Warning when using encrypted PM mod.
Posted: Tue Oct 19, 2004 10:34 am
Some time ago, I wrote a mod for phpBB that lets you encrypt and decrypt private messages (it's currently in use here on Ask Virgil) - you can get it here.
A couple of days ago, somebody wrote to me to say that they liked using it - except for the phpBB warning messages that are thrown up on the screen every time they do so. Since, at the time I wrote it, I had not enabled the display of php warnings and errors, I had not realised that this was a problem.
In investigating, I could come up with no "good" method of fixing this. I still don't understand how to prevent the warning. But I did come up with a workaround. This was my final reply to the person who brought it to my attention:
A couple of days ago, somebody wrote to me to say that they liked using it - except for the phpBB warning messages that are thrown up on the screen every time they do so. Since, at the time I wrote it, I had not enabled the display of php warnings and errors, I had not realised that this was a problem.
In investigating, I could come up with no "good" method of fixing this. I still don't understand how to prevent the warning. But I did come up with a workaround. This was my final reply to the person who brought it to my attention:
Code: Select all
Okay, I fixed the problem. I should emphasize, however, that it was
just a warning, not an actual error - so the script as I wrote it
performed just fine - but it was still annoying to see it.
I still don't know how to get this to work "properly". I beat my head
against a wall for well over an hour trying to figure out how to define
the correct blocksize (for use with $iv - where, in the code, I've just
substituted "1") for the cipher in use and couldn't get it.
In the end, I gave up and simply resorted to the "hack" of turning off
php error reporting during the instance of both the encryption and the
decryption. (Then turning error reporting back to what it was at before
each of those commands was run.)
So - to modify the code first of all put it back to the way that I'd
had it, using RIJNDAEL_256 with CFB.
You should now modify the sections of code to look like this (the only
change being the 2 insertions of the "error_reporting" lines of code in
each section):
---
if ($encrypt)
{
$cipher_alg = MCRYPT_RIJNDAEL_256;
$encrypted_message = str_replace("\\\"", "\"", $privmsg_message);
$encrypted_message = str_replace("\\'", "'", $encrypted_message);
$encrypted_message = str_replace("\\\\", "\\", $encrypted_message);
$old_errorlevel = error_reporting(0);
$encrypted_message = bin2hex(mcrypt_encrypt($cipher_alg, $encryption_key, $encrypted_message, MCRYPT_MODE_CFB, "1"));
error_reporting($old_errorlevel);
---
---
if ( $decrypt )
{
$cipher_alg = MCRYPT_RIJNDAEL_256;
$decrypted_message = str_replace("Encrypted message follows:\n\n", "", $private_message);
$decrypted_message = str_replace("<br>", "", $decrypted_message);
$old_errorlevel = error_reporting(0);
$decrypted_message = trim(mcrypt_decrypt($cipher_alg, $encryption_key, pack("H*", $decrypted_message), MCRYPT_MODE_CFB, "1"));
error_reporting($old_errorlevel);
---
Note - I still consider this to be a less than ideal solution -
because it doesn't gracefully do what should be done to not have the
warning issued in the first place. However, since the warning has no
detrimental effect, I consider it "okay" to simply disable all error
reporting during the period of time that the two different commands are
run (then reinstating it at its prior setting afterwards).
If you do ever stumble upon how to do this "properly" (and changing
the cipher is NOT the correct method) let me know.
Do me a favour and report the "fix" to whichever boards you've been
following about the problem so far.
Thanks!
Jason.