA256, $str); + + // Encode it to hexadecimal + $hex = ''; + for ($i = 0; $i < strlen($hash); $i++) { + // Encode char to decimal, pad it with zero, add it + $hex .= padLeftZero(dechex(ord(substr($hash, $i, 1))), 2); + } // END - if + + // Make sure 'length modulo 2' = 0 + assert((strlen($hex) % 2) == 0); + + // Return it + return $hex; +} + +// "Calculates" password strength +function calculatePasswordStrength ($password, $configEntry = 'min_password_length') { + // Default score + $score = 1; + + if ((strlen($password) < 1) || (strlen($password) < getConfig($configEntry))) { + // Is to weak + return 0; + } // END - if + + // At least 8 chars long? + if (strlen($password) >= 8) { + // Add score + $score++; + } // END - if + + // At least 10 chars long? + if (strlen($password) >= 10) { + // Add score + $score++; + } // END - if + + // Lower and upper cases? + if ((preg_match('/[a-z]/', $password)) && (preg_match('/[A-Z]/', $password))) { + // Add score + $score++; + } // END - if + + // Also numbers? + if (preg_match('/[0-9]/', $password)) { + // Add score + $score++; + } // END - if + + // Special characters? + if (preg_match('/.[!,@,#,$,%,^,&,*,?,\/,_,~,+,-,(,)]/', $password)) { + // Add score + $score++; + } // END - if + + // Return password score + return $score; +} + +// "Translates" password strength/score +function translatePasswordStrength ($strength) { + // Return it translated + return '{--PASSWORD_SCORE_' . bigintval($strength) . '--}'; +} + +// Checks whether given password is strong enough +function isStrongPassword ($password) { + // Determine it + return (calculatePasswordStrength($password) >= getConfig('min_password_score')); +} + +// "Translates" encryption algorithm +function translateEncryptionAlgorithm ($algo) { + // Default is 'NONE' + $translated = '{--SELECT_NONE--}'; + + // Is a valid number? Also '0' is valid. + if ((isValidNumber($algo)) || ($algo === '0')) { + // Get array + $algos = getSupportedEncryptionAlgorithms(); + + // Is it there? + if (isset($algos[$algo])) { + // "Translate" it + $translated = strtoupper($algos[$algo]); + } else { + // Unknown/unsupported + $translated = '{--UNSUPPORTED_ENCRYPTION_ALGO--}'; + } + } // END - if + + // Return it + return $translated; +} + +// "Translates" encryption mode +function translateEncryptionMode ($mode) { + // Default is 'NONE' + $translated = '{--SELECT_NONE--}'; + + // Is a valid number? + if ((isValidNumber($mode)) || (is_numeric($mode))) { + // Get array + $modes = getSupportedEncryptionModes(); + + // Is it there? + if (isset($modes[$mode])) { + // "Translate" it + $translated = strtoupper($modes[$mode]); + } else { + // Unknown/unsupported + $translated = '{--UNSUPPORTED_ENCRYPTION_MODE--}'; + } + } // END - if + + // Return it + return $translated; +} + +// "Getter" for an array of supported ("safe") encryption algorithms +function getSupportedEncryptionAlgorithms () { + // Get full list + $algos = mcrypt_list_algorithms(); + + // Remove any unsecure (e.g. DES/3DES) + foreach (array('des', 'tripledes') as $unsecure) { + // Search for it + $id = array_search($unsecure, $algos, TRUE); + + // Is it found? + if (isValidNumber($id)) { + // Remove it + unset($algos[$id]); + } // END - if + } // END - foreach + + // Return it + return $algos; +} + +// "Getter" for an array of supported encryption modes +function getSupportedEncryptionModes () { + // Get full list + $modes = mcrypt_list_modes(); + + // Return it + return $modes; +} + +// Determines whether given encryption algorithm number is valid +function isValidEncryptionAlgorithm ($algo) { + // Default is not valid + $isValid = FALSE; + + // Is valid number? + if (isValidNumber($algo)) { + // Get supported algorithms + $algos = getSupportedEncryptionAlgorithms(); + + // Is