From f0659466c12f4d5de904e31961327bfec8ee382b Mon Sep 17 00:00:00 2001 From: cypherbits Date: Sat, 2 May 2020 13:30:29 +0200 Subject: [PATCH] openssl to libsodium --- README | 2 +- README.md | 2 +- chat.php | 15 ++------------- lang_bg.php | 2 +- lang_cz.php | 2 +- lang_de.php | 2 +- lang_en.php | 2 +- lang_es.php | 2 +- lang_it.php | 2 +- lang_ru.php | 2 +- lang_uk.php | 2 +- lang_zh_CN.php | 2 +- 12 files changed, 13 insertions(+), 24 deletions(-) diff --git a/README b/README index b18608f..95efc27 100644 --- a/README +++ b/README @@ -42,7 +42,7 @@ Optionally, you can install: - the json extension for save/restore - a memcached server and the memcached extension and change the configuaration to use memcached. This will lessen the database load a bit. - a MySQL or PostgreSQL server to use as an external database instead of SQLite -- the openssl extension for encryption of messages and notes in the database +- the libsodium extension for encryption of messages and notes in the database (bundled with PHP >= 7.2) When you have everything installed and use MySQL or PostgreSQL, you'll have to create a database and a user for the chat. Then edit the configuration at the bottom of the script to reflect the appropriate database settings and to modify the chat settings the way you like them. Then copy the script to your web-server directory and call the script in your browser with a parameter like this: diff --git a/README.md b/README.md index bef3815..cf11416 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ Optionally, you can install: - the json extension for save/restore - a memcached server and the memcached extension and change the configuaration to use memcached. This will lessen the database load a bit. - a MySQL or PostgreSQL server to use as an external database instead of SQLite -- the openssl extension for encryption of messages and notes in the database +- the libsodium extension (PHP >= 7.2) for encryption of messages and notes in the database When you have everything installed and use MySQL or PostgreSQL, you'll have to create a database and a user for the chat. Then edit the configuration at the bottom of the script to reflect the appropriate database settings and to modify the chat settings the way you like them. Then copy the script to your web-server directory and call the script in your browser with a parameter like this: diff --git a/chat.php b/chat.php index 2793c4f..35667df 100644 --- a/chat.php +++ b/chat.php @@ -768,7 +768,6 @@ function restore_backup($C){ $note['type']=1; } if(MSGENCRYPTED){ - //$note['text']=openssl_encrypt($note['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); $note['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($note['text'], '', AES_IV, ENCRYPTKEY)); } $stmt->execute([$note['type'], $note['lastedited'], $note['editedby'], $note['text']]); @@ -805,7 +804,6 @@ function send_backup($C){ $result=$db->query('SELECT * FROM ' . PREFIX . "notes;"); while($note=$result->fetch(PDO::FETCH_ASSOC)){ if(MSGENCRYPTED){ - //$note['text']=openssl_decrypt($note['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); $note['text']=sodium_crypto_aead_aes256gcm_decrypt(base64_decode($note['text']), null, AES_IV, ENCRYPTKEY); } $code['notes'][]=$note; @@ -1541,7 +1539,6 @@ function send_notes($type){ } if(isset($_REQUEST['text'])){ if(MSGENCRYPTED){ - //$_REQUEST['text']=openssl_encrypt($_REQUEST['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); $_REQUEST['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($_REQUEST['text'], '', AES_IV, ENCRYPTKEY)); } $time=time(); @@ -1576,7 +1573,6 @@ function send_notes($type){ $note['text']=''; } if(MSGENCRYPTED){ - //$note['text']=openssl_decrypt($note['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); $note['text']=sodium_crypto_aead_aes256gcm_decrypt(base64_decode($note['text']), null, AES_IV, ENCRYPTKEY); } echo "

