Zubrag.com :: Forum

zubrag.com => Password Protect Advanced => Topic started by: tonysilva on August 24, 2015, 10:09:39 AM



Title: Encryption user passwords
Post by: tonysilva on August 24, 2015, 10:09:39 AM
There was a topic from some years back already, but the system advised me to start a new one.

Could someone send me a few hints on how to add a simple encryption to this?
I know how the basic encryption works:

Code:
<?php 
//Variables
$textToEncrypt "This is my super secret password!";
$encryptionMethod "AES-256-CBC";
$secretHash "1234567890aeiou";

//To encrypt
$encryptedMessage openssl_encrypt($textToEncrypt$encryptionMethod$secretHash);

//To Decrypt
$decryptedMessage openssl_decrypt($encryptedMessage$encryptionMethod$secretHash);

//Test Result
echo "Encrypted: $encryptedMessage <br>Decrypted: $decryptedMessage";
?>

But how do I merge this into the manager.php database list?


Title: Re: Encryption user passwords
Post by: zubrag on August 25, 2015, 01:57:41 AM
It would require a lot of changes to cipher only password. So better to cipher whole file.

Sorry i didn't work with PHP for a long time, so writing without checking for valid code

==login.php==

this
$users = @file(USERS_LIST_FILE);

should be
$users = @file(USERS_LIST_FILE);
for ($i =0; $i<count($users); $i++) {
  // loop through each line and decipher it
  $users[$i] = openssl_decrypt($users[$i], $encryptionMethod, $secretHash);
}


== reminder.php ==
the same change as above


== signup.php ==
the same change as above

and also replace this
fputs($fusers, "\n" . $this->login. ',' . $this->pass . ',' . $this->email);

with this

$s = $this->login. ',' . $this->pass . ',' . $this->email;
$ciphered = openssl_encrypt($s, $encryptionMethod, $secretHash);
fputs($fusers, "\n" . $ciphered);


== flatfile.inc.php ==
replace this
fputs($f,$s."\n");

with this
$ciphered = openssl_encrypt($s, $encryptionMethod, $secretHash);
fputs($f,$ciphered."\n");


and also replace this
$data = file($data_file);

with this
$data = file($data_file);
for ($i =0; $i<count($data); $i++) {
  // loop through each line and decipher it
  $data[$i] = openssl_decrypt($data[$i], $encryptionMethod, $secretHash);
}


$encryptionMethod and $secretHash variables could be placed into settings.php. Looks like settings.php gets included into all files and you will not have to define them in each and every file.


NOTE: do not forget to backup users.php, otherwise it may be lost or overwritten with incorrect content because as i said before these proposed changes were not tested by me.


Title: Re: Encryption user passwords
Post by: tonysilva on August 25, 2015, 02:26:59 AM
Thank you so much, it worked flawlessly.
:D