You are here

Home » API reference » Encrypt Submissions 7 » encrypt_submissions.module

function encrypt_submissions_init in Encrypt Submissions 7

Same name and namespace in other branches
  1. 6 encrypt_submissions.module \encrypt_submissions_init()

File

./encrypt_submissions.module, line 307

Code

function encrypt_submissions_init() {

  // Prevent the encryption keys from getting cached by Drupal core.
  if (arg(0) == 'encrypt-submissions') {
    drupal_page_is_cacheable(FALSE);
  }

  // Has the current logged in user been given the permission
  // to even use this module?  If not, harmlessly return.
  if (!user_access("access encrypt submissions")) {
    return;
  }

  // Create a javascript setting for later use.
  drupal_add_js(array(
    'encrypt_submissions' => array(
      'baseUrl' => $GLOBALS["base_url"],
    ),
  ), 'setting');

  // We have been passed an encrypted form through the POST.  We need to decrypt it,
  // and re-assign the $_POST to the new result.
  if (isset($_POST["jCryption"]) && isset($_SESSION["es_e"]) && isset($_SESSION["es_d"]) && isset($_SESSION["es_n"])) {
    $jcryption_location = variable_get("encrypt_submissions_jcryption_location", "");
    $php_file = "{$jcryption_location}/jcryption.php";
    if (!file_exists($php_file)) {
      encrypt_submissions_check_library_files_exist();
      $jcryption_location = variable_get("encrypt_submissions_jcryption_location", "");
      $php_file = "{$jcryption_location}/jcryption.php";
    }

    // We need to test to make sure the es_token in the SESSION is valid, proving
    // that this is not a hacking attempt.
    // We will generate a token now, and test it against the one in the SESSION.
    $test_es_token = md5(drupal_get_private_key() . $_SESSION["es_e"]["hex"]);
    if ($_SESSION["es_token"] != $test_es_token) {
      drupal_set_message("Invalid encryption token. Rejecting submission.", "error");
      return;
    }

    // If we made it here, then everything must be okay with the submission, and we can
    // proceed.
    require_once $php_file;
    $jCryption = new jCryption();
    $var = $jCryption
      ->decrypt($_POST['jCryption'], $_SESSION["es_d"]["int"], $_SESSION["es_n"]["int"]);
    unset($_SESSION["es_e"]);
    unset($_SESSION["es_d"]);
    unset($_SESSION["es_n"]);
    unset($_SESSION["es_token"]);
    parse_str($var, $result);
    $_POST = $result;
  }
}