it there? + $isValid = (isset($algos[$algo])); + } // END - if + + // Return status + return $isValid; +} + +// Determines whether given encryption mode number is valid +function isValidEncryptionMode ($mode) { + // Default is not valid + $isValid = FALSE; + + // Is valid number? + if ((isValidNumber($mode)) || (is_numeric($mode))) { + // Get supported algorithms + $modes = getSupportedEncryptionModes(); + + // Is it there? + $isValid = (isset($modes[$mode])); + } // END - if + + // Return status + return $isValid; +} + +// Encrypts a string by given algorithm and key +function encrytStringByCipher ($str, $algo, $mode, $key) { + // Init encryption + $cipher = initEncryption($algo, $mode, $key); + + // Encrypt it + $encrypted = mcrypt_generic($cipher, $str); + + // Deinit/close cipher + deinitEncryption($cipher); + + // Return encrypted + return $encrypted; +} + +// Decrypts a string by given algorithm and key +function decrytStringByCipher ($str, $algo, $mode, $key, $iv) { + // Init encryption + $cipher = initEncryption($algo, $mode, $key, $iv); + + // Decrypt it + $encrypted = mdecrypt_generic($cipher, $str); + + // Deinit/close cipher + deinitEncryption($cipher); + + // Return encrypted + return $encrypted; +} + +// Initializes encryption/decryption +function initEncryption ($algo, $mode, $key, $iv = NULL) { + // Must be valid algo/mode + assert((isValidEncryptionAlgorithm($algo)) && (isValidEncryptionMode($mode))); + + // Get algorithms/modes + $algos = getSupportedEncryptionAlgorithms(); + $modes = getSupportedEncryptionModes(); + + // Open encryption module + $cipher = mcrypt_module_open($algos[$algo], '', $modes[$mode], ''); + + // Ist not a resource? + assert(is_resource($cipher)); + + // Is iv set? + if (is_null($iv)) { + // Create IV + $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($cipher), MCRYPT_DEV_RANDOM); + } // END - if + + // Generate key size + $keySize = mcrypt_enc_get_key_size($cipher); + + // Key size must be smaller/equal key's size + assert($keySize <= strlen($key)); + + // Initialize encryption + mcrypt_generic_init($cipher, substr($key, 0, $keySize), $iv); + + // Return prepared cipher + return $cipher; +} + +// Deinitializes encryption cipher +function deinitEncryption ($cipher) { + // Ist not a resource? + assert(is_resource($cipher)); + + // Deinit/close cipher + mcrypt_generic_deinit($cipher); + mcrypt_module_close($cipher); +} + +// [EOF] +?> diff --git a/inc/extensions/ext-wernis.php b/inc/extensions/ext-wernis.php index f2dd74a5e5..0ec3db97ff 100644 --- a/inc/extensions/ext-wernis.php +++ b/inc/extensions/ext-wernis.php @@ -41,10 +41,10 @@ if (!defined('__SECURITY')) { } // END - if // Version of this extension -setThisExtensionVersion('0.0.9'); +setThisExtensionVersion('0.1.0'); // Version history array (add more with , '0.0.1' and so on) -setExtensionVersionHistory(array('0.0.0', '0.0.1', '0.0.2', '0.0.3', '0.0.4', '0.0.5', '0.0.6', '0.0.7', '0.0.8', '0.0.9')); +setExtensionVersionHistory(array('0.0.0', '0.0.1', '0.0.2', '0.0.3', '0.0.4', '0.0.5', '0.0.6', '0.0.7', '0.0.8', '0.0.9', '0.1.0')); switch (getExtensionMode()) { case 'setup': // Do stuff when installation is running diff --git a/inc/extensions/wernis/mode-update.php b/inc/extensions/wernis/mode-update.php index 4dd4e27641..226efc39af 100644 --- a/inc/extensions/wernis/mode-update.php +++ b/inc/extensions/wernis/mode-update.php @@ -137,6 +137,16 @@ INDEX (`wernis_userid`)", // Update notes (these will be set as task text!) setExtensionUpdateNotes("Basis-URL für alle Scripte (Referral-Link, auth.php-Umleitung usw. nicht aber API) und Tabelle für API-Aufrufe von auth.php hinzugefügt."); break; + + case '0.1.0': // SQL queries for v0.1.0 + addConfigAddSql('wernis_encryption_algorithm', "VARCHAR(10) NOT NULL DEFAULT 'NULL'"); + addConfigAddSql('wernis_encryption_mode', "VARCHAR(10) NOT NULL DEFAULT 'NULL'"); + addConfigAddSql('wernis_private_key', "TINYTEXT NOT NULL"); + + // Update notes (these will be set as task text!) + setExtensionUpdateNotes("Daten für verschlüsselte Übertragungen hinzugefügt."); + break; + } // END - switch // [EOF] diff --git a/inc/functions.php b/inc/functions.php index ffcff3c328..4bd467f9d8 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -434,7 +434,7 @@ function makeTime ($hours, $minutes, $seconds, $stamp) { } // Redirects to an URL and if neccessarry extends it with own base URL -function redirectToUrl ($url, $allowSpider = TRUE) { +function redirectToUrl ($url, $allowSpider = TRUE, $compileCode = TRUE) { // Is the output mode -2? if (isAjaxOutputMode()) { // This is always (!) an AJAX request and shall not be redirected @@ -446,8 +446,11 @@ function redirectToUrl ($url, $allowSpider = TRUE) { $url = substr($url, 6, -2); } // END - if - // Compile out codes - eval('$url = "' . compileRawCode(encodeUrl($url)) . '";'); + // Compile codes out? + if ($compileCode === TRUE) { + // Compile out codes + eval('$url = "' . compileRawCode(encodeUrl($url)) . '";'); + } // END - if // Default 'rel' value is external, nofollow is evil from Google and hurts the Internet $rel = ' rel="external"'; @@ -461,12 +464,18 @@ function redirectToUrl ($url, $allowSpider = TRUE) { // Three different ways to debug... //* DEBUG: */ reportBug(__FUNCTION__, __LINE__, 'URL=' . $url); //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'URL=' . $url); - //* DEBUG: */ die($url); + //* DEBUG-DIE: */ die(__METHOD__ . ':url=' . $url . '
compileCode=' . intval($compileCode)); // We should not sent a redirect if headers are already sent if (!headers_sent()) { + // Compile again? + if ($compileCode === TRUE) { + // Do final compilation + $url = doFinalCompilation(str_replace('&', '&', $url), FALSE); + } // END - if + // Load URL when headers are not sent - sendRawRedirect(doFinalCompilation(str_replace('&', '&', $url), FALSE)); + sendRawRedirect($url); } else { // Output error message loadPageHeader(); @@ -2703,25 +2712,6 @@ function convertCharsetToUtf8 ($str, $charset) { return $str; } -// Hash string with SHA256 and encode it to hex -function hashSha256 ($str) { - /// Hash string - $hash = mhash(MHASH_SHA256, $str); - - // Encode it to hexadecimal - $hex = ''; - for ($i = 0; $i < strlen($hash); $i++) { - // Encode char to decimal, pad it with zero, add it - $hex .= padLeftZero(dechex(ord(substr($hash, $i, 1))), 2); - } // END - if - - // Make sure 'length modulo 2' = 0 - assert((strlen($hex) % 2) == 0); - - // Return it - return $hex; -} - // ---------------------------------------------------------------------------- // "Translatation" functions for points_data table // ---------------------------------------------------------------------------- @@ -2825,62 +2815,6 @@ if (!function_exists('html_entity_decode')) { } } // END - if -// "Calculates" password strength -function calculatePasswordStrength ($password, $configEntry = 'min_password_length') { - // Default score - $score = 1; - - if ((strlen($password) < 1) || (strlen($password) < getConfig($configEntry))) { - // Is to weak - return 0; - } // END - if - - // At least 8 chars long? - if (strlen($password) >= 8) { - // Add score - $score++; - } // END - if - - // At least 10 chars long? - if (strlen($password) >= 10) { - // Add score - $score++; - } // END - if - - // Lower and upper cases? - if ((preg_match('/[a-z]/', $password)) && (preg_match('/[A-Z]/', $password))) { - // Add score - $score++; - } // END - if - - // Also numbers? - if (preg_match('/[0-9]/', $password)) { - // Add score - $score++; - } // END - if - - // Special characters? - if (preg_match('/.