31) { trigger_error(__d( 'cake_dev', 'Invalid value, cost must be between %s and %s', array(4, 31) ), E_USER_WARNING); return null; } self::$hashCost = $cost; } /** * Encrypts/Decrypts a text using the given key. * * @param string $text Encrypted string to decrypt, normal string to encrypt * @param string $key Key to use * @return string Encrypted/Decrypted string */ public static function cipher($text, $key) { if (empty($key)) { trigger_error(__d('cake_dev', 'You cannot use an empty key for Security::cipher()'), E_USER_WARNING); return ''; } srand(Configure::read('Security.cipherSeed')); $out = ''; $keyLength = strlen($key); for ($i = 0, $textLength = strlen($text); $i < $textLength; $i++) { $j = ord(substr($key, $i % $keyLength, 1)); while ($j--) { rand(0, 255); } $mask = rand(0, 255); $out .= chr(ord(substr($text, $i, 1)) ^ $mask); } srand(); return $out; } /** * Encrypts/Decrypts a text using the given key using rijndael method. * * @param string $text Encrypted string to decrypt, normal string to encrypt * @param string $key Key to use * @param string $operation Operation to perform, encrypt or decrypt * @return string Encrypted/Descrypted string */ public static function rijndael($text, $key, $operation) { if (empty($key)) { trigger_error(__d('cake_dev', 'You cannot use an empty key for Security::rijndael()'), E_USER_WARNING); return ''; } if (empty($operation) || !in_array($operation, array('encrypt', 'decrypt'))) { trigger_error(__d('cake_dev', 'You must specify the operation for Security::rijndael(), either encrypt or decrypt'), E_USER_WARNING); return ''; } if (strlen($key) < 32) { trigger_error(__d('cake_dev', 'You must use a key larger than 32 bytes for Security::rijndael()'), E_USER_WARNING); return ''; } $algorithm = 'rijndael-256'; $mode = 'cbc'; $cryptKey = substr($key, 0, 32); $iv = substr($key, strlen($key) - 32, 32); if ($operation === 'encrypt') { return mcrypt_encrypt($algorithm, $cryptKey, $text, $mode, $iv); } return rtrim(mcrypt_decrypt($algorithm, $cryptKey, $text, $mode, $iv), "\0"); } /** * Generates a pseudo random salt suitable for use with php's crypt() function. * The salt length should not exceed 27. The salt will be composed of * [./0-9A-Za-z]{$length}. * * @param integer $length The length of the returned salt * @return string The generated salt */ public static function salt($length = 22) { $salt = str_replace( array('+', '='), '.', base64_encode(sha1(uniqid(Configure::read('Security.salt'), true), true)) ); return substr($salt, 0, $length); } /** * One way encryption using php's crypt() function, used with type blowfish in ``Security::hash()`` * * @param string $password The string to be encrypted. * @param mixed $salt false to generate a new salt or an existing salt. */ protected static function _crypt($password, $salt = false) { if ($salt === false) { $salt = self::salt(22); $salt = vsprintf('$2a$%02d$%s', array(self::$hashCost, $salt)); } if ($salt === true || strpos($salt, '$2a$') !== 0 || strlen($salt) < 29) { trigger_error(__d( 'cake_dev', 'Invalid salt: %s for %s Please visit http://www.php.net/crypt and read the appropriate section for building %s salts.', array($salt, 'blowfish', 'blowfish') ), E_USER_WARNING); return ''; } return crypt($password, $salt); } }