".form('notes'); @@ -2936,7 +2932,6 @@ function validate_input(){ 'text' =>"$displaysend".style_this($message, $U['style']).'' ]; if(MSGENCRYPTED){ - //$newmessage['text']=openssl_encrypt($newmessage['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); $newmessage['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($newmessage['text'], '', AES_IV, ENCRYPTKEY)); } $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'inbox (postdate, postid, poster, recipient, text) VALUES(?, ?, ?, ?, ?)'); @@ -3125,7 +3120,6 @@ function add_system_message($mes){ function write_message($message){ global $db; if(MSGENCRYPTED){ - //$message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); $message['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($message['text'], '', AES_IV, ENCRYPTKEY)); } $stmt=$db->prepare('INSERT INTO ' . PREFIX . 'messages (postdate, poststatus, poster, recipient, text, delstatus) VALUES (?, ?, ?, ?, ?, ?);'); @@ -3247,7 +3241,6 @@ function print_messages($delstatus=0){ function prepare_message_print(&$message, $removeEmbed){ if(MSGENCRYPTED){ - //$message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); $message['text']=sodium_crypto_aead_aes256gcm_decrypt(base64_decode($message['text']), null, AES_IV, ENCRYPTKEY); } if($removeEmbed){ @@ -4006,17 +3999,15 @@ function update_db(){ } update_setting('dbversion', DBVERSION); if($msgencrypted!==MSGENCRYPTED){ - if(!extension_loaded('openssl')){ - send_fatal_error($I['opensslextrequired']); + if(!extension_loaded('sodium')){ + send_fatal_error($I['sodiumextrequired']); } $result=$db->query('SELECT id, text FROM ' . PREFIX . 'messages;'); $stmt=$db->prepare('UPDATE ' . PREFIX . 'messages SET text=? WHERE id=?;'); while($message=$result->fetch(PDO::FETCH_ASSOC)){ if(MSGENCRYPTED){ - //$message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); $message['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($message['text'], '', AES_IV, ENCRYPTKEY)); }else{ - //$message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); $message['text']=sodium_crypto_aead_aes256gcm_decrypt(base64_decode($message['text']), null, AES_IV, ENCRYPTKEY); } $stmt->execute([$message['text'], $message['id']]); @@ -4025,10 +4016,8 @@ function update_db(){ $stmt=$db->prepare('UPDATE ' . PREFIX . 'notes SET text=? WHERE id=?;'); while($message=$result->fetch(PDO::FETCH_ASSOC)){ if(MSGENCRYPTED){ - //$message['text']=openssl_encrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); $message['text']=base64_encode(sodium_crypto_aead_aes256gcm_encrypt($message['text'], '', AES_IV, ENCRYPTKEY)); }else{ - //$message['text']=openssl_decrypt($message['text'], 'aes-256-cbc', ENCRYPTKEY, 0, '1234567890123456'); $message['text']=sodium_crypto_aead_aes256gcm_decrypt(base64_decode($message['text']), null, AES_IV, ENCRYPTKEY); } $stmt->execute([$message['text'], $message['id']]); diff --git a/lang_bg.php b/lang_bg.php index e695c48..090bf83 100644 --- a/lang_bg.php +++ b/lang_bg.php @@ -310,7 +310,7 @@ $T=[ 'nopass' => 'Невалидна парола (поне %d символа), не променям ника', 'gdextrequired' => 'Добавката gd за PHP е необходима за тази функционалност. Моля, първо я инсталирайте.', 'memcachedextrequired' => 'Добавката memcached за PHP е необходима за кеш функционалностите. Моля, първо я инсталирайте или върнете настройките за memcached обратно на false.', - 'opensslextrequired' => 'Добавката openssl за PHP е необходима the криптиращата функционалност. Моля, първо я инсталирайте или върнете настройките за криптиране обратно на false.', + 'sodiumextrequired' => 'Добавката libsodium за PHP е необходима the криптиращата функционалност. Моля, първо я инсталирайте или върнете настройките за криптиране обратно на false.', 'pdo_mysqlextrequired' => 'Добавката pdo_mysql за PHP е необходима за избрания драйвер за базата данни. Моля, първо я инсталирайте.', 'pdo_pgsqlextrequired' => 'Добавката pdo_pgsql за PHP е необходима за избрания драйвер за базата данни. Моля, първо я инсталирайте.', 'pdo_sqliteextrequired' => 'Добавката pdo_sqlite за PHP е необходима за избрния драйвер за базата данни. Моля, първо я инсталирайте.', diff --git a/lang_cz.php b/lang_cz.php index 4403cf4..011c8c8 100644 --- a/lang_cz.php +++ b/lang_cz.php @@ -310,7 +310,7 @@ $I=[ 'nopass' => 'Chybné heslo (Nejméně %d znaků), přezdívka zůstala stejná', 'gdextrequired' => 'Rozšíření PHP gd je pro tuto funkci vyžadováno. Nejprve ho nainstalujte.', 'memcachedextrequired' => 'Pro funkci ukládání do mezipaměti je vyžadováno memcached rozšíření PHP. Nejprve ho nainstalujte, nebo nastavte parametr memcached na hodnotu false.', - 'opensslextrequired' => 'Pro funkci šifrování je vyžadováno rozšíření PHP openssl. Nejprve ho nainstalujte