| 1 | <?php |
|---|
| 2 | defined('EASYCAPTCHA_ID') or die('Hacking attempt!'); |
|---|
| 3 | |
|---|
| 4 | /* |
|---|
| 5 | * crypt the name of an image, it use the Piwigo secret_key |
|---|
| 6 | * and a random salt to prevent attacker to build a dictionnary |
|---|
| 7 | */ |
|---|
| 8 | function easycaptcha_encode_image_url($name) |
|---|
| 9 | { |
|---|
| 10 | global $conf, $easycaptcha_uniqid; |
|---|
| 11 | |
|---|
| 12 | if (empty($easycaptcha_uniqid)) |
|---|
| 13 | { |
|---|
| 14 | $easycaptcha_uniqid = uniqid(null, true); |
|---|
| 15 | } |
|---|
| 16 | |
|---|
| 17 | $name.= '-'. $easycaptcha_uniqid; |
|---|
| 18 | $name = simple_crypt($name, $conf['secret_key']); |
|---|
| 19 | |
|---|
| 20 | return $name; |
|---|
| 21 | } |
|---|
| 22 | |
|---|
| 23 | /* |
|---|
| 24 | * decrypt the image name |
|---|
| 25 | */ |
|---|
| 26 | function easycaptcha_decode_image_url($name) |
|---|
| 27 | { |
|---|
| 28 | global $conf; |
|---|
| 29 | |
|---|
| 30 | $name = simple_decrypt($name, $conf['secret_key']); |
|---|
| 31 | $name = strtok($name, '-'); |
|---|
| 32 | |
|---|
| 33 | return $name; |
|---|
| 34 | } |
|---|
| 35 | |
|---|
| 36 | /** |
|---|
| 37 | * crypt a string using |
|---|
| 38 | * http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php/802957#802957 |
|---|
| 39 | * @param: string value to crypt |
|---|
| 40 | * @param: string key |
|---|
| 41 | * @return: string |
|---|
| 42 | */ |
|---|
| 43 | function simple_crypt($value, $key) |
|---|
| 44 | { |
|---|
| 45 | $result = null; |
|---|
| 46 | for($i = 0; $i < strlen($value); $i++) |
|---|
| 47 | { |
|---|
| 48 | $char = substr($value, $i, 1); |
|---|
| 49 | $keychar = substr($key, ($i % strlen($key))-1, 1); |
|---|
| 50 | $char = chr(ord($char) + ord($keychar)); |
|---|
| 51 | $result .= $char; |
|---|
| 52 | } |
|---|
| 53 | |
|---|
| 54 | $result = base64url_encode($result); |
|---|
| 55 | return trim($result); |
|---|
| 56 | } |
|---|
| 57 | |
|---|
| 58 | /** |
|---|
| 59 | * decrypt a string crypted with previous function |
|---|
| 60 | * @param: string value to decrypt |
|---|
| 61 | * @param: string key |
|---|
| 62 | * @return: string |
|---|
| 63 | */ |
|---|
| 64 | function simple_decrypt($value, $key) |
|---|
| 65 | { |
|---|
| 66 | $value = base64url_decode($value); |
|---|
| 67 | |
|---|
| 68 | $result = null; |
|---|
| 69 | for($i = 0; $i < strlen($value); $i++) |
|---|
| 70 | { |
|---|
| 71 | $char = substr($value, $i, 1); |
|---|
| 72 | $keychar = substr($key, ($i % strlen($key))-1, 1); |
|---|
| 73 | $char = chr(ord($char) - ord($keychar)); |
|---|
| 74 | $result .= $char; |
|---|
| 75 | } |
|---|
| 76 | |
|---|
| 77 | return trim($result); |
|---|
| 78 | } |
|---|
| 79 | |
|---|
| 80 | /** |
|---|
| 81 | * variant of base64 functions usable into url |
|---|
| 82 | * http://php.net/manual/en/function.base64-encode.php#103849 |
|---|
| 83 | */ |
|---|
| 84 | if (!function_exists('base64url_encode')) |
|---|
| 85 | { |
|---|
| 86 | function base64url_encode($data) |
|---|
| 87 | { |
|---|
| 88 | return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); |
|---|
| 89 | } |
|---|
| 90 | function base64url_decode($data) |
|---|
| 91 | { |
|---|
| 92 | return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); |
|---|
| 93 | } |
|---|
| 94 | } |
|---|
