function urllogin_decrypt in urllogin 6
Same name and namespace in other branches
- 8 urllogin_security.inc \urllogin_decrypt()
- 7 urllogin_security.inc \urllogin_decrypt()
- 2.x urllogin_security.inc \urllogin_decrypt()
Decrypts a pair of integers
Exact reverse of encryption: The values of $i and $j are swapped. The key is applied in the reverse order to encryption.
Parameters
$j: First Integer, passed by reference
$i: Second Integer, passed by reference
$x: Extra byte, passed by reference
$passkey: String containing encryption key phrase
Return value
TRUE if successful, FALSE if extra byte fails Note that a TRUE return does not mean security checks are past. This is just an added level of security to help with diagnostics.
1 call to urllogin_decrypt()
- urllogin_decode in ./
urllogin_security.inc - Decodes an encoded url string into a user ID and tests validity. If the uid matches the current one supplied, then it is valid even if link is expired. This is so that the user for whom the link is intended does not get an error message if they are…
File
- ./
urllogin_security.inc, line 84 - Include file for urllogin security functions. This module is designed for easy drop-in replacement where an alternative encryption model is required.
Code
function urllogin_decrypt(&$j, &$i, &$x, $passkey) {
$k = hash('sha256', $passkey, TRUE);
// sha256 produces 32 bytes, so could do 16 interations
if ($x != (($i ^ $j ^ ord($k[16])) & 0xff)) {
return FALSE;
}
// extra byte for added security
for ($iter = 0; $iter < 8; $iter++) {
$tmp = $i;
$i = $j ^ _urllogin_inthash($i) ^ (ord($k[14 - $iter * 2]) << 8 | ord($k[14 - $iter * 2 + 1]));
$j = $tmp;
}
return TRUE;
}