EE_Encryption - Code Metrics - Inspection of "Daily Inspection: oops... forgot to set datetime s..." - eventespresso/event-espresso-core - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — BUG-10209-session-encoding (73bea7)

unknown

created 2016-11-04 21:19 UTC

EE_Encryption B

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	332
Duplicated Lines	2.41 %

Coupling/Cohesion

Components	2
Dependencies	0

Importance

Changes

Metric	Value
dl	8
loc	332
rs	8.4864
c	0
b	0
f	0
wmc	48
lcom	2
cbo	0

15 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	0	6	2
A	instance()	0	7	2
A	get_encryption_key()	0	17	3
A	encrypt()	0	12	3
A	decrypt()	0	13	3
A	base64_string_encode()	0	8	3
A	base64_string_decode()	0	8	3
A	base64_url_encode()	0	10	3
A	base64_url_decode()	0	10	3
A	m_encrypt()	0	14	3
A	m_decrypt()	0	15	3
B	acme_encrypt()	4	13	5
B	acme_decrypt()	4	15	5
B	valid_base_64()	0	18	5
A	generate_random_string()	0	9	2

How to fix Duplicated Code Complexity

Duplicated Code

Duplicate code is one of the most pungent code smells. A rule that is often used is to re-structure code once it is duplicated in three or more places.

Common duplication problems, and corresponding solutions are:

If you have the same expression in different places: Extract expression to a method
If you have the same method in different sub-classes: Extract method, and pull up field to the parent class
If you have the same code in unrelated classes: Consider extracting the code to a new class, and injecting that class

Complex Class

Tip: Before tackling complexity, make sure that you eliminate any duplication first. This often can reduce the size of classes significantly.

Complex classes like EE_Encryption often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes. You can also have a look at the cohesion graph to spot any un-connected, or weakly-connected components.

Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.

While breaking up the class, it is a good idea to analyze how other classes use EE_Encryption, and based on these observations, apply Extract Interface, too.

<?php
if ( ! defined('EVENT_ESPRESSO_VERSION')) {
    exit('No direct script access allowed');
}



/**
 * EE_Encryption class
 * class for applying low-grade string encryption/decryption
 * really only good for hiding content from simple bots and script kiddies
 * but better for solving encoding issues with databases
 *
 * @package    Event Espresso
 * @subpackage includes/functions
 * @author     Brent Christensen
 */
class EE_Encryption {

  // instance of the EE_Encryption object
	protected static $_instance;

	protected $_encryption_key;

	protected $_use_mcrypt = true;



	/**
	 * 	private constructor to prevent direct creation
     *
	 */
  private function __construct() {
		define( 'ESPRESSO_ENCRYPT', true );
		if ( ! function_exists( 'mcrypt_encrypt' ) ) {
			$this->_use_mcrypt = false;
		}
	}



	/**
	 *	singleton method used to instantiate class object
	 *	@access public
	 * @return \EE_Encryption
	 */
	public static function instance ( ) {
		// check if class object is instantiated
		if ( ! self::$_instance instanceof EE_Encryption ) {
			self::$_instance = new self();
		}
		return self::$_instance;
	}



	/**
	 *		get encryption key
	 *		@access public
	 *		@return string
	 */
	public  function get_encryption_key() {
		// if encryption key has not been set
		if ( empty( $this->_encryption_key )) {
			// retrieve encryption_key from db
			$this->_encryption_key = get_option( 'ee_encryption_key', '' );
			// WHAT?? No encryption_key in the db ??
			if ( $this->_encryption_key === '' ) {
				// let's make one. And md5 it to make it just the right size for a key
				$new_key =  md5($this->generate_random_string());
				// now save it to the db for later
				add_option( 'ee_encryption_key', $new_key );
				// here's the key - FINALLY !
				$this->_encryption_key = $new_key;
			}
		}
		return $this->_encryption_key;
	}



