##############################################################
## MOD Title: Private Message Encryption and Decryption
## MOD Author: Jason Bassford < jasonb@dante.com > http://www.dante.com/users/jasonb/
## MOD Description:
##
## This will allow you to encrypt private messages to other
## board users. The user will then be able to decrypt the
## message if they know the password that you used. This
## prevents any sensitive message from being read by somebody
## looking at the raw database records.
##
## Decryption happens onscreen - not within the database. So,
## even if you "decrypt" a message (and read it) it is still
## stored on the server in its encrypted form.
##
## If you've decrypted a message, and quote it back to the sender,
## it will be the decrypted text that is quoted back. The quote
## must, itself, be manually encrypted or else it will be sent back
## to the original sender in plain text.
##
## Once a message is encrypted and submitted, and in the sender's
## Outbox, it may be viewed and deleted, but it cannot be edited.
##
## This mod encrypts Private Messages using a 256-bit Rijndael
## block cipher.
##
## NOTE: In order to use this mod, you must have PHP compiled
## with libmcrypt2.4.x or higher!
##
## MOD Version: 1.0.1
##
## Installation Level: Intermediate
## Installation Time: 10 Minutes
## Files To Edit: 3
## privmsg.php
## templates/subSilber/posting_body.tpl
## templates/subSilver/privmsgs_read_body.tpl
## Included Files: N/A
##############################################################
## Author Notes:
##
## Updated to turn off php error messages just during the
## encryption and decypryption commands. Otherwise, some
## people might see (benign) warning messages appear.
##
##############################################################
## This MOD is released under the GPL License.
## Intellectual Property is retained by the MOD Author(s) listed above
##############################################################
## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD
##############################################################
## NOTE: In order to use this mod, you must have PHP compiled
## with libmcrypt2.4.x or higher!
#
#-----[ OPEN ]------------------------------------------
#
privmsg.php
#
#-----[ FIND ]------------------------------------------
#
$preview = ( isset($HTTP_POST_VARS['preview']) ) ? TRUE : 0;
#
#-----[ AFTER, ADD ]------------------------------------
#
$encrypt = ( isset($HTTP_POST_VARS['encrypt']) ) ? TRUE : 0;
$encryption_key = ( !empty($HTTP_POST_VARS['encryption_key']) ) ? $HTTP_POST_VARS['encryption_key'] : 0;
$decrypt = ( isset($HTTP_POST_VARS['decrypt']) ) ? TRUE : 0;
$decrypt_quote = ( isset($HTTP_POST_VARS['decrypt_quote_x']) || isset($HTTP_POST_VARS['decrypt_quote_y']) ) ? TRUE : 0;
#
#-----[ FIND ]------------------------------------------
#
$start = ( !empty($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0;
#
#-----[ BEFORE, ADD ]------------------------------------
#
if ($decrypt_quote)
{
$mode = "quote";
}
#
#-----[ FIND ]------------------------------------------
#
else
{
$privmsg_id = '';
}
#
#-----[ BEFORE, ADD ]------------------------------------------
#
else if ( $decrypt_quote )
{
$privmsg_id = $HTTP_POST_VARS['privmsgs_id'];
}
#
#-----[ FIND ]------------------------------------------
#
}
else if ( $mode == 'read' )
{
if ( !empty($HTTP_GET_VARS[POST_POST_URL]) )
{
$privmsgs_id = intval($HTTP_GET_VARS[POST_POST_URL]);
}
else
{
message_die(GENERAL_ERROR, $lang['No_post_id']);
}
#
#-----[ REPLACE WITH ]------------------------------------------
#
}
else if ( $mode == 'read' || $decrypt )
{
if ( !empty($HTTP_GET_VARS[POST_POST_URL]) )
{
$privmsgs_id = intval($HTTP_GET_VARS[POST_POST_URL]);
}
else if ( $decrypt )
{
$privmsgs_id = $HTTP_POST_VARS['privmsgs_id'];
$mode = "read";
}
else
{
message_die(GENERAL_ERROR, $lang['No_post_id']);
}
#
#-----[ FIND ]------------------------------------------
