function urllogin_encrypt in urllogin 8
Same name and namespace in other branches
- 6 urllogin_security.inc \urllogin_encrypt()
- 7 urllogin_security.inc \urllogin_encrypt()
- 2.x urllogin_security.inc \urllogin_encrypt()
Encrypts a pair of integers.
The encryption uses a "butterfly" technique similar to the DES's Feistel scheme. See for more details of the DES Instead of the Feistel function, sha256 is used. (This is probably way overkill but it is easy to code.) Another encryption algorithm can be plugged in here if desired.
Parameters
int $i: First Integer, passed by reference.
int $j: Second Integer, passed by reference.
string $x: Extra byte, passed by reference.
string $passkey: String containing encryption key phrase.
1 call to urllogin_encrypt()
- urllogin_encode in ./
urllogin_security.inc - Encodes a user ID into an encoded url string.
File
- ./
urllogin_security.inc, line 47 - Include file for urllogin security functions.
Code
function urllogin_encrypt(&$i, &$j, &$x, $passkey) {
// sha256 produces 32 bytes, so could do 16 interations.
$k = hash('sha256', $passkey, TRUE);
for ($iter = 0; $iter < 8; $iter++) {
$tmp = $i;
$i = $j ^ urllogin_inthash($i) ^ (ord($k[$iter * 2]) << 8 | ord($k[$iter * 2 + 1]));
$j = $tmp;
}
// Extra byte for added security.
$x = ($i ^ $j ^ ord($k[16])) & 0xff;
}