	/**
	 * encrypts data
	 * @access   public
	 * @param string $text_string  - the text to be encrypted
	 * @return string
	 */
	public function encrypt ( $text_string = '' ) {
		// you give me nothing??? GET OUT !
		if  ( empty( $text_string ))  {
			return $text_string;
		}
		if ( $this->_use_mcrypt ) {
			$encrypted_text = $this->m_encrypt( $text_string );
		} else {
			$encrypted_text = $this->acme_encrypt( $text_string );
		}
		return $encrypted_text;
	}



	/**
	 * decrypts data
	 * @access   public
	 * @param string $encrypted_text - the text to be decrypted
	 * @return string
	 */
	public function decrypt  ( $encrypted_text = '' )  {
		// you give me nothing??? GET OUT !
		if  ( empty( $encrypted_text ))  {
			return $encrypted_text;
		}
		// if PHP's mcrypt functions are installed then we'll use them
		if ( $this->_use_mcrypt ) {
			$decrypted_text = $this->m_decrypt( $encrypted_text );
		} else {
			$decrypted_text = $this->acme_decrypt( $encrypted_text );
		}
		return $decrypted_text;
 	}



	/**
	 * encodes string with PHP's base64 encoding
     *
	 * @source  http://php.net/manual/en/function.base64-encode.php
	 * @param string $text_string
	 * @internal param $string - the text to be encoded
	 * @return string
	 */
	public function base64_string_encode ( $text_string = '' ) {
		// you give me nothing??? GET OUT !
		if  (empty($text_string) || ! function_exists('base64_encode'))  {
			return $text_string;
		}
		// encode
        return base64_encode ( $text_string );
	}



	/**
	 * decodes string that has been encoded with PHP's base64 encoding
     *
	 * @source  http://php.net/manual/en/function.base64-encode.php
	 * @param string $encoded_string
	 * @internal param $string - the text to be decoded
	 * @return string
	 */
	public function base64_string_decode ( $encoded_string = '' ) {
		// you give me nothing??? GET OUT !
		if  (empty($encoded_string) || ! $this->valid_base_64($encoded_string))  {
			return $encoded_string;
		}
		// decode
        return base64_decode ( $encoded_string );
	}



	/**
	 * encodes  url string with PHP's base64 encoding
	 * @source  http://php.net/manual/en/function.base64-encode.php
	 * @access   public
	 * @param string $text_string
	 * @internal param $string - the text to be encoded
	 * @return string
	 */
	public function base64_url_encode ( $text_string = '' ) {
		// you give me nothing??? GET OUT !
		if  (empty($text_string) || ! function_exists('base64_encode'))  {
			return $text_string;
		}
		// encode
		$encoded_string = base64_encode ( $text_string );
		// remove chars to make encoding more URL friendly
        return strtr ( $encoded_string, '+/=', '-_,' );
	}



	/**
	 * decodes  url string that has been encoded with PHP's base64 encoding
	 * @source  http://php.net/manual/en/function.base64-encode.php
	 * @access   public
	 * @param string $encoded_string
	 * @internal param $string - the text to be decoded
	 * @return string
	 */
	public function base64_url_decode ( $encoded_string = '' ) {
		// you give me nothing??? GET OUT !
		if  (empty($encoded_string) || ! $this->valid_base_64($encoded_string))  {
			return $encoded_string;
		}
		// replace previously removed characters
		$encoded_string = strtr ( $encoded_string, '-_,', '+/=' );
		// decode
        return base64_decode ( $encoded_string );
	}



	/**
	 * encrypts data using PHP's mcrypt functions
	 * @access   private
	 * @param string $text_string
	 * @internal param $string - the text to be encrypted
	 * @return string
	 */
	private function m_encrypt  ( $text_string = '' ) {
		// you give me nothing??? GET OUT !
        if (empty($text_string)) {
            return $text_string;
		}
		// get the initialization vector size
		$iv_size = mcrypt_get_iv_size ( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB );
		// initialization vector
		$iv = mcrypt_create_iv ( $iv_size, MCRYPT_RAND );
		// encrypt it
		$encrypted_text = mcrypt_encrypt ( MCRYPT_RIJNDAEL_256, $this->get_encryption_key(), $text_string, MCRYPT_MODE_ECB, $iv );
        // trim and maybe encode
		return function_exists('base64_encode') ? trim(base64_encode($encrypted_text)) : trim($encrypted_text);
	}



