Page 1 of 1

Warning when using encrypted PM mod.

Posted: Tue Oct 19, 2004 10:34 am
by jasonb
Some time ago, I wrote a mod for phpBB that lets you encrypt and decrypt private messages (it's currently in use here on Ask Virgil) - you can get it here.

A couple of days ago, somebody wrote to me to say that they liked using it - except for the phpBB warning messages that are thrown up on the screen every time they do so. Since, at the time I wrote it, I had not enabled the display of php warnings and errors, I had not realised that this was a problem.

In investigating, I could come up with no "good" method of fixing this. I still don't understand how to prevent the warning. But I did come up with a workaround. This was my final reply to the person who brought it to my attention:

Code: Select all

Okay, I fixed the problem.  I should emphasize, however, that it was 
just a warning, not an actual error - so the script as I wrote it 
performed just fine - but it was still annoying to see it.	

I still don't know how to get this to work "properly".  I beat my head 
against a wall for well over an hour trying to figure out how to define 
the correct blocksize (for use with $iv - where, in the code, I've just 
substituted "1") for the cipher in use and couldn't get it.

In the end, I gave up and simply resorted to the "hack" of turning off 
php error reporting during the instance of both the encryption and the 
decryption.  (Then turning error reporting back to what it was at before 
each of those commands was run.)

So - to modify the code first of all put it back to the way that I'd 
had it, using RIJNDAEL_256 with CFB.

You should now modify the sections of code to look like this (the only 
change being the 2 insertions of the "error_reporting" lines of code in 
each section):

---
                       if ($encrypt)
                         {
                           $cipher_alg = MCRYPT_RIJNDAEL_256;
                           $encrypted_message = str_replace("\\\"", "\"", $privmsg_message);
                           $encrypted_message = str_replace("\\'", "'", $encrypted_message);
                           $encrypted_message = str_replace("\\\\", "\\", $encrypted_message);
                           $old_errorlevel = error_reporting(0);
                           $encrypted_message = bin2hex(mcrypt_encrypt($cipher_alg, $encryption_key, $encrypted_message, MCRYPT_MODE_CFB, "1"));
                           error_reporting($old_errorlevel);
---

---
       if ( $decrypt )
         {
           $cipher_alg = MCRYPT_RIJNDAEL_256;
           $decrypted_message = str_replace("Encrypted message follows:\n\n", "", $private_message);
           $decrypted_message = str_replace("<br>", "", $decrypted_message);
           $old_errorlevel = error_reporting(0);
           $decrypted_message = trim(mcrypt_decrypt($cipher_alg, $encryption_key, pack("H*", $decrypted_message), MCRYPT_MODE_CFB, "1"));
           error_reporting($old_errorlevel);
---

Note - I still consider this to be a less than ideal solution - 
because it doesn't gracefully do what should be done to not have the 
warning issued in the first place.  However, since the warning has no 
detrimental effect, I consider it "okay" to simply disable all error 
reporting during the period of time that the two different commands are 
run (then reinstating it at its prior setting afterwards).

If you do ever stumble upon how to do this "properly" (and changing 
the cipher is NOT the correct method) let me know.

Do me a favour and report the "fix" to whichever boards you've been 
following about the problem so far.

Thanks!

Jason.