From 2795a0f652f0160ead045830f422fae3ac08c706 Mon Sep 17 00:00:00 2001
From: Kelly Rauchenberger <fefferburbia@gmail.com>
Date: Sun, 24 Aug 2008 19:55:44 +0000
Subject: Update: Added password protection to phpBB3

Closes #39
---
 .../trunk/root/includes/functions_instadisc.php    | 39 ++++++++++++++++++++--
 1 file changed, 36 insertions(+), 3 deletions(-)

diff --git a/update/plugin/phpBB3/trunk/root/includes/functions_instadisc.php b/update/plugin/phpBB3/trunk/root/includes/functions_instadisc.php
index 714a47b..02675ed 100644
--- a/update/plugin/phpBB3/trunk/root/includes/functions_instadisc.php
+++ b/update/plugin/phpBB3/trunk/root/includes/functions_instadisc.php
@@ -24,7 +24,7 @@ include($phpbb_root_path . 'includes/xmlrpc/xmlrpc.inc');
 function sendItem($title, $userID, $url, $fourm)
 {
 	global $config, $db, $phpbb_root_path;
-	$verID = rand(1,2147483647);
+	$verID = rand(1,65536);
 
 	$da = array('user_id' => $userID);
 	$getuser = "SELECT * FROM " . USERS_TABLE . " WHERE " . $db->sql_build_array('SELECT', $da);
@@ -33,7 +33,7 @@ function sendItem($title, $userID, $url, $fourm)
 	$db->sql_freeresult($getuser2);
 	$author = $getuser3['username'];
 
-	$url = str_replace($phpbb_root_path, generate_board_url() . '/', $url);
+	$url = html_entity_decode(str_replace($phpbb_root_path, generate_board_url() . '/', $url));
 
 	$da = array('forum_id' => $fourm);
 	$getfourm = "SELECT * FROM " . FORUMS_TABLE . " WHERE " . $db->sql_build_array('SELECT', $da);
@@ -42,6 +42,29 @@ function sendItem($title, $userID, $url, $fourm)
 	$db->sql_freeresult($getfourm2);
 	$semantics = array('forum' => $getfourm3['forum_name']);
 
+	$encID = 0;
+	if (($config['id_encryption_key'] != '') && extension_loaded('mcrypt'))
+	{
+		$encID = rand(1,2147483647);
+
+		$cipher = 'rijndael-128';
+		$mode = 'cbc';
+		$key = substr(md5(substr(str_pad($config['id_encryption_key'],16,$encID),0,16)),0,16);
+
+		$td = mcrypt_module_open($cipher, "", $mode, "");
+
+		$title = encryptString($td, $key, $title);
+		$author = encryptString($td, $key, $author);
+		$url = encryptString($td, $key, $url);
+
+                foreach ($semantics as $name => $value)
+                {
+                        $semantics[$name] = encryptString($td, $key, $value);
+                }
+
+                mcrypt_module_close($td);
+	}
+
 	$client = new xmlrpc_client($config['id_central_server']);
 	$msg = new xmlrpcmsg("InstaDisc.sendFromUpdate", array(	new xmlrpcval($config['id_username'], 'string'),
 								new xmlrpcval(md5($config['id_username'] . ':' . md5($config['id_password']) . ':' . $verID), 'string'),
@@ -50,7 +73,8 @@ function sendItem($title, $userID, $url, $fourm)
 								new xmlrpcval($title, 'string'),
 								new xmlrpcval($author, 'string'),
 								new xmlrpcval($url, 'string'),
-								new xmlrpcval(serialize($semantics), 'string')));
+								new xmlrpcval(serialize($semantics), 'string'),
+								new xmlrpcval($encID, 'int')));
 	$resp = $client->send($msg);
 	$val = $resp->value()->scalarVal();
 
@@ -60,4 +84,13 @@ function sendItem($title, $userID, $url, $fourm)
 	}
 }
 
+function encryptString($td, $key, $string)
+{
+        mcrypt_generic_init($td, $key, strrev($key));
+        $string = bin2hex(mcrypt_generic($td, $string));
+        mcrypt_generic_deinit($td);
+
+        return $string;
+}
+
 ?>
-- 
cgit 1.4.1