	/**
	 * decrypts data that has been encrypted with PHP's mcrypt functions
	 * @access   private
	 * @param string $encrypted_text
	 * @internal param $string - the text to be decrypted
	 * @return string
	 */
	private function m_decrypt  ( $encrypted_text = '' )  {
		// you give me nothing??? GET OUT !
        if (empty($encrypted_text)) {
            return $encrypted_text;
		}
		// decode
        $encrypted_text = $this->valid_base_64($encrypted_text) ? base64_decode($encrypted_text) : $encrypted_text;
        // get the initialization vector size
		$iv_size = mcrypt_get_iv_size ( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB );
		$iv = mcrypt_create_iv ( $iv_size, MCRYPT_RAND );
		// decrypt it
		$decrypted_text = mcrypt_decrypt ( MCRYPT_RIJNDAEL_256, $this->get_encryption_key(), $encrypted_text, MCRYPT_MODE_ECB, $iv );
		$decrypted_text = trim ( $decrypted_text );
		return $decrypted_text;
	}



	/**
	 * encrypts data for acme servers that didn't bother to install PHP mcrypt
	 * @source   : http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
	 * @access   private
	 * @param string $text_string
	 * @internal param $string - the text to be decrypted
	 * @return string
	 */
	private function acme_encrypt ( $text_string = '' ) {
		// you give me nothing??? GET OUT !
        if (empty($text_string)) {
            return $text_string;
		}
		$key_bits = str_split ( str_pad ( '', strlen( $text_string ), $this->get_encryption_key(), STR_PAD_RIGHT ));
		$string_bits = str_split( $text_string );
		foreach ( $string_bits as $k =>$v ) {
			$temp = ord( $v ) + ord ( $key_bits[$k] );
			$string_bits[$k] = chr ( $temp > 255 ? ( $temp - 256 ) : $temp );
		}
        return function_exists('base64_encode') ? base64_encode( implode( '', $string_bits ) ) : implode('', $string_bits);
	}



	/**
     * decrypts data for acme servers that didn't bother to install PHP mcrypt
     *
     * @source   : http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
	 * @param string $encrypted_text the text to be decrypted
	 * @return string
	 */
	private function acme_decrypt ( $encrypted_text = '' ) {
		// you give me nothing??? GET OUT !
		if  ( empty($encrypted_text))  {
			return $encrypted_text;
		}
        // decode the data ?
        $encrypted_text = $this->valid_base_64($encrypted_text) ? base64_decode($encrypted_text) : $encrypted_text;
		$key_bits = str_split ( str_pad ( '', strlen ( $encrypted_text ), $this->get_encryption_key(), STR_PAD_RIGHT ));
		$string_bits = str_split ( $encrypted_text );
		foreach ( $string_bits as $k => $v ) {
			$temp = ord ( $v ) - ord ( $key_bits[$k] );
			$string_bits[$k] = chr ( $temp < 0 ? ( $temp + 256 ) : $temp );
		}
        return implode( '', $string_bits );
	}



    /**
     * @see http://stackoverflow.com/questions/2556345/detect-base64-encoding-in-php#30231906
     * @param $string
     * @return bool
     */
    private function valid_base_64($string)
    {
        // ensure data is a string
        if ( ! is_string($string) || ! function_exists('base64_decode')) {
            return false;
        }
        $decoded = base64_decode($string, true);
        // Check if there is no invalid character in string
        if ( ! preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) {
            return false;
        }
        // Decode the string in strict mode and send the response
        if ( ! base64_decode($string, true)) {
            return false;
        }
        // Encode and compare it to original one
        return base64_encode($decoded) === $string;
    }