nebo nastavte šifrované nastavení zpět na hodnotu false.', + 'sodiumextrequired' => 'Pro funkci šifrování je vyžadováno rozšíření PHP libsodium. Nejprve ho nainstalujte nebo nastavte šifrované nastavení zpět na hodnotu false.', 'pdo_mysqlextrequired' => 'Rozšíření pdo_mysql PHP je vyžadováno pro zvolený ovladač databáze. Nejprve ho nainstalujte.', 'pdo_pgsqlextrequired' => 'Pro zvolený databázový ovladač je vyžadováno rozšíření PHP pdo_pgsql. Nejprve ho nainstalujte.', 'pdo_sqliteextrequired' => 'Rozšíření pdo_sqlite PHP je vyžadováno pro zvolený ovladač databáze. Nejprve ho nainstalujte.', diff --git a/lang_de.php b/lang_de.php index 08156b5..25b05db 100644 --- a/lang_de.php +++ b/lang_de.php @@ -310,7 +310,7 @@ $T=[ 'nopass' => 'Ungültiges Passwort (Mindestens %d Zeichen), Nickname nicht geändert', 'gdextrequired' => 'Für diese Funktion wird die gd Erweiterung von PHP benötigt. Bitte installieren Sie diese zuerst.', 'memcachedextrequired' => 'Die memcached Erweiterung von PHP wird benötigt, um die Cache-Funktion zu benutzen. Bitte installieren Sie diese zuerst oder setzen Sie die memcached Einstellung zurück auf false.', - 'opensslextrequired' => 'Die openssl Erweiterung von PHP wird benötigt, um die Verschlüsselungs-Funktion zu benutzen. Bitte installieren Sie diese zuerst oder setzen Sie die encrypted Einstellung zurück auf false.', + 'sodiumextrequired' => 'Die libsodium Erweiterung von PHP wird benötigt, um die Verschlüsselungs-Funktion zu benutzen. Bitte installieren Sie diese zuerst oder setzen Sie die encrypted Einstellung zurück auf false.', 'pdo_mysqlextrequired' => 'Die pdo_mysql Erweiterung von PHP wird für den ausgewählten Datenbanktreiber benötigt. Bitte installieren Sie diese zuerst.', 'pdo_pgsqlextrequired' => 'Die pdo_pgsql Erweiterung von PHP wird für den ausgewählten Datenbanktreiber benötigt. Bitte installieren Sie diese zuerst.', 'pdo_sqliteextrequired' => 'Die pdo_sqlite Erweiterung von PHP wird für den ausgewählten Datenbanktreiber benötigt. Bitte installieren Sie diese zuerst.', diff --git a/lang_en.php b/lang_en.php index 03e35ae..c0805e3 100644 --- a/lang_en.php +++ b/lang_en.php @@ -310,7 +310,7 @@ $I=[ 'nopass' => 'Invalid password (At least %d characters), not changing nickname', 'gdextrequired' => 'The gd extension of PHP is required for this feature. Please install it first.', 'memcachedextrequired' => 'The memcached extension of PHP is required for the caching feature. Please install it first or set the memcached setting back to false.', - 'opensslextrequired' => 'The openssl extension of PHP is required for the encryption feature. Please install it first or set the encrypted setting back to false.', + 'sodiumextrequired' => 'The libsodium extension of PHP is required for the encryption feature. Please install it first or set the encrypted setting back to false.', 'pdo_mysqlextrequired' => 'The pdo_mysql extension of PHP is required for the selected database driver. Please install it first.', 'pdo_pgsqlextrequired' => 'The pdo_pgsql extension of PHP is required for the selected database driver. Please install it first.', 'pdo_sqliteextrequired' => 'The pdo_sqlite extension of PHP is required for the selected database driver. Please install it first.', diff --git a/lang_es.php b/lang_es.php index 8c41b3e..50d836e 100644 --- a/lang_es.php +++ b/lang_es.php @@ -310,7 +310,7 @@ $T=[ 'nopass' => 'Constraseña incorrecta (al menos %d caracteres), no se cambia apodo', 'gdextrequired' => 'La extensión gd de PHP es requerida para esto. Instálela primero.', 'memcachedextrequired' => 'La extensión memcached de PHP es requerida para esto. Instalela primero o configure memcached en false.', - 'opensslextrequired' => 'La extensión openssl de PHP es necesaria para la encriptación. Instálela o configure la encriptación en false.', + 'sodiumextrequired' => 'La extensión libsodium de PHP es necesaria para la encriptación. Instálela o configure la encriptación en false.', 'pdo_mysqlextrequired' => 'La extensión pdo_mysql de PHP es necesaria para la database driver seleccionada. Instálelo primero.', 'pdo_pgsqlextrequired' => ' La extensión pdo_pgsql de PHP es necesaria para la database driver seleccionada. Instálelo primero.', 'pdo_sqliteextrequired' => ' La extensión pdo_sqlite de PHP es necesaria