0

Im working on a simple encryption app that able to encrypt php files inside a folder using this class. My problem is after decryption, all the files are not working like the variables and the functions. When I tried to echo a variable its says undefined.

Hope you help me.

Thanks.

SAMPLE CODE

<?php
    require_once('func.php');
    require_once('encryptionClass.php');
    if(is_array($_FILES)){

        $encrypted_dir = "encrypted_files/";
        $saveFiles = browseDir($encrypted_dir);

        foreach($saveFiles as $file){ // iterate files

        if(is_file($encrypted_dir.$file))

            unlink($encrypted_dir.$file); // delete file

        }

        foreach($_FILES['files']['name'] as $key => $value){

            $file = explode(".", $_FILES['files']['name'][$key]);
            $ext = array("php");

            if(in_array($file[1], $ext)){

                $file_name = $file[0].'.'.$file[1];
                $source = $_FILES['files']['tmp_name'][$key];
                $location = $encrypted_dir.$file_name;

                $code = file_get_contents($source);

                $encryption_key = 'CKXH2U9RPY3EFD70TLS1ZG4N8WQBOVI6AMJ5';
                $cryptor = new Cryptor($encryption_key);
                $crypted_token = $cryptor->encrypt($code);
                $f = fopen($location, 'w');

                // DATA BEING SAVE TO THE ENCRYPTED FILE

                $data = '
                    <?php

                        require_once("../encryptionClass.php");
                        $encryption_key = "CKXH2U9RPY3EFD70TLS1ZG4N8WQBOVI6AMJ5";
                        $cryptor = new Cryptor($encryption_key);
                        $crypted_token = "'. $crypted_token .'";
                        $token = $cryptor->decrypt($crypted_token);
                        echo $token;
                        ?>
                        <!-- trying to display the value of variable from $token -->
                        <p><?php echo $name; ?></p> 

                        ';


                fwrite($f, $data);
                fclose($f);
                unset($code);

            }
        }



    }
?>
user123
  • 435
  • 1
  • 6
  • 23
  • 'When I tried to echo a variable its says undefined' - can you explain more ? – Istiaque Ahmed Feb 07 '19 at 06:32
  • @IstiaqueAhmed example, the code inside the file being encrypt is a variable `$name = "joey"` when I call the variable after decryption the data will display 'undefined' – user123 Feb 07 '19 at 06:36
  • how do you call the variable ? – Istiaque Ahmed Feb 07 '19 at 06:37
  • @IstiaqueAhmed the variable is inside the `$token` variable which I echoed after decryption – user123 Feb 07 '19 at 06:41
  • Your key is too long. AES-128 uses 128 bit keys (hence the name) but you are using a 288 bit key. Limiting the keyspace to alphanumeric characters is less secure for no good reason. Also, you are storing the key together with the cipher text. That makes the encryption utterly pointless. Consider using a modern crypto API, such as [libsodium](https://libsodium.gitbook.io/doc/) ([extension](http://php.net/manual/en/book.sodium.php)) instead of the horrible openssl extension (that doesn't even tell you that your key is invalid!). if – Peter Feb 07 '19 at 07:52
  • @Peter, thank you so much. Ill work on that.. – user123 Feb 07 '19 at 07:54

1 Answers1

1

After decrypting, your decrypted code is inside $token variable as a string. NOT PHP CODE, but STRING.

So, you need to write the $token content into a temporary file and require that file in order to access it like PHP Code.

Hope you understand.

Also, you can give a try to eval($token) instead of echo $token. This will evaluate the string as PHP code. However, this is very bad practice.

ArunKolhapur
  • 5,805
  • 4
  • 18
  • 31