    /**
	 * generate random string
	 * @source   : http://stackoverflow.com/questions/637278/what-is-the-best-way-to-generate-a-random-key-within-php
	 * @access   public
	 * @param int $length
	 * @internal param $string - number of characters for random string
	 * @return string
	 */
	public function generate_random_string ( $length = 40 ) {
		$iterations = ceil ( $length / 40 );
		$random_string = '';
		for ($i = 0; $i < $iterations; $i ++) {
			$random_string .= sha1( microtime(TRUE) . mt_rand( 10000, 90000 ));
		}
		$random_string =  substr( $random_string, 0, $length );
		return $random_string;
	}



}
/* End of file EE_Encryption.class.php */
/* Location: /includes/core/EE_Encryption.core.php */

1		<?php
2		if ( ! defined('EVENT_ESPRESSO_VERSION')) {
3		exit('No direct script access allowed');
4		}
5
6
7
8		/**
9		* EE_Encryption class
10		* class for applying low-grade string encryption/decryption
11		* really only good for hiding content from simple bots and script kiddies
12		* but better for solving encoding issues with databases
13		*
14		* @package Event Espresso
15		* @subpackage includes/functions
16		* @author Brent Christensen
17		*/
18		class EE_Encryption {
19
20		// instance of the EE_Encryption object
21		protected static $_instance;
22
23		protected $_encryption_key;
24
25		protected $_use_mcrypt = true;
26
27
28
29		/**
30		* private constructor to prevent direct creation
31		*
32		*/
33		private function __construct() {
34		define( 'ESPRESSO_ENCRYPT', true );
35		if ( ! function_exists( 'mcrypt_encrypt' ) ) {
36		$this->_use_mcrypt = false;
37		}
38		}
39
40
41
42		/**
43		* singleton method used to instantiate class object
44		* @access public
45		* @return \EE_Encryption
46		*/
47		public static function instance ( ) {
48		// check if class object is instantiated
49		if ( ! self::$_instance instanceof EE_Encryption ) {
50		self::$_instance = new self();
51		}
52		return self::$_instance;
53		}
54
55
56
57		/**
58		* get encryption key
59		* @access public
60		* @return string
61		*/
62		public function get_encryption_key() {
63		// if encryption key has not been set
64		if ( empty( $this->_encryption_key )) {
65		// retrieve encryption_key from db
66		$this->_encryption_key = get_option( 'ee_encryption_key', '' );
67		// WHAT?? No encryption_key in the db ??
68		if ( $this->_encryption_key === '' ) {
69		// let's make one. And md5 it to make it just the right size for a key
70		$new_key = md5($this->generate_random_string());
71		// now save it to the db for later
72		add_option( 'ee_encryption_key', $new_key );
73		// here's the key - FINALLY !
74		$this->_encryption_key = $new_key;
75		}
76		}
77		return $this->_encryption_key;
78		}
79
80
81
82		/**
83		* encrypts data
84		* @access public
85		* @param string $text_string - the text to be encrypted
86		* @return string
87		*/
88		public function encrypt ( $text_string = '' ) {
89		// you give me nothing??? GET OUT !
90		if ( empty( $text_string )) {
91		return $text_string;
92		}
93		if ( $this->_use_mcrypt ) {
94		$encrypted_text = $this->m_encrypt( $text_string );
95		} else {
96		$encrypted_text = $this->acme_encrypt( $text_string );
97		}
98		return $encrypted_text;
99		}
100
101
102
103		/**
104		* decrypts data
105		* @access public
106		* @param string $encrypted_text - the text to be decrypted
107		* @return string
108		*/
109		public function decrypt ( $encrypted_text = '' ) {
110		// you give me nothing??? GET OUT !
111		if ( empty( $encrypted_text )) {
112		return $encrypted_text;
113		}
114		// if PHP's mcrypt functions are installed then we'll use them
115		if ( $this->_use_mcrypt ) {
116		$decrypted_text = $this->m_decrypt( $encrypted_text );
117		} else {
118		$decrypted_text = $this->acme_decrypt( $encrypted_text );
119		}
120		return $decrypted_text;
121		}
122
123
124
125		/**
126		* encodes string with PHP's base64 encoding
127		*
128		* @source http://php.net/manual/en/function.base64-encode.php
