From 2795a0f652f0160ead045830f422fae3ac08c706 Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Sun, 24 Aug 2008 19:55:44 +0000 Subject: Update: Added password protection to phpBB3 Closes #39 --- .../trunk/root/includes/functions_instadisc.php | 39 ++++++++++++++++++++-- 1 file changed, 36 insertions(+), 3 deletions(-) (limited to 'update/plugin/phpBB3/trunk/root/includes/functions_instadisc.php') diff --git a/update/plugin/phpBB3/trunk/root/includes/functions_instadisc.php b/update/plugin/phpBB3/trunk/root/includes/functions_instadisc.php index 714a47b..02675ed 100644 --- a/update/plugin/phpBB3/trunk/root/includes/functions_instadisc.php +++ b/update/plugin/phpBB3/trunk/root/includes/functions_instadisc.php @@ -24,7 +24,7 @@ include($phpbb_root_path . 'includes/xmlrpc/xmlrpc.inc'); function sendItem($title, $userID, $url, $fourm) { global $config, $db, $phpbb_root_path; - $verID = rand(1,2147483647); + $verID = rand(1,65536); $da = array('user_id' => $userID); $getuser = "SELECT * FROM " . USERS_TABLE . " WHERE " . $db->sql_build_array('SELECT', $da); @@ -33,7 +33,7 @@ function sendItem($title, $userID, $url, $fourm) $db->sql_freeresult($getuser2); $author = $getuser3['username']; - $url = str_replace($phpbb_root_path, generate_board_url() . '/', $url); + $url = html_entity_decode(str_replace($phpbb_root_path, generate_board_url() . '/', $url)); $da = array('forum_id' => $fourm); $getfourm = "SELECT * FROM " . FORUMS_TABLE . " WHERE " . $db->sql_build_array('SELECT', $da); @@ -42,6 +42,29 @@ function sendItem($title, $userID, $url, $fourm) $db->sql_freeresult($getfourm2); $semantics = array('forum' => $getfourm3['forum_name']); + $encID = 0; + if (($config['id_encryption_key'] != '') && extension_loaded('mcrypt')) + { + $encID = rand(1,2147483647); + + $cipher = 'rijndael-128'; + $mode = 'cbc'; + $key = substr(md5(substr(str_pad($config['id_encryption_key'],16,$encID),0,16)),0,16); + + $td = mcrypt_module_open($cipher, "", $mode, ""); + + $title = encryptString($td, $key, $title); + $author = encryptString($td, $key, $author); + $url = encryptString($td, $key, $url); + + foreach ($semantics as $name => $value) + { + $semantics[$name] = encryptString($td, $key, $value); + } + + mcrypt_module_close($td); + } + $client = new xmlrpc_client($config['id_central_server']); $msg = new xmlrpcmsg("InstaDisc.sendFromUpdate", array( new xmlrpcval($config['id_username'], 'string'), new xmlrpcval(md5($config['id_username'] . ':' . md5($config['id_password']) . ':' . $verID), 'string'), @@ -50,7 +73,8 @@ function sendItem($title, $userID, $url, $fourm) new xmlrpcval($title, 'string'), new xmlrpcval($author, 'string'), new xmlrpcval($url, 'string'), - new xmlrpcval(serialize($semantics), 'string'))); + new xmlrpcval(serialize($semantics), 'string'), + new xmlrpcval($encID, 'int'))); $resp = $client->send($msg); $val = $resp->value()->scalarVal(); @@ -60,4 +84,13 @@ function sendItem($title, $userID, $url, $fourm) } } +function encryptString($td, $key, $string) +{ + mcrypt_generic_init($td, $key, strrev($key)); + $string = bin2hex(mcrypt_generic($td, $string)); + mcrypt_generic_deinit($td); + + return $string; +} + ?> -- cgit 1.4.1