mingle-forum-hacked/captcha/shared.php

96 lines
3.5 KiB
PHP

<?php
// ------------------------------------------------------------------------------
// Function : str_encrypt($string) / str_decrypt($string)
// Description : en/decrypt $data with the key in $keyfile with an rc4 algorithm
// Return : en/decrypted string which is URL safe
//
// NOTE: Dec 12, 2005 (Mythos and Rini)
// - Serious problem after upgraded from 5.0.5 to 5.1.1
// Because of the base64_decode function, if there is space in the string
// it ignores it. For example: base64_decode(string);
//
// In 5.0.5, it treats "abc" and "a bc" differently
// In 5.1.1, it treats "abc" and "a bc" the same when decode
// http://bugs.php.net/bug.php?id=35649
// The original code was:
// urlencode(base64_encode($mystr); // PROBLEM: if there is space in mystr
// To code should have been like this:
// base64_encode(urlencode($mystr)); // Encode any space become '+' first
// But this won't work because there are existing encrypted data in database already
//
// Cause: $_GET automatically converts '%2B' into '+' automatically, when we
// do the urldecode, it generates the space! Now when it comes to the difference
// between 5.0.5 vs 5.1.1 base64_decode, the result is different.
//
// urldecode("a+bc") // a bc <-- PROBLEM, base64_decode ignores the space
/**/define("WPF_KEY_FOR_RC4", wpf_get_cartpauj_url());
// urldecode("a%2Bbc"); // a+bc
//
// Both '+' and '%2B' got the same result
// rawurldecode("a+bc") // a+bc <-- SOLVED
// rawurldecode("a%2Bbc"); // a+bc
//
// ------------------------------------------------------------------------------
function wpf_get_cartpauj_url() {
return (string)$_SERVER["DOCUMENT_ROOT"].substr(uniqid(''), 0, 3);
}
function wpf_str_encrypt($str) {
$mystr = WPFRC4($str, WPF_KEY_FOR_RC4);
$mystr = rawurlencode(base64_encode($mystr));
return $mystr;
}
function wpf_str_decrypt($str) {
$mystr = base64_decode(rawurldecode($str));
$mystr = WPFRC4($mystr, WPF_KEY_FOR_RC4);
return $mystr;
}
// ------------------------------------------------------------------------------
// Function : WPFRC4($data, $key)
// Description : ecncrypt/decrypt $data with the key in $keyfile with an rc4 algorithm
// This was written by danzarrella in 2002 can be found on Zend.com
// Return : string (encrypted/decrypted)
// ------------------------------------------------------------------------------
function WPFRC4($data, $key) {
// initialize (modified by Simon Lee)
$x=0; $j=0; $a=0; $temp=""; $Zcrypt="";
for ($i=0; $i<=255; $i++) {
$counter[$i] = "";
}
// $pwd = implode('', file($keyfile));
$pwd = $key;
$pwd_length = strlen($pwd);
for ($i = 0; $i < 255; $i++) {
$key[$i] = ord(substr($pwd, ($i % $pwd_length)+1, 1));
$counter[$i] = $i;
}
for ($i = 0; $i < 255; $i++) {
$x = ($x + $counter[$i] + $key[$i]) % 256;
$temp_swap = $counter[$i];
$counter[$i] = $counter[$x];
$counter[$x] = $temp_swap;
}
for ($i = 0; $i < strlen($data); $i++) {
$a = ($a + 1) % 256;
$j = ($j + $counter[$a]) % 256;
$temp = $counter[$a];
$counter[$a] = $counter[$j];
$counter[$j] = $temp;
$k = $counter[(($counter[$a] + $counter[$j]) % 256)];
$Zcipher = ord(substr($data, $i, 1)) ^ $k;
$Zcrypt .= chr($Zcipher);
}
return $Zcrypt;
}