[!,@,#,$,%,^,&,*,?,\/,_,~,+,-,(,)]/', $password)) { - // Add score - $score++; - } // END - if - - // Return password score - return $score; -} - -// "Translates" password strength/score -function translatePasswordStrength ($strength) { - // Return it translated - return '{--PASSWORD_SCORE_' . bigintval($strength) . '--}'; -} - -// Checks whether given password is strong enough -function isStrongPassword ($password) { - // Determine it - return (calculatePasswordStrength($password) >= getConfig('min_password_score')); -} - // "Getter" for base path from theme function getBasePathFromTheme ($theme) { return sprintf('%stheme/%s/css/', getPath(), $theme); diff --git a/inc/http-functions.php b/inc/http-functions.php index 823b9e889e..042e4b72e8 100644 --- a/inc/http-functions.php +++ b/inc/http-functions.php @@ -687,7 +687,7 @@ function extractHostnameFromUrl (&$script) { // Adds a HTTP header to array function addHttpHeader ($header) { // Send the header - //* DEBUG: */ logDebugMessage(__FUNCTION__ . ': header=' . $header); + //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, ': header=' . $header); array_push($GLOBALS['http_header'], trim($header)); } @@ -943,7 +943,7 @@ function isHttpResponseStatusOkay ($response) { assert(is_array($response)); // Test it - $isOkay = ((isset($response['status'])) && ($response['status'] == 'OK') && (!empty($response['response']))); + $isOkay = ((isset($response['status'])) && ($response['status'] == 'OK')); // Return result return $isOkay; diff --git a/inc/language/wernis_de.php b/inc/language/wernis_de.php index 1d4d874d61..474609e5ab 100644 --- a/inc/language/wernis_de.php +++ b/inc/language/wernis_de.php @@ -60,11 +60,14 @@ addMessages(array( 'ADMIN_CONFIG_WERNIS_BASE_URL' => "Basis-URL für Reflink usw.", 'ADMIN_CONFIG_WERNIS_REFID' => "Ihre Referral-Id bei WDS66-Portal (= Ihr Username!)", 'ADMIN_CONFIG_WERNIS_WPASS' => "Wernis-Passwort (nicht Account-Passwort!)", + 'ADMIN_CONFIG_WERNIS_ENCRYPTION_ALGORITHM' => "Verschlüsselungsalgorithmus", + 'ADMIN_CONFIG_WERNIS_ENCRYPTION_MODE' => "Verschlüsselungsmodus", + 'ADMIN_CONFIG_WERNIS_PRIVATE_KEY' => ""Privater" Schlüssel", 'ADMIN_CONFIG_WERNIS_NOTICE' => "[Hier] können Sie schon für einmalig kostenlos 25.000 Abfragen ein API-Account beantragen (dazu ist ein kostenloses Wernis-Account dennoch nötig!) Geben Sie immer Ihren Usernamen von WDS66-Hauptaccount ein und überprüfen Sie diesen mehrmals! Er wird zum Überweisen von und nach WDS66-Wernis-Portal benötigt. Die Betreibergebühren und Umrechnungsfaktoren sind für den Betrieb Ihres {?mt_word2?} komplett in Wernis ausgelegt, diese müssen Sie also noch anpassen, wenn Sie z.B. Punkte haben und in Wernis auszahlen lassen wollen. Sollten Sie sowohl einen feste als auch eine prozentuale Betreibergebühr eingestellt haben, gilt die prozentuale.", 'ADMIN_CONFIG_WERNIS_AUTH_NOTICE' => "Die URLs für Authorisierungen (Datentransfer) lauten wie folgt: ", 'ADMIN_WERNIS_NO_TRANSFERS' => "Derzeit keine Wernis transferiert.", 'ADMIN_WERNIS_WDS66_ACCOUNT' => "Account bei WDS66-Portal", @@ -97,6 +100,7 @@ addMessages(array( 'WERNIS_API_REQUEST_FAILED_OWN' => "Überweisung an eigenes Account nicht möglich.", 'WERNIS_API_REQUEST_FAILED_AMOUNT' => "Konto weist nicht genügend Deckung auf.", 'WERNIS_API_REQUEST_FAILED_API_AMOUNT' => "API-Konto weist nicht genügend Deckung auf.", + 'WERNIS_API_REQUEST_FAILED_GENERIC' => "API-Abfrage fehlgeschlagen oder Auswertung der Antwort fehlgeschlagen.", 'WERNIS_API_PURPOSE_WITHDRAW' => "Einzahlung auf {?MAIN_TITLE?} ({?URL?}), id: %s", 'WERNIS_API_PURPOSE_PAYOUT' => "Auszahlung von {?MAIN_TITLE?} ({?URL?}), id: %s", diff --git a/inc/libs/wernis_functions.php b/inc/libs/wernis_functions.php index 5c7e49b7f6..41a0b09a27 100644 --- a/inc/libs/wernis_functions.php +++ b/inc/libs/wernis_functions.php @@ -73,6 +73,9 @@ function getWernisErrorCode () { // Sends out a request to the API and returns it's result function sendWernisApiRequest ($scriptName, $requestData = array()) { + // Debug call + //* DEBUG */ reportBug(__FUNCTION__, __LINE__, 'scriptName=' . $scriptName . ',requestData=