129		* @param string $text_string
130		* @internal param $string - the text to be encoded
131		* @return string
132		*/
133		public function base64_string_encode ( $text_string = '' ) {
134		// you give me nothing??? GET OUT !
135		if (empty($text_string) \|\| ! function_exists('base64_encode')) {
136		return $text_string;
137		}
138		// encode
139		return base64_encode ( $text_string );
140		}
141
142
143
144		/**
145		* decodes string that has been encoded with PHP's base64 encoding
146		*
147		* @source http://php.net/manual/en/function.base64-encode.php
148		* @param string $encoded_string
149		* @internal param $string - the text to be decoded
150		* @return string
151		*/
152		public function base64_string_decode ( $encoded_string = '' ) {
153		// you give me nothing??? GET OUT !
154		if (empty($encoded_string) \|\| ! $this->valid_base_64($encoded_string)) {
155		return $encoded_string;
156		}
157		// decode
158		return base64_decode ( $encoded_string );
159		}
160
161
162
163		/**
164		* encodes url string with PHP's base64 encoding
165		* @source http://php.net/manual/en/function.base64-encode.php
166		* @access public
167		* @param string $text_string
168		* @internal param $string - the text to be encoded
169		* @return string
170		*/
171		public function base64_url_encode ( $text_string = '' ) {
172		// you give me nothing??? GET OUT !
173		if (empty($text_string) \|\| ! function_exists('base64_encode')) {
174		return $text_string;
175		}
176		// encode
177		$encoded_string = base64_encode ( $text_string );
178		// remove chars to make encoding more URL friendly
179		return strtr ( $encoded_string, '+/=', '-_,' );
180		}
181
182
183
184		/**
185		* decodes url string that has been encoded with PHP's base64 encoding
186		* @source http://php.net/manual/en/function.base64-encode.php
187		* @access public
188		* @param string $encoded_string
189		* @internal param $string - the text to be decoded
190		* @return string
191		*/
192		public function base64_url_decode ( $encoded_string = '' ) {
193		// you give me nothing??? GET OUT !
194		if (empty($encoded_string) \|\| ! $this->valid_base_64($encoded_string)) {
195		return $encoded_string;
196		}
197		// replace previously removed characters
198		$encoded_string = strtr ( $encoded_string, '-_,', '+/=' );
199		// decode
200		return base64_decode ( $encoded_string );
201		}
202
203
204
205		/**
206		* encrypts data using PHP's mcrypt functions
207		* @access private
208		* @param string $text_string
209		* @internal param $string - the text to be encrypted
210		* @return string
211		*/
212		private function m_encrypt ( $text_string = '' ) {
213		// you give me nothing??? GET OUT !
214		if (empty($text_string)) {
215		return $text_string;
216		}
217		// get the initialization vector size
218		$iv_size = mcrypt_get_iv_size ( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB );
219		// initialization vector
220		$iv = mcrypt_create_iv ( $iv_size, MCRYPT_RAND );
221		// encrypt it
222		$encrypted_text = mcrypt_encrypt ( MCRYPT_RIJNDAEL_256, $this->get_encryption_key(), $text_string, MCRYPT_MODE_ECB, $iv );
223		// trim and maybe encode
224		return function_exists('base64_encode') ? trim(base64_encode($encrypted_text)) : trim($encrypted_text);
225		}
226
227
228
229		/**
230		* decrypts data that has been encrypted with PHP's mcrypt functions
231		* @access private
232		* @param string $encrypted_text
233		* @internal param $string - the text to be decrypted
234		* @return string
235		*/
236		private function m_decrypt ( $encrypted_text = '' ) {
237		// you give me nothing??? GET OUT !
238		if (empty($encrypted_text)) {
239		return $encrypted_text;
240		}
241		// decode
242		$encrypted_text = $this->valid_base_64($encrypted_text) ? base64_decode($encrypted_text) : $encrypted_text;
243		// get the initialization vector size
244		$iv_size = mcrypt_get_iv_size ( MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB );
245		$iv = mcrypt_create_iv ( $iv_size, MCRYPT_RAND );
246		// decrypt it
247		$decrypted_text = mcrypt_decrypt ( MCRYPT_RIJNDAEL_256, $this->get_encryption_key(), $encrypted_text, MCRYPT_MODE_ECB, $iv );
248		$decrypted_text = trim ( $decrypted_text );
249		return $decrypted_text;
250		}
251
252
253
254		/**
255		* encrypts data for acme servers that didn't bother to install PHP mcrypt
256		* @source : http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
257		* @access private
258		* @param string $text_string
259		* @internal param $string - the text to be decrypted
260		* @return string
261		*/
262		private function acme_encrypt ( $text_string = '' ) {
263		// you give me nothing??? GET OUT !
264		if (empty($text_string)) {
265		return $text_string;
266		}
267		$key_bits = str_split ( str_pad ( '', strlen( $text_string ), $this->get_encryption_key(), STR_PAD_RIGHT ));
268		$string_bits = str_split( $text_string );
269	View Code Duplication	foreach ( $string_bits as $k =>$v ) {
270		$temp = ord( $v ) + ord ( $key_bits[$k] );
271		$string_bits[$k] = chr ( $temp > 255 ? ( $temp - 256 ) : $temp );
272		}
273		return function_exists('base64_encode') ? base64_encode( implode( '', $string_bits ) ) : implode('', $string_bits);
274		}
275
276
277
278		/**
279		* decrypts data for acme servers that didn't bother to install PHP mcrypt
280		*
281		* @source : http://stackoverflow.com/questions/800922/how-to-encrypt-string-without-mcrypt-library-in-php
282		* @param string $encrypted_text the text to be decrypted
283		* @return string
284		*/
285		private function acme_decrypt ( $encrypted_text = '' ) {
286		// you give me nothing??? GET OUT !
287		if ( empty($encrypted_text)) {
288		return $encrypted_text;
289		}
290		// decode the data ?
291		$encrypted_text = $this->valid_base_64($encrypted_text) ? base64_decode($encrypted_text) : $encrypted_text;
292		$key_bits = str_split ( str_pad ( '', strlen ( $encrypted_text ), $this->get_encryption_key(), STR_PAD_RIGHT ));
293		$string_bits = str_split ( $encrypted_text );
294	View Code Duplication	foreach ( $string_bits as $k => $v ) {
295		$temp = ord ( $v ) - ord ( $key_bits[$k] );
296		$string_bits[$k] = chr ( $temp < 0 ? ( $temp + 256 ) : $temp );
297		}
298		return implode( '', $string_bits );
299		}
300
301
302
303		/**
304		* @see http://stackoverflow.com/questions/2556345/detect-base64-encoding-in-php#30231906
305		* @param $string
306		* @return bool
307		*/
308		private function valid_base_64($string)
309		{
310		// ensure data is a string
311		if ( ! is_string($string) \|\| ! function_exists('base64_decode')) {
312		return false;
313		}
314		$decoded = base64_decode($string, true);
315		// Check if there is no invalid character in string
316		if ( ! preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) {
317		return false;
318		}
319		// Decode the string in strict mode and send the response
320		if ( ! base64_decode($string, true)) {
321		return false;
322		}
323		// Encode and compare it to original one
324		return base64_encode($decoded) === $string;
325		}
326
327
328
329		/**
330		* generate random string
331		* @source : http://stackoverflow.com/questions/637278/what-is-the-best-way-to-generate-a-random-key-within-php
332		* @access public
333		* @param int $length
334		* @internal param $string - number of characters for random string
335		* @return string
336		*/
337		public function generate_random_string ( $length = 40 ) {
338		$iterations = ceil ( $length / 40 );
339		$random_string = '';
340		for ($i = 0; $i < $iterations; $i ++) {
341		$random_string .= sha1( microtime(TRUE) . mt_rand( 10000, 90000 ));
342		}
343		$random_string = substr( $random_string, 0, $length );
344		return $random_string;
345		}
346
347
348
349		}
350		/* End of file EE_Encryption.class.php */
351		/* Location: /includes/core/EE_Encryption.core.php */

eventespresso / event-espresso-core