#
$post_icons = array(
'post_img' => '<a href="' . $post_urls['post'] . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0" /></a>',
'post' => '<a href="' . $post_urls['post'] . '">' . $lang['Post_new_pm'] . '</a>',
'reply_img' => '<a href="' . $post_urls['reply'] . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0" /></a>',
'reply' => '<a href="' . $post_urls['reply'] . '">' . $lang['Post_reply_pm'] . '</a>',
'quote_img' => '<a href="' . $post_urls['quote'] . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post_quote_pm'] . '" border="0" /></a>',
'quote' => '<a href="' . $post_urls['quote'] . '">' . $lang['Post_quote_pm'] . '</a>',
'edit_img' => '<a href="' . $post_urls['edit'] . '"><img src="' . $images['pm_editmsg'] . '" alt="' . $lang['Edit_pm'] . '" border="0" /></a>',
'edit' => '<a href="' . $post_urls['edit'] . '">' . $lang['Edit_pm'] . '</a>'
);
#
#-----[ REPLACE WITH ]------------------------------------------
#
if ($decrypt)
{
$post_icons = array(
'post_img' => '<a href="' . $post_urls['post'] . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0" /></a>',
'post' => '<a href="' . $post_urls['post'] . '">' . $lang['Post_new_pm'] . '</a>',
'reply_img' => '<a href="' . $post_urls['reply'] . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0" /></a>',
'reply' => '<a href="' . $post_urls['reply'] . '">' . $lang['Post_reply_pm'] . '</a>',
'quote_img' => '<input style="border: 0px" type="image" src="' . $images['pm_quotemsg'] . '" name="decrypt_quote" class="liteoption" value="Quote" />',
'quote' => '<input style="border: 0px" type="image" src="' . $images['pm_quotemsg'] . '" name="decrypt_quote" class="liteoption" value="Quote" />',
'edit_img' => '',
'edit' => ''
);
}
else
{
$post_icons = array(
'post_img' => '<a href="' . $post_urls['post'] . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0" /></a>',
'post' => '<a href="' . $post_urls['post'] . '">' . $lang['Post_new_pm'] . '</a>',
'reply_img' => '<a href="' . $post_urls['reply'] . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0" /></a>',
'reply' => '<a href="' . $post_urls['reply'] . '">' . $lang['Post_reply_pm'] . '</a>',
'quote_img' => '<a href="' . $post_urls['quote'] . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post _quote_pm'] . '" border="0" /></a>',
'quote' => '<a href="' . $post_urls['quote'] . '">' . $lang['Post_quote_pm'] . '</a>',
'edit_img' => '<a href="' . $post_urls['edit'] . '"><img src="' . $images['pm_editmsg'] . '" alt="' . $lang['Edit_pm'] . '" border="0" /></a>',
'edit' => '<a href="' . $post_urls['edit'] . '">' . $lang['Edit_pm'] . '</a>'
);
}
#
#-----[ FIND ]------------------------------------------
#
//
// Processing of post
//
$post_subject = $privmsg['privmsgs_subject'];
$private_message = $privmsg['privmsgs_text'];
#
#-----[ AFTER, ADD ]------------------------------------
#
if ( $decrypt )
{
$cipher_alg = MCRYPT_RIJNDAEL_256;
$decrypted_message = str_replace("Encrypted message follows:\n\n", "", $private_message);
$decrypted_message = str_replace("<br>", "", $decrypted_message);
$old_errorlevel = error_reporting(0);
$decrypted_message = trim(mcrypt_decrypt($cipher_alg, $encryption_key, pack("H*", $decrypted_message), MCRYPT_MODE_CFB, "1"));
error_reporting($old_errorlevel);
$private_message = str_replace("\r\n", "<br>", $decrypted_message);
$decrypted_message = str_replace("\"", """, $decrypted_message);
}
#
#-----[ FIND ]------------------------------------------
#
'YIM' => $yim)
);
#
#-----[ REPLACE WITH ]------------------------------------------
#
'YIM' => $yim,
'PRIVMSGS_ID' => $privmsgs_id,
'DECRYPT_QUOTE' => $decrypt,
'DECRYPTED_MESSAGE' => $decrypted_message)
);
#
#-----[ FIND ]------------------------------------------
#
else if ( $submit || $refresh || $mode != '' )
#
#-----[ REPLACE WITH]------------------------------------------
#
else if ( $submit || $encrypt || $refresh || $mode != '' )
#
#-----[ FIND ]------------------------------------------