' . print_r($requestData, TRUE) . '
'); + // Is the requestData an array? if (!is_array($requestData)) { // Then abort here! @@ -198,14 +201,60 @@ function sendWernisApiRequest ($scriptName, $requestData = array()) { break; } } else { - // All fine here - $return = array( - 'status' => 'OK', - 'response' => $responseLine - ); + // All fine, then analyze API response + $return = convertApiResponseToArray($responseLine, '&', '='); + + // Nothing is fine now + $return['status'] = 'generic_failed'; + $return['message'] = '--WERNIS_API_REQUEST_FAILED_GENERIC--}'; + + // Are 'encrypted', 'key' and 'iv' set? + //* DEBUG-DIE */ die(__FUNCTION__ . ':return=
' . print_r($return, TRUE) . '
'); + if ((isset($return['encrypted'])) && (isset($return['key'])) && (isset($return['iv']))) { + // Fully decode it (URL-encoded BASE64) + $decoded = decodeString($return['encrypted']); + $iv = decodeString($return['iv']); + + // Generate decryption key + $decryptionKey = generateWernisDecryptionKey($return['key']); + + // Decrypt string + $decrypted = decrytStringByCipher($decoded, getWernisEncryptionAlgorithm(), getWernisEncryptionMode(), $decryptionKey, $iv); + //* DEBUG-DIE */ die('key="' . $return['key'] . '"
decryptionKey="' . $decryptionKey . '"
decoded="' . $decoded . '"
decrypted="' . $decrypted . '"'); + + // First char must be an & + assert(substr($decrypted, 0, 1) == '&'); + + // Now the string needs to be turned into an array, first explode all & + $elements = explode('&', $decrypted); + + // And remove first element + array_shift($elements); + //* DEBUG-DIE */ die('elements=
' . print_r($elements, TRUE) . '
'); + + // Now "walk" all ements + foreach ($elements as $idx => $element) { + // Explode element + $keyValue = explode('=', $element); + + // Make sure it is valid + assert(count($keyValue) == 2); + + // Now handle all over + $return[$keyValue[0]] = $keyValue[1]; + } // END - foreach + + // Remove encryption stuff + unset($return['encrypted'], $return['key'], $return['iv']); + } // END - if + + // All fine ... + $return['status'] = 'OK'; + $return['message'] = NULL; } // Return the result + //* DEBUG-DIE */ die(__FUNCTION__ . ':return=
' . print_r($return, TRUE) . '
'); return $return; } @@ -353,6 +402,7 @@ function executeWernisApiGet ($authData, $subRequest, $fields) { 'sub_request' => $subRequest, 'fields' => $fields, 't_uid' => bigintval($authData['wernis_userid']), + 't_md5' => getWernisPassMd5(), 'auth_key' => $authData['api_auth_key'], 'challenge' => $authData['api_redirect_challenge'] ); @@ -458,13 +508,10 @@ function doDisplayWernisUserRegistrationForm () { displayMessage('{--GUEST_WERNIS_REGISTRATION_PASSWORD_NOT_SET--}'); } else { // So far, all fine, then let's do the call-back on auth.php ... - $response = executeWernisApiAuth(postRequestElement('wernis_id'), postRequestElement('wernis_password')); - - // Was the status okay? - if (isHttpResponseStatusOkay($response)) { - // All fine, then analyze API response - $args = convertApiResponseToArray($response['response'], '&', '='); + $args = executeWernisApiAuth(postRequestElement('wernis_id'), postRequestElement('wernis_password')); + // Status was okay? + if (isHttpResponseStatusOkay($args)) { // Is status set? //* DEBUG-DIE */ die('response=
' . print_r($response, TRUE) . '
,args=' . '
'.print_r($args, TRUE).'