para la database driver seleccionada. Instálelo primero.', diff --git a/lang_it.php b/lang_it.php index d4f0952..0d59add 100644 --- a/lang_it.php +++ b/lang_it.php @@ -310,7 +310,7 @@ $T=[ 'nopass' => 'Password sbagliata (Almeno %d simboli), senza cambiare nome', 'gdextrequired' => 'The gd extension of PHP is required for this feature. Please install it first.', 'memcachedextrequired' => 'The memcached extension of PHP is required for the caching feature. Please install it first or set the memcached setting back to false.', - 'opensslextrequired' => 'The openssl extension of PHP is required for the encryption feature. Please install it first or set the encrypted setting back to false.', + 'sodiumextrequired' => 'The libsodium extension of PHP is required for the encryption feature. Please install it first or set the encrypted setting back to false.', 'pdo_mysqlextrequired' => 'The pdo_mysql extension of PHP is required for the selected database driver. Please install it first.', 'pdo_pgsqlextrequired' => 'The pdo_pgsql extension of PHP is required for the selected database driver. Please install it first.', 'pdo_sqliteextrequired' => 'The pdo_sqlite extension of PHP is required for the selected database driver. Please install it first.', diff --git a/lang_ru.php b/lang_ru.php index a9cdf5f..41f211a 100644 --- a/lang_ru.php +++ b/lang_ru.php @@ -310,7 +310,7 @@ $T=[ 'nopass' => 'Некорректный пароль (Хотя бы %d символов), не меняя имени', 'gdextrequired' => 'gd расширение для PHP требуетса для етой функции. Пожалуйста установите его сначала...', 'memcachedextrequired' => 'The memcached extension of PHP is required for the caching feature. Please install it first or set the memcached setting back to false.', - 'opensslextrequired' => 'The openssl extension of PHP is required for the encryption feature. Please install it first or set the encrypted setting back to false.', + 'sodiumextrequired' => 'The libsodium extension of PHP is required for the encryption feature. Please install it first or set the encrypted setting back to false.', 'pdo_mysqlextrequired' => 'Pdo_mysql расширение для PHP требуетса для драйверов базы данных. Пожалуйста установите его сначала..', 'pdo_pgsqlextrequired' => 'Pdo_pgsql расширение для PHP требуетса для драйверов базы данных. Пожалуйста установите его сначала..', 'pdo_sqliteextrequired' => 'Pdo_sqlite расширение для PHP требуетса для драйверов базы данных. Пожалуйста установите его сначала.', diff --git a/lang_uk.php b/lang_uk.php index 1430945..65630ef 100644 --- a/lang_uk.php +++ b/lang_uk.php @@ -310,7 +310,7 @@ $T=[ 'nopass' => 'Негідний пароль (Хотя б %d символів), не міняя імя', 'gdextrequired' => 'The gd extension of PHP is required for this feature. Please install it first.', 'memcachedextrequired' => 'The memcached extension of PHP is required for the caching feature. Please install it first or set the memcached setting back to false.', - 'opensslextrequired' => 'The openssl extension of PHP is required for the encryption feature. Please install it first or set the encrypted setting back to false.', + 'sodiumextrequired' => 'The libsodium extension of PHP is required for the encryption feature. Please install it first or set the encrypted setting back to false.', 'pdo_mysqlextrequired' => 'The pdo_mysql extension of PHP is required for the selected database driver. Please install it first.', 'pdo_pgsqlextrequired' => 'The pdo_pgsql extension of PHP is required for the selected database driver. Please install it first.', 'pdo_sqliteextrequired' => 'The pdo_sqlite extension of PHP is required for the selected database driver. Please install it first.', diff --git a/lang_zh_CN.php b/lang_zh_CN.php index c5514eb..1393758 100644 --- a/lang_zh_CN.php +++ b/lang_zh_CN.php @@ -289,7 +289,7 @@ $T=[ 'nopass' => '密码无效(至少%d个字符),不更改昵称.', 'gdextrequired' => '此功能需要PHP的gd扩展名。 请先安装它。.', 'memcachedextrequired' => '缓存功能需要PHP的memcached扩展。 请先安装它或将memcached设置恢复为false.', - 'opensslextrequired' => '加密功能需要PHP的openssl扩展。 请先安装它或将加密设置恢复为false.', + 'sodiumextrequired' => '加密功能需要PHP的libsodium扩展。 请先安装它或将加密设置恢复为false.', 'pdo_mysqlextrequired' => '所选数据库驱动程序需要PHP的pdo_mysql扩展名。 请先安装它.', 'pdo_pgsqlextrequired' => '所选数据库驱动程序需要PHP的pdo_pgsql扩展名。 请先安装它。', 'pdo_sqliteextrequired' => '所选数据库驱动程序需要PHP的pdo_sqlite扩展。 请先安装它.',