* PHP >= 4.0.2 with libmcrypt-2.4.x required. *
* MetabaseGetMcryptFieldValue() returns the data as an encrypted string (not * binary) so set the database field type to text. *
* In order to use these functions you need to add these values to the Options * array of MetabaseSetupDatabase(): * McryptKey, McryptMode, McryptCipher *
* Example of MetabaseSetupDatabase:
*
* $error=MetabaseSetupDatabase(array(
* "Host"=>"localhost",
* "Type"=>"mysql",
* "User"=>"user_name",
* "Password"=>"password_here",
* "Options"=>array(
* "McryptKey"=>"Very secret key", //string. required to use mcrypt functions
* "McryptMode"=>MCRYPT_MODE_CFB, //constant. default is MCRYPT_MODE_ECB
* "McryptCipher"=>MCRYPT_TripleDES, //constant. default is MCRYPT_TripleDES
* //read the php manual Mcrypt section before using the mcrypt functions!
* )
* ),&$database);
*
*
* Example of function use:
*
* $encrypted_data = MetabaseGetMcryptFieldValue($database,"data_here");
* $decrypted_data = MetabaseFetchMcryptResult($database,$result,$row,$field);
*
*/
Function MetabaseGetMcryptFieldValue($database,$value){
global $metabase_databases,$metabase_interfaces;
//check if mcrypt values are set in MetabaseSetupDatabase() options array.
if($key = $metabase_interfaces[$metabase_databases[$database]->interface]->options["McryptKey"]){
$hashed_key = md5($key);
}else{
$metabase_interfaces[$metabase_databases[$database]->interface]->last_error = "MetabaseMcrypt Error: You need to assign a secrect McryptKey in the MetabaseSetupDatabase() options array to use the Metabase Mcypt functions.";
return FALSE;
}//end else
if(!$mode = $metabase_interfaces[$metabase_databases[$database]->interface]->options["McryptMode"])
$mode = MCRYPT_MODE_ECB; //default
if(!$cipher = $metabase_interfaces[$metabase_databases[$database]->interface]->options["McryptCipher"])
$cipher = MCRYPT_TripleDES; //default
//check to make sure there is a value to encrypt
if($value == "")
return $metabase_interfaces[$metabase_databases[$database]->interface]->GetTextFieldValue($value);
//open the module of the encryption algorithm and the mode
$td = mcrypt_module_open($cipher, "", $mode, "");
//create a random $iv of required length
//Note: The IV is stored with the data so it can be generated each encryption
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_URANDOM);
//check key size
$max_key_size = mcrypt_enc_get_key_size($td);
if($max_key_size < 32)
$hashed_key = substr($hashed_key, 0, $max_key_size);
//initialize the mcrypt buffers
mcrypt_generic_init($td, $hashed_key, $iv);
//concatinate the hash of the value to the front of the value to make the
// value harder to decode
$cat_value = md5($value).$value;
//preform encryption
$blob = mcrypt_generic($td, $cat_value);
//strip the trailing nulls mcrypt might add
$stripped_blob = substr($blob, 0, strlen($value)+32);
//prepend the IV
$iv_stripped_blob = $iv.$stripped_blob;
//base 64 encode everything for storage as type text in the db
$encoded = base64_encode($iv_stripped_blob);
//free the mcrypt buffers
mcrypt_generic_end($td);
//return the metabase filtered encrypted text
return($metabase_interfaces[$metabase_databases[$database]->interface]->GetTextFieldValue($encoded));
}//end MetabaseGetMcryptFieldValue
////////////////////////////////////////////////////////////////////////////////
Function MetabaseFetchMcryptResult($database,$result,$row,$field){
global $metabase_databases,$metabase_interfaces;
//check if mcrypt values are set in MetabaseSetupDatabase() options array.
if($key = $metabase_interfaces[$metabase_databases[$database]->interface]->options["McryptKey"]){
$hashed_key = md5($key);
}else{
$metabase_interfaces[$metabase_databases[$database]->interface]->last_error = "MetabaseMcrypt Error: You need to assign a secrect McryptKey in the MetabaseSetupDatabase() options array to use the Metabase Mcypt functions.";
return FALSE;
}//end else
if(!$mode = $metabase_interfaces[$metabase_databases[$database]->interface]->options["McryptMode"])
$mode = MCRYPT_MODE_ECB; //default
if(!$cipher = $metabase_interfaces[$metabase_databases[$database]->interface]->options["McryptCipher"])
$cipher = MCRYPT_TripleDES; //default
//fetch the encrypted text from the metabase db layer
$result = $metabase_interfaces[$metabase_databases[$database]->interface]->FetchResult($result,$row,$field);
//check to make sure there is a value to dencrypt
if($result == "")
return $result;
//open the module of the encryption algorithm and the mode
$td = mcrypt_module_open($cipher, "", $mode, "");
//decode the result. iv_encoded_value has an order of: iv+encoded_value
$iv_encoded_value = base64_decode($result);
//get the iv block size
$iv_size = mcrypt_enc_get_iv_size($td);
//grab iv from front of iv_encoded_value. iv has the same block size as cipher
$iv = substr($iv_encoded_value, 0, $iv_size);
//grab the encoded_value from the iv_encoded_value
$encoded_value = substr($iv_encoded_value, $iv_size);
//check key size
$max_key_size = mcrypt_enc_get_key_size($td);
if($max_key_size < 32)
$hashed_key = substr($hashed_key, 0, $max_key_size);
//initialize the mcrypt buffers
mcrypt_generic_init($td, $hashed_key, $iv);
//preform decryption. decoded_value has order: hashed(value)+value
$decoded_value = mdecrypt_generic($td, $encoded_value);
//free the mcrypt buffers
mcrypt_generic_end($td);
//strip the trailing nulls mcrypt might add
$stripped_decoded_value = substr($decoded_value, 0, strlen($encoded_value));
//grab the original decode value. 32 is length of hashed(value)
$value = substr($stripped_decoded_value, 32);
//grab the original hash of the value
$orig_hash = substr($stripped_decoded_value, 0, 32);
//check if original hash == hashed original value
if ($orig_hash != md5($value)){
$metabase_interfaces[$metabase_databases[$database]->interface]->last_error = "MetabaseMcrypt Error: Hash of orginal data doesn't match hash decrypted data. Is McryptKey correct?";
return FALSE;
}else{
return $value;
}//end else
}//end MetabaseFetchMcryptResult
?>