[wp-hackers] Wordpress database encryption.

jackie sparks jackie.craig.sparks at live.com
Sun Nov 27 04:58:43 UTC 2011


The problem ended up being the prepare statement was messing up the new query in the function get_user_by().


1st, your query looks like two queries, with the text "         127 Query   " in between the two; have you checked to see why that is?
 That is the mysql log output. So that is a logging prefix.

2nd, why are you hacking core instead of using the 'query' hook? The 'query' hook should allow you to transform the data in an a manner which is exactly as it appears you would like.
 Thank you for that suggestion. The query hook only works when making a plugin. I "think" these changes should be in the core. It would make it harder for someone to find the code instead of just browsing thru directory in the wp-content/plugins dir.

3rd, you should consider renaming your function dbuserquerychk() with a prefix, maybe like jcs_dbuserquerychk() or acs3_dbuserquerychk() or similar.
 Thank you. Why those function name prefixes. What purpose do they have?



> From: mikeschinkel at newclarity.net
> Date: Sat, 26 Nov 2011 23:22:26 -0500
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] Wordpress database encryption.
> 
> Hi Jackie,
> 
> 1st, your query looks like two queries, with the text "         127 Query   " in between the two; have you checked to see why that is?
> 
> 2nd, why are you hacking core instead of using the 'query' hook? The 'query' hook should allow you to transform the data in an a manner which is exactly as it appears you would like.
> 
> 3rd, you should consider renaming your function dbuserquerychk() with a prefix, maybe like jcs_dbuserquerychk() or acs3_dbuserquerychk() or similar.
> 
> Hope this helps.
> 
> -Mike
> 
> 
> On Nov 26, 2011, at 10:20 PM, jackie sparks wrote:
> 
> > 
> > I've been working on modding the core to allow database encryption. Im running into a problem. I have every field but the ID encrypted  with AES, and changed to mediumblob. I first started off by doing this outside the wp-db class but now have shifted my efforts towards the db class. The data is encrypted at the mysql database server and also at the application with mcrypt functions. I don't understand why the data is not being retrieved properly.
> > 
> > The mod to get row:
> >       function get_row( $query = null, $output = OBJECT, $y = 0 ) {
> >                $this->func_call = "\$db->get_row(\"$query\",$output,$y)";
> >                if ( $query )
> >                        $this->query( $query );
> >                else
> >                        return null;
> >                print_r($this->last_result[$y]);
> > 
> >                $newvalues=dbuserquerychk($query,$this->last_result[$y],$this->prefix);
> > 
> >                if($newvalues != false)
> >                        $this->last_result[$y]=$newvalues;
> > 
> >                print_r($this->last_result[$y]);
> >                if ( !isset( $this->last_result[$y] ) )
> >                        return null;
> > 
> >                if ( $output == OBJECT ) {
> >                        return $this->last_result[$y] ? $this->last_result[$y] : null;
> >                } elseif ( $output == ARRAY_A ) {
> > 
> > 
> > The function checking it. ust trying to perform the encryption on the users table atm and then proceed with the rest of the db. 
> > 
> > function dbuserquerychk($query,$data,$prefix){
> >        if(preg_match( '/'.$prefix.'users/', $query)){
> >                //echo "$data;
> >                foreach ($data as $key => $val) {
> >                        if($key != "ID")
> >                                $newvalues[$key]=decrypt($val);
> >                        else
> >                                $newvalues[$key]=$val;
> >                }
> >                return $newvalues;
> >        }
> >        return false;
> > }
> > 
> > The mysql query that gets submited: 
> > 
> > SELECT ID, AES_DECRYPT(user_login,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_login, AES_DECRYPT(user_pass,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_pass,
> >        AES_DECRYPT(user_nicename, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_nicename, AES_DECRYPT(user_email,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_email,
> >        AES_DECRYPT(user_url, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_url, AES_DECRYPT(user_registered,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP')as user_registered,
> >        AES_DECRYPT(user_activation_key,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_activation_key,
> >        AES_DECRYPT(user_status,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_status, AES_DECRYPT(display_name,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as display_name FROM wp2_users WHERE user_login = 'admin'
> >          127 Query    SELECT ID, AES_DECRYPT(user_login,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_login, AES_DECRYPT(user_pass,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_pass,
> >        AES_DECRYPT(user_nicename, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_nicename, AES_DECRYPT(user_email,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_email,
> >        AES_DECRYPT(user_url, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_url, AES_DECRYPT(user_registered,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP')as user_registered,
> >        AES_DECRYPT(user_activation_key,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_activation_key,
> >        AES_DECRYPT(user_status,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_status, AES_DECRYPT(display_name,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as display_name FROM wp2_users WHERE user_login = 'admin'
> > 
> > apache errorlog with xdebug trace: I see that the variable data is no getting populated properly during the login request but I stuck as to knowing why at this point. 
> > 
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Warning:  Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   2. get_userdatabylogin() /var/www/aes3/wp-login.php:548, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   3. get_user_by() /var/www/aes3/wp-includes/pluggable.php:212, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   4. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   5. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Warning:  Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   2. wp_signon() /var/www/aes3/wp-login.php:573, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   3. wp_authenticate() /var/www/aes3/wp-includes/user.php:53, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   4. apply_filters() /var/www/aes3/wp-includes/pluggable.php:540, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   5. call_user_func_array() /var/www/aes3/wp-includes/plugin.php:170, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   6. wp_authenticate_username_password() /var/www/aes3/wp-includes/plugin.php:0, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   7. get_user_by() /var/www/aes3/wp-includes/user.php:88, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   8. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   9. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Warning:  Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   2. get_userdatabylogin() /var/www/aes3/wp-login.php:548, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   3. get_user_by() /var/www/aes3/wp-includes/pluggable.php:212, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   4. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   5. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Warning:  Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   2. wp_signon() /var/www/aes3/wp-login.php:573, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   3. wp_authenticate() /var/www/aes3/wp-includes/user.php:53, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   4. apply_filters() /var/www/aes3/wp-includes/pluggable.php:540, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   5. call_user_func_array() /var/www/aes3/wp-includes/plugin.php:170, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   6. wp_authenticate_username_password() /var/www/aes3/wp-includes/plugin.php:0, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   7. get_user_by() /var/www/aes3/wp-includes/user.php:88, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   8. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
> > [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   9. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
> > 		 	   		  
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> 
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
 		 	   		  


More information about the wp-hackers mailing list