rc4 decrypt class interaction with streaming data

Hi everyone,
yes i'm a noob in php :sick: who needs real help here :rolleyes:

Here's my prob; i have installed a php-nuke cms website, not the latest version but a quite advanced one already (6.9).
Now the registration procedure for that cms is quite simple and i want to use a more secure and unique method for registering users.
A friend is creating an application that will be client side.
The application is used to replace the registering procedure, which will work as a normal registering form and will send the user data straight to the registering page on the php-nuke cms. This to prevent users to register directly on the cms.
The reason why i want to use a client side app is because i need a guid to make all my users unique.

First hick-up here is, the app is gonna encrypt the data with rc4 encryption and send details over internet in encrypted form. Since the cms doesnt support rc4 i need to embed a decrypt class in the registering page that will interact with the sent data from the app and decrypt it before it hits the input fields from the registering page on the cms itself.

Now, i have the rc4 encrypt/decrypt code but i don't have a clue how to put this code on the registering page and make sure the sent data is first of all decrypted and after it's been decrypted it's being forwarded to the input fields of the regisitering form on the cms.

i Have attached the registering page to this post as well as the rc4 crypt class.
Thx forward to anyone that is willing to help me on this.

Jeeeessh - I have never seen such awful code :rolleyes: (not your code - the CMS code)

Anyway I have taken a look at the code. I am taking the assumption that you will be encrypting the username/password, new user info and edit user info. The script relies on some global varaibles set elsewhere, probably in one of the include scripts from these lines 15-21:

PHP Code:

---

if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {
    die ("You can't access this file directly...");
}

require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
get_lang($module_name);
$userpage = 1;

include("modules/$module_name/navbar.php");

/** include your encryption script here **/ 


---

At the line I've marked, use include to include a script which loops through the $_POST array. Use a special variable prefix for encrypted variables such as ECN and apply your decryption algorithm to them.

The most important thing to do is set the global variables you need to pass to the helper functions in the registration / login script. Lines 1373 - 1440 show the global variables which need to be set in your include file:

PHP Code:

---

switch($op) {

    case "logout":
    logout();
    break;

    case "broadcast":
    broadcast($the_message, $who);
    break;

    case "lost_pass":
    lost_pass();
    break;

    case "new user":
    confirmNewUser($username, $user_email, $user_password, $user_password2, $random_num, $gfx_check);
    break;

    case "finish":
    finishNewUser($username, $user_email, $user_password, $random_num, $gfx_check);
    break;

    case "mailpasswd":
    mail_password($username, $code);
    break;

    case "userinfo":
    userinfo($username, $bypass, $hid, $url);
    break;

    case "login":
    login($username, $user_password, $redirect, $mode, $f, $t, $random_num, $gfx_check);
    break;

    case "edituser":
    edituser();
    break;

    case "saveuser":
        /** global variables here should be set in yuor decrypt script **/
    saveuser($realname, $user_email, $femail, $user_website, $user_avatar, $user_icq, $user_aim, $user_yim, $user_msnm, $user_from, $user_occ, $user_interests, $newsletter, $user_viewemail, $user_allow_viewonline, $user_notify, $user_notify_pm, $user_popup_pm, $user_attachsig, $user_allowbbcode, $user_allowhtml, $user_allowsmile, $user_timezone, $user_dateformat, $user_sig, $bio, $user_password, $vpass, $username, $user_id);
    break;

    case "edithome":
    edithome();
    break;
    
    case "chgtheme":
    chgtheme();
    break;
    
    case "savehome":
    savehome($user_id, $username, $storynum, $ublockon, $ublock, $broadcast);
    break;

    case "savetheme":
    savetheme($user_id, $theme);
    break;

    case "avatarlist":
    avatarlist();
    break;

    case "editcomm":
    editcomm();
    break;

    case "savecomm":
    savecomm($user_id, $username, $umode, $uorder, $thold, $noscore, $commentmax);
    break;
        
    case "pass_lost":
    pass_lost();
    break;

    case "new_user":
        new_user();
        break;

    case "my_headlines":
    my_headlines($hid, $url);
    break;

    case "gfx":
    gfx($random_num);
    break;

    case "activate":
    activate($username, $check_num);
    break;

    default:
    main($user);
    break;

} 


---

Thx for taking the time to help me out a bit VisualAd, i appreciate it.

If i understand right,
my first job here will be to create a new table in the database to hold the guid the app is sending. Or maybe i'll just use one that already exist and customise it to my needs.

Then i guess i'll have to add that as an input field in the form in order to be taken in count.

I will have to add the variable for the guid table and also add them in each related function of the registering script?

And ofcourse inserting the rc4 decrypt algorythm.

Sorry if i'm not making sense but like i told my mate, this php code is like a plate of spagetty to me :sick: i'm trying my best tho to understand it.

Quote:

---

Originally Posted by TacTiXs

Sorry if i'm not making sense but like i told my mate, this php code is like a plate of spagetty to me :sick: i'm trying my best tho to understand it.

---

I agree, that PHP code for the PHP-Nuke is a pile of spaghetti. I feel sorry for you having the job of hacking it.

Here is the route add take to approach yourr problem:

1. Design your client side application as per your requirements.
2. The primary key of the users database will be the GUID for each user. I hope beyond all hope that they have created a primary key.
3. Create a PHP script on your server which you will insert into the script in the location identified. Or better inside the include script that processes $_POST variables that overwirtes and decrypts the data.
4. Its then up to the CMS to do the work for you of adding the new user.

You'll most probably have to familiarise yourself with exactly what the code does to get it working properly. What is it you are going to use the GUID for?
:confused:

Thx for ur quick respons VisualAd,
the guid is to be used to ban users if they had to overide the rules and tos of my website service.