PageRenderTime 50ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/class/Security.class.php

https://bitbucket.org/raphael_arthur/server_inovatech
PHP | 173 lines | 77 code | 18 blank | 78 comment | 14 complexity | 05dfcf6e2a6be643ecf5c584b5578e10 MD5 | raw file
    

  1. <?php

    2. 

  2. 	/*

    3. 

  3. 	 * This STATIC class, implements encryption and decryption of data.

    4. 

  4. 	 * Also create a password cypher string

    5. 

  5. 	 */

    6. 

  6. class Security{

    7. 

  7. 

    8. 

  8. 	public function decrypt($data, $key){

    9. 

  9. 		$data = base64_decode($data);

    10. 

  10. 		$salt = substr($data, 0, 16);

    11. 

  11. 		$ct = substr($data, 16);

    12. 

  12. 

    13. 

  13. 		$rounds = 3; //Because the server maybe slow...

    14. 

  14. 		$data00 = $key . $salt;

    15. 

  15. 		$hash = array();

    16. 

  16. 		$hash[0] = hash('sha256', $data00, true);

    17. 

  17. 

    18. 

  18. 		$result = $hash[0];

    19. 

  19. 		for($i = 1; $i < $rounds; $i++){

    20. 

  20. 			$hash[$i] = hash('sha256', $hash[$i - 1] . $data00, true);

    21. 

  21. 			$result .= $hash[$i];

    22. 

  22. 		}

    23. 

  23. 

    24. 

  24. 		$dKey = substr($result, 0, 32);

    25. 

  25. 		$iv = substr($result, 32, 16);

    26. 

  26. 

    27. 

  27. 		return openssl_decrypt($ct, 'AES-256-CBC', $dKey, true, $iv);

    28. 

  28. 	}

    29. 

  29. 

    30. 

  30. 	public function encrypt($data){

    31. 

  31. 

    32. 

  32. 		$salt = openssl_random_pseudo_bytes(16);

    33. 

  33. 

    34. 

  34. 		$saltedData = '';

    35. 

  35. 		$dx = '';

    36. 

  36. 		// Salt the key(32) and iv(16) = 48

    37. 

  37. 		while (strlen($saltedData) < 48) {

    38. 

  38. 			$dx = hash('sha256', true);

    39. 

  39. 			$saltedData .= $dx;

    40. 

  40. 		}

    41. 

  41. 

    42. 

  42. 		$eKey = substr($saltedData, 0, 32);

    43. 

  43. 		$iv  = substr($saltedData, 32,16);

    44. 

  44. 

    45. 

  45. 		$encrypted_data = openssl_encrypt($data, 'AES-256-CBC', $eKey, true, $iv);

    46. 

  46. 		return base64_encode($salt . $encrypted_data);

    47. 

  47. 	}

    48. 

  48. 

    49. 

  49. 	/*

    50. 

  50. 	 *  generate a randon 32 bits data and encrypt it

    51. 

  51. 	 *  @param void

    52. 

  52. 	 *  @return (String) random encrypted string

    53. 

  53. 	 */

    54. 

  54. 

    55. 

  55. 	public function generateKey(){

    56. 

  56. 		//$key = openssl_random_pseudo_bytes(32);

    57. 

  57.         //Can't use this in PHP versions below 5.4

    58. 

  58. 		//$key = password_hash($key, PASSWORD_DEFAULT);

    59. 

  59.          return substr(str_shuffle(".ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012346789@?#"), 0, 64);

    60. 

  60. 	}

    61. 

  61. 

    62. 

  62. 	/*

    63. 

  63. 	 *  Validades the user token, this function will be called upon each client request

    64. 

  64. 	 *  @param (String) $userToken

    65. 

  65. 	 *  @return (String) a "true" or "false" string that the user was validadeted

    66. 

  66. 	 *	if the session was not validadeted destroy the session and deny the connection_aborted

    67. 

  67. 	 *

    68. 

  68. 	 */

    69. 

  69. 

    70. 

  70. 	public function authSession($userToken, $isSigned, $HTTP, $REMOTE){

    71. 

  71.         session_start();

    72. 

  72. 		//session_regenerate_id(true);

    73. 

  73.         //print $userToken . '<br />';

    74. 

  74.         //print $_SESSION['userToken'];

    75. 

  75. 		//print $_SESSION['isSigned'] . '<br />';

    76. 

  76. 		//print $_SESSION['HTTP_USER_AGENT'] . '<br />';

    77. 

  77. 		//print $_SESSION['REMOTE_ADDR'] . '<br />';

    78. 

  78. 		//print_r($_SESSION);

    79. 

  79. 		if(isset($isSigned) and isset($userToken) and isset($HTTP) and isset($REMOTE)){

    80. 

  80. 			//print 'var setadas';

    81. 

  81. 			//verify the identity of the user

    82. 

  82. 			if($isSigned == 'true'){

    83. 

  83. 				//print 'here';

    84. 

  84.                 return true;

    85. 

  85. 			}

    86. 

  86. 		} else {

    87. 

  87. 			//print 'deu treta';

    88. 

  88. 			session_destroy();

    89. 

  89. 			unset($_SESSION);

    90. 

  90. 			return false;

    91. 

  91. 		}

    92. 

  92. 		session_write_close();

    93. 

  93. 	}

    94. 

  94. 

    95. 

  95.     /*

    96. 

  96. 	 *  generate a randon 32 bits data and encrypt it

    97. 

  97. 	 *  @param void

    98. 

  98. 	 *  @return (Array) [requestStatus:boolean, newToken:string]

    99. 

  99. 	 */

    100. 

  100.      function validadeRequest($userToken, $isSigned, $HTTP, $REMOTE){

    101. 

  101.         session_start();

    102. 

  102. 

    103. 

  103.         if($this->authSession($userToken, $isSigned, $HTTP, $REMOTE)){

    104. 

  104. 			//print 'entrei if';

    105. 

  105.             $_SESSION["userToken"] = $this->generateKey();

    106. 

  106.             return array('requestStatus' => true, 'userToken' => $_SESSION["userToken"]);

    107. 

  107.         } else {

    108. 

  108. 			//print 'nao entrei if';

    109. 

  109.             return array('requestStatus' => false, 'userToken' => "");

    110. 

  110.         }

    111. 

  111.      }

    112. 

  112. 	/*

    113. 

  113. 	*	Get the user agent,

    114. 

  114. 	*	Obs.: I can often change this later, that's why the method call aproach

    115. 

  115. 	*	@param (void)

    116. 

  116. 	*	@return (String) userAgent

    117. 

  117. 	*

    118. 

  118. 	*/

    119. 

  119. 	public function getUserAgent(){

    120. 

  120. 		return $_SERVER['HTTP_USER_AGENT'];

    121. 

  121. 	}

    122. 

  122. 

    123. 

  123. 	/*

    124. 

  124. 	*	Get the user IP,

    125. 

  125. 	*	Obs.: I can often change this later, that's why the method call aproach

    126. 

  126. 	*	@param (void)

    127. 

  127. 	*	@return (String) userAgent

    128. 

  128. 	*

    129. 

  129. 	*/

    130. 

  130. 	public function getUserIP(){

    131. 

  131. 		return $_SERVER['REMOTE_ADDR'];

    132. 

  132. 	}

    133. 

  133. 

    134. 

  134.     /*------------------------------------- PHP 5.3 VERSION ONLY ----------------------------

    135. 

  135.      -------------------------------------- DO NOT USE THIS IN PRODUCTION -------------

    136. 

  136.      --------------------------------------------------------------------------------- */

    137. 

  137.     /*

    138. 

  138. 	*	Verify two hashed strings

    139. 

  139. 	*	Obs.: I can often change this later, that's why the method call aproach

    140. 

  140. 	*	@param (void)

    141. 

  141. 	*	@return (String) userAgent

    142. 

  142. 	*

    143. 

  143. 	*/

    144. 

  144.     public function passwordVerify($dbPassword, $passwordInput){

    145. 

  145.         if (CRYPT_SHA512 != 1) {

    146. 

  146.             print "Fatal Error! Server Does not Support SHA-512 encyption";

    147. 

  147.             return false;

    148. 

  148.         } else {

    149. 

  149.             if (crypt($passwordInput, $dbPassword) == $dbPassword){

    150. 

  150. 				return true;

    151. 

  151.             } else {

    152. 

  152.                 return false;

    153. 

  153.             }

    154. 

  154.         }

    155. 

  155.     }

    156. 

  156.     /*

    157. 

  157. 	*	Encrypt a string using SHA-512

    158. 

  158. 	*	Obs.: I can often change this later, that's why the method call aproach

    159. 

  159. 	*	@param (string) string

    160. 

  160. 	*	@return (String) hashed_password

    161. 

  161. 	*

    162. 

  162. 	*/

    163. 

  163.     // public function encOneWayString($string){

    164. 

  164.     //      $salt = substr(str_shuffle("./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012346789"), 0, 8);

    165. 

  165.     //     if (CRYPT_SHA512 != 1) {

    166. 

  166.     //         print "Fatal Error! Server Does not Support SHA-512 encyption";

    167. 

  167.     //         return false;

    168. 

  168.     //     } else {

    169. 

  169.     //         return crypt($string, '$6$'.$salt);

    170. 

  170.     //     }

    171. 

  171.     // }

    172. 

  172. }

    173. 

  173. ?>

    174. 

  174.