'); assert(isset($args['auth_status'])); @@ -488,7 +535,7 @@ function doDisplayWernisUserRegistrationForm () { die(__FUNCTION__ . ':' . __LINE__ . ': status[' . gettype($status) . ']=' . $status . ' - Unfinished.'); } else { // Something bad happened - displayMessage($response['message']); + displayMessage($args['message']); } } } // END - if @@ -537,7 +584,8 @@ function doWernisFinishUserRegistration ($challenge, $challengeResponse, $status $return = getWernisMappedDataFromApiByChallenge($challenge, $status); // Is the array filled? - if ((count($return['mapped_data']) > 0) && (empty($return['message']))) { + //* DEBUG-DIE */ die(__METHOD__ . ':return=
' . print_r($return, TRUE) . '
- EXIT!'); + if ((isset($return['mapped_data'])) && (count($return['mapped_data']) > 0) && (empty($return['message']))) { // Set must-fillout fields $return['mapped_data'] = runFilterChain('register_must_fillout', $return['mapped_data']); @@ -600,15 +648,14 @@ function getWernisMappedDataFromApiByChallenge ($challenge, $status) { $response = executeWernisApiGet($rows[0], 'data', 'vorname|name|strasse|plz|ort|birth_day|birth_month|birth_year|email|werber'); // Was the status okay? + //* DEBUG-DIE */ die(__FUNCTION__ . ':response=
' . print_r($response, TRUE) . '
'); if (isHttpResponseStatusOkay($response)) { // API returned non-errous response, 'data=' must be found - assert(substr($response['response'], 0, 5) == 'data='); - - // And remove it, this is now BASE64-encoded - $encodedData = urldecode(substr($response['response'], 5)); + assert(isset($response['data'])); // And decode it (all steps separated to later "easily" debug them) - $decodedData = base64_decode($encodedData); + $decodedData = base64_decode(urldecode($response['data'])); + //* DEBUG-DIE */ die(__FUNCTION__ . ':decodedData=' . $decodedData); /* * Do some checks on the decoded string, it should be a @@ -620,6 +667,7 @@ function getWernisMappedDataFromApiByChallenge ($challenge, $status) { // The array seems to be fine, unserialize it $userData = unserialize($decodedData); + //* DEBUG-DIE */ die(__METHOD__ . ':userData=
' . print_r($userData, TRUE) . '
- EXIT!'); // All mappings WDS66->mailer $mappings = array( @@ -658,6 +706,7 @@ function getWernisMappedDataFromApiByChallenge ($challenge, $status) { } // Return mapped data array + //* DEBUG-DIE */ die(__METHOD__ . ':return=
' . print_r($return, TRUE) . '
- EXIT!'); return $return; } @@ -747,6 +796,20 @@ function doWernisUserRegistration () { // Generic registration is finished, so add more data: } +// Generates decrption key based on private key, public key and API key +function generateWernisDecryptionKey ($publicKey) { + // Generate key from most known data + $key = hashSha256(sprintf( + '%s:%s:%s', + getWernisApiMd5(), + getWernisPrivateKey(), + $publicKey + )); + + // Return it + return $key; +} + //----------------------------------------------------------------------------- // Auth status callback functions //----------------------------------------------------------------------------- @@ -791,7 +854,7 @@ SET `api_redirect_challenge`='%s' WHERE `api_auth_key`='%s' AND - `wernis_userid`=%s + `wernis_userid`=%s AND `api_auth_status`='PENDING' LIMIT 1", array( @@ -806,7 +869,8 @@ LIMIT 1", assert(sqlAffectedRows() == 1); // Redirect to WDS66 module=auth ... - redirectToUrl(getWernisBaseUrl() . '/modules.php?module=auth&auth_key=' . $args['auth_key'] . '&params=' . urlencode(base64_encode('&module=' . getModule() . '&what=' . getWhat())) . '&challenge=' . $challenge); + //* DEBUG-DIE */ die(__FUNCTION__ . ':' . __LINE__ . '
