0){ ksort($existingKeys); if(!empty($date)){ $key = ''; foreach($existingKeys as $unixDate=>$values){ if(($unixDate-30) >= $date ){ vmdebug('$unixDate '.$unixDate.' >= $date '.$date); continue; } //vmdebug('$unixDate < $date '.$date); $key = $values['key']; $usedKey = $values; } if(!isset($usedKey['b64']) or $usedKey['b64']){ vmdebug('Doing base64_decode ',$usedKey); $key = base64_decode($key); } } else { $usedKey = end($existingKeys); $key = $usedKey['key']; //No key means, we wanna encrypt something, when it has not the new attribute, //it is an old key and must be replaced $ksize = VmConfig::get('keysize',24); if(empty($key) or !isset($usedKey['b64']) or !isset($usedKey['size']) or $usedKey['size']!=$ksize){ $key = self::_createKeyFile($keyPath,$ksize); $existingKeys[$key['unixtime']] = $key; return $key['key']; } } //vmdebug('Length of key',strlen($key)); //vmTime('my time','check'); return $key; } else { $key = self::_createKeyFile($keyPath,VmConfig::get('keysize',24)); $existingKeys[$key['unixtime']] = $key; return $key['key']; } } private static function _createKeyFile($keyPath, $size = 32){ $usedKey = date("ymd"); $filename = $keyPath . DS . $usedKey . '.ini'; if(!class_exists('vFile')) require(VMPATH_ADMIN .DS. 'vmf' .DS. 'filesystem' .DS. 'vfile.php'); if (!vFile::exists ($filename)) { $key = self::crypto_rand_secure($size); vmdebug('create key file ',$size); $date = vFactory::getDate(); $today = $date->toUnix(); $dat = date("Y-m-d H:i:s"); $content = ';'; $result = vFile::write($filename, $content); return array('key'=>$key,'unixtime'=>$today,'date'=>$dat,'b64'=>0,'size'=>$size); } else { return false; } } private static function _getEncryptSafepath () { if (!class_exists('ShopFunctions')) require(VMPATH_ADMIN . DS . 'helpers' . DS . 'shopfunctions.php'); $safePath = ShopFunctions::checkSafePath(); if (empty($safePath)) { return NULL; } $encryptSafePath = $safePath . self::ENCRYPT_SAFEPATH; self::createEncryptFolder($encryptSafePath); return $encryptSafePath; } private static function createEncryptFolder ($folderName) { if(!class_exists('vFolder')) require(VMPATH_ADMIN .DS. 'vmf' .DS. 'filesystem' .DS. 'vfolder.php'); $exists = vFolder::exists ($folderName); if ($exists) { return TRUE; } $created = vFolder::create ($folderName); if ($created) { return TRUE; } $uri = vFactory::getURI (); $link = $uri->root () . 'administrator/index.php?option=com_virtuemart&view=config'; VmError (vmText::sprintf ('COM_VIRTUEMART_CANNOT_STORE_CONFIG', $folderName, '' . $link . '', vmText::_ ('COM_VIRTUEMART_ADMIN_CFG_MEDIA_FORSALE_PATH'))); return FALSE; } /** * Creates a token for inputs by human, some chars are removed to reduce mistyping, * All chars are upper case, 0 and O are omitted * * @author Max Milbers * @param $length * @return string */ static function getHumanToken($length) { return self::getToken( $length, "123456789ABCDEFGHIJKLMNPQRSTUVWXYZ" ); } /** * Creates a token * * @author Max Milbers * @param $length Only keys of sizes 16, 24 or 32 are supported * @param $pool pool to chose from * @return string */ static function getToken($length=24, $pool = false) { $token = ""; if(!$pool){ $pool = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $pool.= "abcdefghijklmnopqrstuvwxyz"; $pool.= "0123456789"; } $max = strlen($pool); for ($i=0; $i < $length; $i++) { $token .