function urllogin_decrypt in urllogin 8
Same name and namespace in other branches
- 6 urllogin_security.inc \urllogin_decrypt()
- 7 urllogin_security.inc \urllogin_decrypt()
- 2.x urllogin_security.inc \urllogin_decrypt()
Decrypts a pair of integers.
Exact reverse of encryption: The values of $i and $j are swapped. The key is applied in the reverse order to encryption.
Parameters
int $j: First Integer, passed by reference.
int $i: Second Integer, passed by reference.
string $x: Extra byte, passed by reference.
string $passkey: String containing encryption key phrase.
Return value
bool TRUE if successful, FALSE if extra byte fails Note that a TRUE return does not mean security checks are past. This is just an added level of security to help with diagnostics.
1 call to urllogin_decrypt()
- urllogin_decode in ./
urllogin_security.inc - Decodes an encoded url string.
File
- ./
urllogin_security.inc, line 80 - Include file for urllogin security functions.
Code
function urllogin_decrypt(&$j, &$i, &$x, $passkey) {
// sha256 produces 32 bytes, so could do 16 interations.
$k = hash('sha256', $passkey, TRUE);
if ($x != (($i ^ $j ^ ord($k[16])) & 0xff)) {
return FALSE;
}
// extra byte for added security
for ($iter = 0; $iter < 8; $iter++) {
$tmp = $i;
$i = $j ^ urllogin_inthash($i) ^ (ord($k[14 - $iter * 2]) << 8 | ord($k[14 - $iter * 2 + 1]));
$j = $tmp;
}
return TRUE;
}