' . print_r($args, TRUE) . '
'); + redirectToUrl(getWernisBaseUrl() . '/modules.php?module=auth&auth_key=' . trim($args['auth_key']) . '&params=' . urlencode(base64_encode('&module=' . getModule() . '&what=' . getWhat())) . '&challenge=' . $challenge, FALSE, FALSE); } // Handler for auth_status=ACCEPTED @@ -820,6 +884,51 @@ function doWernisAuthAccepted ($args) { die(__FUNCTION__ . ':' . __LINE__ . '
' . print_r($args, TRUE) . '
'); } +//------------------------------------------------------------------------------ +// Template helper functions +//------------------------------------------------------------------------------ + +// Template helper to generate a selection box for encryption alogrithms +function doTemplateSelectWernisEncryptionAlgorithm ($templateName, $clear = FALSE, $default = NULL) { + // Get all available algorithms + $algorithms = getSupportedEncryptionAlgorithms(); + //* DEBUG-DIE */ die('algorithms=
' . print_r($algorithms, TRUE) . '
'); + + // Init array + $options = array(); + + // And fill it + foreach ($algorithms as $key => $dummy) { + $options[$key] = array('algorithms' => $key); + } // END - if + + // Handle it over to generateSelectionBoxFromArray() + $content = generateSelectionBoxFromArray($options, 'wernis_encryption_algorithm', 'algorithms', '', '_wernis', '', $default, '', TRUE, FALSE); + + // Return prepared content + return $content; +} + +// Template helper to generate a selection box for encryption alogrithms +function doTemplateSelectWernisEncryptionMode ($templateName, $clear = FALSE, $default = NULL) { + // Get all available modes + $modes = getSupportedEncryptionModes(); + + // Init array + $options = array(); + + // And fill it + foreach ($modes as $key => $dummy) { + $options[$key] = array('modes' => $key); + } // END - if + + // Handle it over to generateSelectionBoxFromArray() + $content = generateSelectionBoxFromArray($options, 'wernis_encryption_mode', 'modes', '', '_wernis', '', $default, '', TRUE, FALSE); + + // Return prepared content + return $content; +} + //----------------------------------------------------------------------------- // Wrapper functions //----------------------------------------------------------------------------- @@ -1040,5 +1149,41 @@ function getWernisBaseUrl () { return $GLOBALS[__FUNCTION__]; } +// Wrapper function for 'wernis_encryption_algorithm' +function getWernisEncryptionAlgorithm () { + // Is there cache? + if (!isset($GLOBALS[__FUNCTION__])) { + // Get config entry + $GLOBALS[__FUNCTION__] = getConfig('wernis_encryption_algorithm'); + } // END - if + + // Return cache + return $GLOBALS[__FUNCTION__]; +} + +// Wrapper function for 'wernis_encryption_mode' +function getWernisEncryptionMode () { + // Is there cache? + if (!isset($GLOBALS[__FUNCTION__])) { + // Get config entry + $GLOBALS[__FUNCTION__] = getConfig('wernis_encryption_mode'); + } // END - if + + // Return cache + return $GLOBALS[__FUNCTION__]; +} + +// Wrapper function for 'wernis_private_key' +function getWernisPrivateKey () { + // Is there cache? + if (!isset($GLOBALS[__FUNCTION__])) { + // Get config entry + $GLOBALS[__FUNCTION__] = getConfig('wernis_private_key'); + } // END - if + + // Return cache + return $GLOBALS[__FUNCTION__]; +} + // [EOF] ?> diff --git a/inc/mysql-connect.php b/inc/mysql-connect.php index b49c5e211d..69f26d9b4c 100644 --- a/inc/mysql-connect.php +++ b/inc/mysql-connect.php @@ -52,6 +52,7 @@ foreach ( array( 'language', 'sql', 'expression', + 'encryption', 'filter', 'extensions') as $lib) { diff --git a/inc/template-functions.php b/inc/template-functions.php index b48cc778c1..d4bd6354fa 100644 --- a/inc/template-functions.php +++ b/inc/template-functions.php @@ -1831,7 +1831,7 @@ function generateSelectionBoxFromArray ($options, $name, $optionKey, $optionCont // Allow none? if ($allowNone === TRUE) { // Then add it - $OUT .