1: <?php
2:
3: namespace Alpha\Util\Security;
4:
5: use Alpha\Util\Config\ConfigProvider;
6:
7: /**
8: * A utility class for carrying out various security tasks.
9: *
10: * @since 1.2.2
11: *
12: * @author John Collins <dev@alphaframework.org>
13: * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
14: * @copyright Copyright (c) 2016, John Collins (founder of Alpha Framework).
15: * All rights reserved.
16: *
17: * <pre>
18: * Redistribution and use in source and binary forms, with or
19: * without modification, are permitted provided that the
20: * following conditions are met:
21: *
22: * * Redistributions of source code must retain the above
23: * copyright notice, this list of conditions and the
24: * following disclaimer.
25: * * Redistributions in binary form must reproduce the above
26: * copyright notice, this list of conditions and the
27: * following disclaimer in the documentation and/or other
28: * materials provided with the distribution.
29: * * Neither the name of the Alpha Framework nor the names
30: * of its contributors may be used to endorse or promote
31: * products derived from this software without specific
32: * prior written permission.
33: *
34: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
35: * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
36: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
37: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38: * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
39: * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
41: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
42: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
44: * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
45: * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
46: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
47: * </pre>
48: */
49: class SecurityUtils
50: {
51: /**
52: * Encrypt provided data using AES 256 algorithm and the security.encryption.key.
53: *
54: * @param string $data
55: *
56: * @return string
57: *
58: * @since 1.2.2
59: */
60: public static function encrypt($data)
61: {
62: $config = ConfigProvider::getInstance();
63:
64: $ivsize = openssl_cipher_iv_length('aes-256-ecb');
65: $iv = openssl_random_pseudo_bytes($ivsize);
66:
67: $encryptedData = openssl_encrypt(
68: $data,
69: 'aes-256-ecb',
70: $config->get('security.encryption.key'),
71: OPENSSL_RAW_DATA,
72: $iv
73: );
74:
75: return $iv . $encryptedData;
76: }
77:
78: /**
79: * Decrypt provided data using AES 256 algorithm and the security.encryption.key.
80: *
81: * @param string $data
82: *
83: * @return string
84: *
85: * @since 1.2.2
86: */
87: public static function decrypt($data)
88: {
89: $config = ConfigProvider::getInstance();
90:
91: $ivsize = openssl_cipher_iv_length('aes-256-ecb');
92: $iv = mb_substr($data, 0, $ivsize, '8bit');
93: $ciphertext = mb_substr($data, $ivsize, null, '8bit');
94:
95: $decryptedData = openssl_decrypt(
96: $ciphertext,
97: 'aes-256-ecb',
98: $config->get('security.encryption.key'),
99: OPENSSL_RAW_DATA,
100: $iv
101: );
102:
103: return $decryptedData;
104: }
105:
106: /**
107: * Checks to see if the admin password provided matches the default admin password in the config file.
108: *
109: * @param string $password The encrypted admin password stored in the database.
110: *
111: * @return boolean
112: *
113: * @since 2.0.2
114: */
115: public static function checkAdminPasswordIsDefault($password)
116: {
117: $config = ConfigProvider::getInstance();
118:
119: return password_verify($config->get('app.install.password'), $password);
120: }
121: }
122: