__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
namespace core;
/**
* Class used to encrypt or decrypt data.
*
* @package core
* @copyright 2020 The Open University
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class encryption {
/** @var string Encryption method: Sodium */
const METHOD_SODIUM = 'sodium';
/**
* @var string Encryption method: hand-coded OpenSSL (less safe)
*
* @deprecated
*/
const METHOD_OPENSSL = 'openssl-aes-256-ctr';
/**
* @var string OpenSSL cipher method
*
* @deprecated
*/
const OPENSSL_CIPHER = 'AES-256-CTR';
/**
* Checks if Sodium is installed.
*
* @return bool True if the Sodium extension is available
*
* @deprecated since Moodle 4.3 Sodium is always present
*/
public static function is_sodium_installed(): bool {
debugging(__FUNCTION__ . '() is deprecated, sodium is now always present', DEBUG_DEVELOPER);
return extension_loaded('sodium');
}
/**
* Gets the encryption method to use
*
* @return string Current encryption method
*/
protected static function get_encryption_method(): string {
return self::METHOD_SODIUM;
}
/**
* Creates a key for the server.
*
* Note we currently retain support for all methods, in order to decrypt legacy {@see METHOD_OPENSSL} content
*
* @param string|null $method Encryption method (only if you want to create a non-default key)
* @param bool $chmod If true, restricts the file access of the key
* @throws \moodle_exception If the server already has a key, or there is an error
*/
public static function create_key(?string $method = null, bool $chmod = true): void {
if ($method === null) {
$method = self::get_encryption_method();
}
if (self::key_exists($method)) {
throw new \moodle_exception('encryption_keyalreadyexists', 'error');
}
// Don't make it read-only in Behat or it will fail to clear for future runs.
if (defined('BEHAT_SITE_RUNNING')) {
$chmod = false;
}
// Generate the key.
switch ($method) {
case self::METHOD_SODIUM:
$key = sodium_crypto_secretbox_keygen();
break;
case self::METHOD_OPENSSL:
$key = openssl_random_pseudo_bytes(32);
break;
default:
throw new \coding_exception('Unknown method: ' . $method);
}
// Store the key, making it readable only by server.
$folder = self::get_key_folder();
check_dir_exists($folder);
$keyfile = self::get_key_file($method);
file_put_contents($keyfile, $key);
if ($chmod) {
chmod($keyfile, 0400);
}
}
/**
* Gets the folder used to store the secret key.
*
* @return string Folder path
*/
protected static function get_key_folder(): string {
global $CFG;
return ($CFG->secretdataroot ?? $CFG->dataroot . '/secret') . '/key';
}
/**
* Gets the file path used to store the secret key. The filename contains the cipher method,
* so that if necessary to transition in future it would be possible to have multiple.
*
* @param string|null $method Encryption method (only if you want to get a non-default key)
* @return string Full path to file
*/
public static function get_key_file(?string $method = null): string {
if ($method === null) {
$method = self::get_encryption_method();
}
return self::get_key_folder() . '/' . $method . '.key';
}
/**
* Checks if there is a key file.
*
* @param string|null $method Encryption method (only if you want to check a non-default key)
* @return bool True if there is a key file
*/
public static function key_exists(?string $method = null): bool {
if ($method === null) {
$method = self::get_encryption_method();
}
return file_exists(self::get_key_file($method));
}
/**
* Gets the current key, automatically creating it if there isn't one yet.
*
* @param string|null $method Encryption method (only if you want to get a non-default key)
* @return string The key (binary)
* @throws \moodle_exception If there isn't one already (and creation is disabled)
*/
protected static function get_key(?string $method = null): string {
global $CFG;
if ($method === null) {
$method = self::get_encryption_method();
}
$keyfile = self::get_key_file($method);
if (!file_exists($keyfile) && empty($CFG->nokeygeneration)) {
self::create_key($method);
}
$result = @file_get_contents($keyfile);
if ($result === false) {
throw new \moodle_exception('encryption_nokey', 'error');
}
return $result;
}
/**
* Gets the length in bytes of the initial values data required.
*
* Note we currently retain support for all methods, in order to decrypt legacy {@see METHOD_OPENSSL} content
*
* @param string $method Crypto method
* @return int Length in bytes
*/
protected static function get_iv_length(string $method): int {
switch ($method) {
case self::METHOD_SODIUM:
return SODIUM_CRYPTO_SECRETBOX_NONCEBYTES;
case self::METHOD_OPENSSL:
return openssl_cipher_iv_length(self::OPENSSL_CIPHER);
default:
throw new \coding_exception('Unknown method: ' . $method);
}
}
/**
* Encrypts data using the server's key.
*
* Note there is a special case - the empty string is not encrypted.
*
* @param string $data Data to encrypt, or empty string for no data
* @param string|null $method Encryption method (only if you want to use a non-default method)
* @return string Encrypted data, or empty string for no data
* @throws \moodle_exception If the key doesn't exist, or the string is too long
*/
public static function encrypt(string $data, ?string $method = null): string {
if ($data === '') {
return '';
} else {
if ($method === null) {
$method = self::get_encryption_method();
}
// We currently retain support for all methods, falling back to Sodium if deprecated OpenSSL is requested.
if ($method === self::METHOD_OPENSSL) {
debugging('Encryption using legacy OpenSSL is deprecated, reverting to Sodium', DEBUG_DEVELOPER);
$method = self::METHOD_SODIUM;
}
// Create IV.
$iv = random_bytes(self::get_iv_length($method));
// Encrypt data.
switch($method) {
case self::METHOD_SODIUM:
try {
$encrypted = sodium_crypto_secretbox($data, $iv, self::get_key($method));
} catch (\SodiumException $e) {
throw new \moodle_exception('encryption_encryptfailed', 'error', '', null, $e->getMessage());
}
break;
default:
throw new \coding_exception('Unknown method: ' . $method);
}
// Encrypted data is cipher method plus IV plus encrypted data.
return $method . ':' . base64_encode($iv . $encrypted);
}
}
/**
* Decrypts data using the server's key. The decryption works with either supported method.
*
* Note currently we retain support for all methods, in order to decrypt legacy {@see METHOD_OPENSSL} content
*
* @param string $data Data to decrypt
* @return string Decrypted data
*/
public static function decrypt(string $data): string {
if ($data === '') {
return '';
} else {
if (preg_match('~^(' . self::METHOD_OPENSSL . '|' . self::METHOD_SODIUM . '):~', $data, $matches)) {
$method = $matches[1];
} else {
throw new \moodle_exception('encryption_wrongmethod', 'error');
}
$realdata = base64_decode(substr($data, strlen($method) + 1), true);
if ($realdata === false) {
throw new \moodle_exception('encryption_decryptfailed', 'error',
'', null, 'Invalid base64 data');
}
$ivlength = self::get_iv_length($method);
if (strlen($realdata) < $ivlength + 1) {
throw new \moodle_exception('encryption_decryptfailed', 'error',
'', null, 'Insufficient data');
}
$iv = substr($realdata, 0, $ivlength);
$encrypted = substr($realdata, $ivlength);
switch ($method) {
case self::METHOD_SODIUM:
try {
$decrypted = sodium_crypto_secretbox_open($encrypted, $iv, self::get_key($method));
} catch (\SodiumException $e) {
throw new \moodle_exception('encryption_decryptfailed', 'error',
'', null, $e->getMessage());
}
// Sodium returns false if decryption fails because data is invalid.
if ($decrypted === false) {
throw new \moodle_exception('encryption_decryptfailed', 'error',
'', null, 'Integrity check failed');
}
break;
case self::METHOD_OPENSSL:
if (strlen($encrypted) < 33) {
throw new \moodle_exception('encryption_decryptfailed', 'error',
'', null, 'Insufficient data');
}
$hmac = substr($encrypted, -32);
$encrypted = substr($encrypted, 0, -32);
$key = self::get_key($method);
$expectedhmac = hash_hmac('sha256', $iv . $encrypted, $key, true);
if ($hmac !== $expectedhmac) {
throw new \moodle_exception('encryption_decryptfailed', 'error',
'', null, 'Integrity check failed');
}
debugging('Decryption using legacy OpenSSL is deprecated, please upgrade to Sodium', DEBUG_DEVELOPER);
$decrypted = @openssl_decrypt($encrypted, self::OPENSSL_CIPHER, $key, OPENSSL_RAW_DATA, $iv);
if ($decrypted === false) {
throw new \moodle_exception('encryption_decryptfailed', 'error',
'', null, openssl_error_string());
}
break;
default:
throw new \coding_exception('Unknown method: ' . $method);
}
return $decrypted;
}
}