= ''; + $OUT .= ''; } // END - if // Walk through all options @@ -1841,7 +1841,7 @@ function generateSelectionBoxFromArray ($options, $name, $optionKey, $optionCont //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'name=' . $name . ',default[' . gettype($default) . ']=' . $default . ',optionKey[' . gettype($optionKey) . ']=' . $optionKey); // Is default value same as given value? - if ((!is_null($default)) && (isset($option[$optionKey])) && ($default == $option[$optionKey])) { + if ((!is_null($default)) && (isset($option[$optionKey])) && ($default === $option[$optionKey])) { // Then set default $option['default'] = ' selected="selected"'; } // END - if diff --git a/inc/wrapper-functions.php b/inc/wrapper-functions.php index 281a5b1634..ab921c4b4f 100644 --- a/inc/wrapper-functions.php +++ b/inc/wrapper-functions.php @@ -1259,6 +1259,8 @@ function getHttpStatus () { * @access private */ function sendRawRedirect ($url) { + //* DEBUG-DIE */ die(__METHOD__ . ':url=' . $url); + // Clear output buffer clearOutputBuffer(); @@ -1276,6 +1278,7 @@ function sendRawRedirect ($url) { // Revert entity & $url = str_replace('&', '&', $url); + //* DEBUG-DIE */ die(__METHOD__ . ':url=' . $url); // check if running on IIS < 6 with CGI-PHP if ((isset($_SERVER['SERVER_SOFTWARE'])) && (isset($_SERVER['GATEWAY_INTERFACE'])) && diff --git a/templates/de/html/admin/admin_config_wernis.tpl b/templates/de/html/admin/admin_config_wernis.tpl index a27b732eea..6e493b6315 100644 --- a/templates/de/html/admin/admin_config_wernis.tpl +++ b/templates/de/html/admin/admin_config_wernis.tpl @@ -54,6 +54,30 @@ + + + {--ADMIN_CONFIG_WERNIS_ENCRYPTION_ALGORITHM--} + + + {%template,SelectWernisEncryptionAlgorithm=wernis_encryption_algo%} + + + + + {--ADMIN_CONFIG_WERNIS_ENCRYPTION_MODE--} + + + {%template,SelectWernisEncryptionMode=wernis_encryption_mode%} + + + + + {--ADMIN_CONFIG_WERNIS_PRIVATE_KEY--} + + + + + {--ADMIN_CONFIG_WERNIS_MIN_PAYOUT--} diff --git a/templates/de/html/select/select_wernis_encryption_algorithm_wernis_box.tpl b/templates/de/html/select/select_wernis_encryption_algorithm_wernis_box.tpl new file mode 100644 index 0000000000..8bc5eb9120 --- /dev/null +++ b/templates/de/html/select/select_wernis_encryption_algorithm_wernis_box.tpl @@ -0,0 +1,3 @@ +
+ $content[selection_box] +
diff --git a/templates/de/html/select/select_wernis_encryption_algorithm_wernis_option.tpl b/templates/de/html/select/select_wernis_encryption_algorithm_wernis_option.tpl new file mode 100644 index 0000000000..5bec1a5605 --- /dev/null +++ b/templates/de/html/select/select_wernis_encryption_algorithm_wernis_option.tpl @@ -0,0 +1,3 @@ + diff --git a/templates/de/html/select/select_wernis_encryption_mode_wernis_box.tpl b/templates/de/html/select/select_wernis_encryption_mode_wernis_box.tpl new file mode 100644 index 0000000000..8bc5eb9120 --- /dev/null +++ b/templates/de/html/select/select_wernis_encryption_mode_wernis_box.tpl @@ -0,0 +1,3 @@ +
+ $content[selection_box] +
diff --git a/templates/de/html/select/select_wernis_encryption_mode_wernis_option.tpl b/templates/de/html/select/select_wernis_encryption_mode_wernis_option.tpl new file mode 100644 index 0000000000..c177aedf47 --- /dev/null +++ b/templates/de/html/select/select_wernis_encryption_mode_wernis_option.tpl @@ -0,0 +1,3 @@ +