= $pool[self::crypto_rand_secure_cover($max)]; } return $token; } static function getFilteredBytes($size = 32, $filter = '"'){ $key = self::crypto_rand_secure($size); $i = 0; if(!is_array($filter)) $filter = array($filter); foreach ($filter as $f){ while(strpos($key,$f)!==false){ $pos = strpos($key,$f); $r = self::crypto_rand_secure(1); $key[$pos] = $r; if($i++>=($size*2))break; } } return $key; } static function crypto_rand_secure_cover($range) { //$range = $max - $min; //if ($range < 1) return $min; // not so random... $log = ceil( log( $range, 2 ) ); $bytes = (int)($log/8) + 1; // length in bytes $bits = (int)$log + 1; // length in bits $filter = (int)(1 << $bits) - 1; // set all lower bits to 1 do { $rnd = hexdec( bin2hex( self::crypto_rand_secure( $bytes ) ) ); $rnd = $rnd & $filter; // discard irrelevant bits } while( $rnd>=$range ); //vmdebug('crypto_rand_secure_cover '.$rnd); return $rnd; } /** * Returns random bytes of the desired length * The function with "CAPICOM" is not tested and there for other who may need and fix it. * @author Max Milbers * @param $r * @param int $gen * @return string */ static function crypto_rand_secure($r) { $bytes = ''; static $used = false; if((strlen($bytes) < $r) && function_exists('openssl_random_pseudo_bytes')) { $bytes = openssl_random_pseudo_bytes($r); if(!$used){ vmdebug('with openssl_random_pseudo_bytes',$bytes); $used = true; } } if((strlen($bytes) < $r) && function_exists('mcrypt_create_iv')) { // Use MCRYPT_RAND on Windows hosts with PHP < 5.3.7, otherwise use MCRYPT_DEV_URANDOM // (http://bugs.php.net/55169). $flag = (version_compare(PHP_VERSION, '5.3.7', '<') && strncasecmp(PHP_OS, 'WIN', 3) == 0) ? MCRYPT_RAND : MCRYPT_DEV_URANDOM ; $bytes = mcrypt_create_iv($r,$flag); if(!$used){ vmdebug('with mcrypt_create_iv',$bytes); $used = true; } } if((strlen($bytes) < $r) && is_readable('/dev/urandom') && ($urandom = fopen('/dev/urandom', 'rb')) !== false) { $bytes = @fread($urandom, $r); @fclose($urandom); if(!$used){ vmdebug('with urandom',$bytes); $used = true; } } /*if ((strlen($bytes) < $r) && class_exists('COM')) { // Officially deprecated in Windows 7 // http://msdn.microsoft.com/en-us/library/aa388182%28v=vs.85%29.aspx try { // @noinspection PhpUndefinedClassInspection $CAPI_Util = new COM('CAPICOM.Utilities.1'); if(is_callable(array($CAPI_Util,'GetRandom'))) { // @noinspection PhpUndefinedMethodInspection $bytes = $CAPI_Util->GetRandom($r,0); $bytes = base64_decode($bytes); } } catch (Exception $e){ } if(!$used){ vmdebug('with CAPICOM',$bytes); $used = true; } }//*/ if (strlen($bytes) < $r) { for($j=0;$j<$r;$j+=16){ $mt_rand = mt_rand(); /*$getmypid = ''; if (function_exists('getmypid')) $getmypid .= getmypid();*/ $memory_get_usage = 1/memory_get_usage(); $ms = microtime(true); $frac = (int)substr((string)$ms - floor($ms),2); $random_state = $frac+$mt_rand+$memory_get_usage; $t = sha1( $random_state ,true); if($j+16>$r){ $rest = $r-$j; $ran = mt_rand(0,15-$rest); $bytes .= substr($t,$ran,$rest); //vmdebug('mt_rand substr '.$bytes,$t); } else { $bytes .= $t; //vmdebug('just added it '.$bytes,$t); } } } //vmdebug('returning '.$bytes.' '.base64_encode($bytes)); //*/ /*if (strlen($bytes) < $r) { // do something to warn system owner that // pseudorandom generator is missing vmdebug('crypto_rand_secure pseudorandom generator is missing',$bytes); } else { //vmdebug('crypto_rand_secure pseudorandom bytes '.$bytes); }*/ return $bytes; } }