[wp-hackers] Wordpress database encryption.
jackie sparks
jackie.craig.sparks at live.com
Sun Nov 27 03:20:59 UTC 2011
I've been working on modding the core to allow database encryption. Im running into a problem. I have every field but the ID encrypted with AES, and changed to mediumblob. I first started off by doing this outside the wp-db class but now have shifted my efforts towards the db class. The data is encrypted at the mysql database server and also at the application with mcrypt functions. I don't understand why the data is not being retrieved properly.
The mod to get row:
function get_row( $query = null, $output = OBJECT, $y = 0 ) {
$this->func_call = "\$db->get_row(\"$query\",$output,$y)";
if ( $query )
$this->query( $query );
else
return null;
print_r($this->last_result[$y]);
$newvalues=dbuserquerychk($query,$this->last_result[$y],$this->prefix);
if($newvalues != false)
$this->last_result[$y]=$newvalues;
print_r($this->last_result[$y]);
if ( !isset( $this->last_result[$y] ) )
return null;
if ( $output == OBJECT ) {
return $this->last_result[$y] ? $this->last_result[$y] : null;
} elseif ( $output == ARRAY_A ) {
The function checking it. ust trying to perform the encryption on the users table atm and then proceed with the rest of the db.
function dbuserquerychk($query,$data,$prefix){
if(preg_match( '/'.$prefix.'users/', $query)){
//echo "$data;
foreach ($data as $key => $val) {
if($key != "ID")
$newvalues[$key]=decrypt($val);
else
$newvalues[$key]=$val;
}
return $newvalues;
}
return false;
}
The mysql query that gets submited:
SELECT ID, AES_DECRYPT(user_login,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_login, AES_DECRYPT(user_pass,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_pass,
AES_DECRYPT(user_nicename, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_nicename, AES_DECRYPT(user_email,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_email,
AES_DECRYPT(user_url, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_url, AES_DECRYPT(user_registered,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP')as user_registered,
AES_DECRYPT(user_activation_key,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_activation_key,
AES_DECRYPT(user_status,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_status, AES_DECRYPT(display_name,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as display_name FROM wp2_users WHERE user_login = 'admin'
127 Query SELECT ID, AES_DECRYPT(user_login,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_login, AES_DECRYPT(user_pass,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_pass,
AES_DECRYPT(user_nicename, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_nicename, AES_DECRYPT(user_email,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_email,
AES_DECRYPT(user_url, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_url, AES_DECRYPT(user_registered,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP')as user_registered,
AES_DECRYPT(user_activation_key,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_activation_key,
AES_DECRYPT(user_status,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_status, AES_DECRYPT(display_name,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as display_name FROM wp2_users WHERE user_login = 'admin'
apache errorlog with xdebug trace: I see that the variable data is no getting populated properly during the login request but I stuck as to knowing why at this point.
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Warning: Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 2. get_userdatabylogin() /var/www/aes3/wp-login.php:548, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 3. get_user_by() /var/www/aes3/wp-includes/pluggable.php:212, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 4. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 5. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Warning: Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 2. wp_signon() /var/www/aes3/wp-login.php:573, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 3. wp_authenticate() /var/www/aes3/wp-includes/user.php:53, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 4. apply_filters() /var/www/aes3/wp-includes/pluggable.php:540, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 5. call_user_func_array() /var/www/aes3/wp-includes/plugin.php:170, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 6. wp_authenticate_username_password() /var/www/aes3/wp-includes/plugin.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 7. get_user_by() /var/www/aes3/wp-includes/user.php:88, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 8. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 9. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Warning: Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 2. get_userdatabylogin() /var/www/aes3/wp-login.php:548, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 3. get_user_by() /var/www/aes3/wp-includes/pluggable.php:212, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 4. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 5. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Warning: Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 2. wp_signon() /var/www/aes3/wp-login.php:573, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 3. wp_authenticate() /var/www/aes3/wp-includes/user.php:53, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 4. apply_filters() /var/www/aes3/wp-includes/pluggable.php:540, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 5. call_user_func_array() /var/www/aes3/wp-includes/plugin.php:170, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 6. wp_authenticate_username_password() /var/www/aes3/wp-includes/plugin.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 7. get_user_by() /var/www/aes3/wp-includes/user.php:88, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 8. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 9. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
More information about the wp-hackers
mailing list