#
if ( $submit && $mode != 'edit' )
#
#-----[ REPLACE WITH ]------------------------------------------
#
if ( ($submit || $encrypt) && $mode != 'edit' )
#
#-----[ FIND ]------------------------------------------
#
if ( $submit )
#
#-----[ REPLACE WITH ]------------------------------------------
#
if ( $submit || $encrypt )
#
#-----[ FIND ]------------------------------------------
#
if ( $submit && !$error )
#
#-----[ REPLACE WITH ]------------------------------------------
#
if ( ($submit || $encrypt) && !$error )
#
#-----[ FIND ]------------------------------------------
#
if ( $mode != 'edit' )
{
$privmsg_sent_id = $db->sql_nextid();
$sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text)
VALUES ($privmsg_sent_id, '" . $bbcode_uid . "', '" . str_replace("\'", "''", $privmsg_message) . "')";
}
#
#-----[ REPLACE WITH ]------------------------------------------
#
if ( $mode != 'edit' )
{
$privmsg_sent_id = $db->sql_nextid();
if ($encrypt)
{
$cipher_alg = MCRYPT_RIJNDAEL_256;
$encrypted_message = str_replace("\\\"", "\"", $privmsg_message);
$encrypted_message = str_replace("\\'", "'", $encrypted_message);
$encrypted_message = str_replace("\\\\", "\\", $encrypted_message);
$old_errorlevel = error_reporting(0);
$encrypted_message = bin2hex(mcrypt_encrypt($cipher_alg, $encryption_key, $encrypted_message, MCRYPT_MODE_CFB, "1"));
error_reporting($old_errorlevel);
$encrypted_message = wordwrap($encrypted_message, 80, "<br>", 1);
$encrypted_message = "Encrypted message follows:\n\n" . $encrypted_message;
$sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text)
VALUES ($privmsg_sent_id, '" . $bbcode_uid . "', '" . $encrypted_message . "')";
}
else
{
$sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text)
VALUES ($privmsg_sent_id, '" . $bbcode_uid . "', '" . str_replace("\'", "''", $privmsg_message) . "')";
}
}
#
#-----[ FIND ]------------------------------------------
#
if ( $mode == 'quote' )
{
$privmsg_message = $privmsg['privmsgs_text'];
#
#-----[ REPLACE WITH ]------------------------------------------
#
if ( $mode == 'quote' )
{
if ($decrypt_quote)
{
$privmsg_message = $HTTP_POST_VARS['decrypted_message'];
$privmsg_message = str_replace("\\\"", "\"", $privmsg_message);
$privmsg_message = str_replace("\\'", "'", $privmsg_message);
$privmsg_message = str_replace("\\\\", "\\", $privmsg_message);
}
else
{
$privmsg_message = $privmsg['privmsgs_text'];
}
#
#-----[ OPEN ]------------------------------------------
#
templates/subSilver/posting_body.tpl
#
#-----[ FIND ]------------------------------------------
#
{POLLBOX}
<tr>
<td class="catBottom" colspan="2" align="center" height="28"> {S_HIDDEN_FORM_FIELDS}<input type="submit" tabindex="5" name="preview" class="mainoption" value="{L_PREVIEW}" /> <input type="submit" accesskey="s" tabindex="6" name="post" class="mainoption" value="{L_SUBMIT}" />
#
#-----[ AFTER, ADD ]------------------------------------
#
<!-- BEGIN switch_privmsg -->
<span style="margin-left: 50px; font-size: 80%">Password: </span>
<input type="password" tabindex="7" class="post" name="encryption_key" />
<input type="submit" tabindex="8" name="encrypt" class="mainoption" value="Encrypt & Submit" />
<!-- END switch_privmsg -->
</td>
#
#-----[ OPEN ]------------------------------------------
#
templates/subSilver/privmsgs_read_body.tpl
#
#-----[ FIND ]------------------------------------------
#
<input type="submit" name="delete" value="{L_DELETE_MSG}" class="liteoption" />
#
#-----[ AFTER, ADD ]------------------------------------
#
<span style="margin-left: 50px; font-size: 80%">Password: </span>
<input type="password" class="post" name="encryption_key" />
<input type="submit" name="decrypt" class="liteoption" value="Decrypt Message" />
<input type="hidden" name="privmsgs_id" value="{PRIVMSGS_ID}" />
<input type="hidden" name="decrypted_message" value="{DECRYPTED_MESSAGE}" />
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
# EoM
