All rights reserved. This code is provided under the following license: --- LICENSE: Any use of this code for profit or any use of this code of any commercial nature is strictly prohibited unless given express consent of the author, Ido Rosen. This code is free for personal non-profit use. --- Consent may be obtained for commercial uses of this code by submitting a $10 donation to the author at the following URL: http://www.cs.uchicago.edu/~ido/donate.php All donations go toward the author's education. Immediately following your donation, you will receive a PGP-signed email from the author (signed by keyID 45C024FD) granting you permission to use the code commercially or for whatever purposes you wish. Donations of larger sums are encouraged if you find this code especially useful or wish to support my education. (Please don't just steal my code. :) Furthermore, the author is available for hire should the need for his expertise arise. Feel free to contact him via email at ido+code@cs.uchicago.edu. Best wishes, Ido. **************************************************************/ // Instructions for use: // Just include this file: include_once("session_include.php"); // (after renaming it appropriately, of course!) // Site configuration variables. $DBHOST = "localhost"; $DBUSER = "test"; $DBPASS = "test"; $DBNAME = "test"; $SITESESSNAME = "HBC_SESS" // All session data is encrypted. To change the key, simply add another // RIJNDAEL256_x entry (x=some number not already chosen) // then add the appropriate entries in the switch parts of sess_encrypt/decrypt // then modify the CURRENT KEY NAME line way down below. // Have fun!!! $sess_key = Array("PLAINTEXT"=>NULL, "ROT13"=>NULL, "RIJNDAEL256_1"=> "INSERT YOUR PASSPHRASE HERE -- preferrably a randomly-generated one. you don't need to remember it, since it's stored in the code."); // arbitrary, relatively big password // End site configuration. Don't change anything below this line. // IP address of client can be gotten with getenv("REMOTE_ADDR") // IP address of client can be gotten with getenv("REMOTE_ADDR") // Database and Session Management Code if (!function_exists("mysql_connect")) { die("Database libraries not found..."); } global $dblink; $dblink = ""; // 2048 = CLIENT_SSL in MySQL 4.0 C libraries, pseudo-hack for MySQL over SSL. if (!isset($DBHOST) || !isset($DBUSER)) $dblink = @mysql_pconnect(); else $dblink = @mysql_pconnect($DBHOST, $DBUSER, $DBPASS); if (!$dblink) die("Error connecting to database..."); if (!@mysql_select_db($DBNAME, $dblink)) die("Error connecting to database..."); function db_connected() { global $dblink; if (!mysql_ping($dblink)) die("Database connection lost..."); else return true; } // Session Crypto Functions (ADVANCED!) function SymmetricEncrypt($pt,$pw, $cipher, $hash) { $realkey = mhash($hash,$pw); $td = @mcrypt_module_open($cipher, "", MCRYPT_MODE_OFB, ""); $iv = @mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_DEV_URANDOM); @mcrypt_generic_init($td, $realkey, $iv); $blob = @mcrypt_generic($td, mhash($hash,$pt). $pt); @mcrypt_generic_end($td); return base64_encode($iv. $blob); } function SymmetricDecrypt($blob, $pw, $cipher, $hash) { $realkey=mhash($hash,$pw); $rawblob=base64_decode($blob); /* binary blob */ $td = mcrypt_module_open($cipher, "", MCRYPT_MODE_OFB, ""); $iv=substr($rawblob,0,mcrypt_enc_get_iv_size($td)); /* IV */ if (strlen($iv)