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| access | Folder | 0755 |
|
|
| analytics | Folder | 0755 |
|
|
| antivirus | Folder | 0755 |
|
|
| attribute | Folder | 0755 |
|
|
| aws | Folder | 0755 |
|
|
| check | Folder | 0755 |
|
|
| content | Folder | 0755 |
|
|
| context | Folder | 0755 |
|
|
| dataformat | Folder | 0755 |
|
|
| dml | Folder | 0755 |
|
|
| event | Folder | 0755 |
|
|
| exception | Folder | 0755 |
|
|
| external | Folder | 0755 |
|
|
| files | Folder | 0755 |
|
|
| form | Folder | 0755 |
|
|
| hook | Folder | 0755 |
|
|
| hub | Folder | 0755 |
|
|
| local | Folder | 0755 |
|
|
| lock | Folder | 0755 |
|
|
| log | Folder | 0755 |
|
|
| message | Folder | 0755 |
|
|
| moodlenet | Folder | 0755 |
|
|
| navigation | Folder | 0755 |
|
|
| oauth2 | Folder | 0755 |
|
|
| output | Folder | 0755 |
|
|
| plugininfo | Folder | 0755 |
|
|
| privacy | Folder | 0755 |
|
|
| progress | Folder | 0755 |
|
|
| reportbuilder | Folder | 0755 |
|
|
| route | Folder | 0755 |
|
|
| router | Folder | 0755 |
|
|
| session | Folder | 0755 |
|
|
| task | Folder | 0755 |
|
|
| tests | Folder | 0755 |
|
|
| update | Folder | 0755 |
|
|
| upgrade | Folder | 0755 |
|
|
| activity_dates.php | File | 3.02 KB | 0644 |
|
| attribute_helper.php | File | 9.5 KB | 0644 |
|
| chart_axis.php | File | 4.26 KB | 0644 |
|
| chart_bar.php | File | 2.7 KB | 0644 |
|
| chart_base.php | File | 8.36 KB | 0644 |
|
| chart_line.php | File | 1.87 KB | 0644 |
|
| chart_pie.php | File | 1.91 KB | 0644 |
|
| chart_series.php | File | 6.53 KB | 0644 |
|
| clock.php | File | 1.07 KB | 0644 |
|
| collator.php | File | 14.35 KB | 0644 |
|
| component.php | File | 62.51 KB | 0644 |
|
| content.php | File | 7.02 KB | 0644 |
|
| context.php | File | 36.36 KB | 0644 |
|
| context_helper.php | File | 15.5 KB | 0644 |
|
| cron.php | File | 26.57 KB | 0644 |
|
| cssparser.php | File | 1.38 KB | 0644 |
|
| dataformat.php | File | 5.74 KB | 0644 |
|
| date.php | File | 37.69 KB | 0644 |
|
| deprecation.php | File | 8.22 KB | 0644 |
|
| di.php | File | 5.25 KB | 0644 |
|
| emoticon_manager.php | File | 7.2 KB | 0644 |
|
| encryption.php | File | 11.56 KB | 0644 |
|
| filetypes.php | File | 41.35 KB | 0644 |
|
| formatting.php | File | 15.48 KB | 0644 |
|
| geopattern.php | File | 1.26 KB | 0644 |
|
| grades_external.php | File | 8.28 KB | 0644 |
|
| grading_external.php | File | 24.24 KB | 0644 |
|
| hooks.php | File | 3.5 KB | 0644 |
|
| http_client.php | File | 6.36 KB | 0644 |
|
| invalid_persistent_exception.php | File | 1.56 KB | 0644 |
|
| ip_utils.php | File | 14.62 KB | 0644 |
|
| lang_string.php | File | 10.99 KB | 0644 |
|
| locale.php | File | 2.85 KB | 0644 |
|
| minify.php | File | 3.65 KB | 0644 |
|
| notification.php | File | 7.48 KB | 0644 |
|
| param.php | File | 41.95 KB | 0644 |
|
| param_clientside_regex.php | File | 1.36 KB | 0644 |
|
| persistent.php | File | 33.03 KB | 0644 |
|
| php_time_limit.php | File | 3.8 KB | 0644 |
|
| plugin_manager.php | File | 76.82 KB | 0644 |
|
| qrcode.php | File | 1.39 KB | 0644 |
|
| report_helper.php | File | 6.7 KB | 0644 |
|
| requirejs.php | File | 4.82 KB | 0644 |
|
| router.php | File | 8.77 KB | 0644 |
|
| rtlcss.php | File | 2 KB | 0644 |
|
| scss.php | File | 6.69 KB | 0644 |
|
| shutdown_manager.php | File | 9.55 KB | 0644 |
|
| string_manager.php | File | 5.18 KB | 0644 |
|
| string_manager_install.php | File | 9.05 KB | 0644 |
|
| string_manager_standard.php | File | 29.61 KB | 0644 |
|
| system_clock.php | File | 1.23 KB | 0644 |
|
| text.php | File | 24.63 KB | 0644 |
|
| url.php | File | 29.2 KB | 0644 |
|
| user.php | File | 68.93 KB | 0644 |
|
| useragent.php | File | 43.7 KB | 0644 |
|
| userfeedback.php | File | 6.54 KB | 0644 |
|
| uuid.php | File | 5.1 KB | 0644 |
|