17a8e61d2a
1. transparent decryption for existing installs stays for the time being 2. new passwords are not going to be encrypted even if FEED_CRYPT_KEY is defined 3. added update.php --decrypt-feeds to bulk decrypt existing encrypted passwords 4. updated install to not auto-generate crypt key 5. added warning to config.php-dist
21 lines
404 B
PHP
21 lines
404 B
PHP
<?php
|
|
function decrypt_string($str) {
|
|
$pair = explode(":", $str);
|
|
|
|
if (count($pair) == 2) {
|
|
@$iv = base64_decode($pair[0]);
|
|
@$encstr = base64_decode($pair[1]);
|
|
|
|
if ($iv && $encstr) {
|
|
$key = hash('SHA256', FEED_CRYPT_KEY, true);
|
|
|
|
$str = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $encstr,
|
|
MCRYPT_MODE_CBC, $iv);
|
|
|
|
if ($str) return rtrim($str);
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
?>
|