[wp-hackers] Wordpress database encryption.

jackie sparks jackie.craig.sparks at live.com
Sun Nov 27 03:20:59 UTC 2011


I've been working on modding the core to allow database encryption. Im running into a problem. I have every field but the ID encrypted  with AES, and changed to mediumblob. I first started off by doing this outside the wp-db class but now have shifted my efforts towards the db class. The data is encrypted at the mysql database server and also at the application with mcrypt functions. I don't understand why the data is not being retrieved properly.

The mod to get row:
       function get_row( $query = null, $output = OBJECT, $y = 0 ) {
                $this->func_call = "\$db->get_row(\"$query\",$output,$y)";
                if ( $query )
                        $this->query( $query );
                else
                        return null;
                print_r($this->last_result[$y]);

                $newvalues=dbuserquerychk($query,$this->last_result[$y],$this->prefix);

                if($newvalues != false)
                        $this->last_result[$y]=$newvalues;

                print_r($this->last_result[$y]);
                if ( !isset( $this->last_result[$y] ) )
                        return null;

                if ( $output == OBJECT ) {
                        return $this->last_result[$y] ? $this->last_result[$y] : null;
                } elseif ( $output == ARRAY_A ) {


The function checking it. ust trying to perform the encryption on the users table atm and then proceed with the rest of the db. 

function dbuserquerychk($query,$data,$prefix){
        if(preg_match( '/'.$prefix.'users/', $query)){
                //echo "$data;
                foreach ($data as $key => $val) {
                        if($key != "ID")
                                $newvalues[$key]=decrypt($val);
                        else
                                $newvalues[$key]=$val;
                }
                return $newvalues;
        }
        return false;
}

The mysql query that gets submited: 

SELECT ID, AES_DECRYPT(user_login,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_login, AES_DECRYPT(user_pass,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_pass,
        AES_DECRYPT(user_nicename, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_nicename, AES_DECRYPT(user_email,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_email,
        AES_DECRYPT(user_url, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_url, AES_DECRYPT(user_registered,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP')as user_registered,
        AES_DECRYPT(user_activation_key,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_activation_key,
        AES_DECRYPT(user_status,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_status, AES_DECRYPT(display_name,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as display_name FROM wp2_users WHERE user_login = 'admin'
          127 Query    SELECT ID, AES_DECRYPT(user_login,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_login, AES_DECRYPT(user_pass,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_pass,
        AES_DECRYPT(user_nicename, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_nicename, AES_DECRYPT(user_email,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_email,
        AES_DECRYPT(user_url, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_url, AES_DECRYPT(user_registered,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP')as user_registered,
        AES_DECRYPT(user_activation_key,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_activation_key,
        AES_DECRYPT(user_status,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_status, AES_DECRYPT(display_name,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as display_name FROM wp2_users WHERE user_login = 'admin'

apache errorlog with xdebug trace: I see that the variable data is no getting populated properly during the login request but I stuck as to knowing why at this point. 

[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Warning:  Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   2. get_userdatabylogin() /var/www/aes3/wp-login.php:548, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   3. get_user_by() /var/www/aes3/wp-includes/pluggable.php:212, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   4. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   5. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Warning:  Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   2. wp_signon() /var/www/aes3/wp-login.php:573, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   3. wp_authenticate() /var/www/aes3/wp-includes/user.php:53, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   4. apply_filters() /var/www/aes3/wp-includes/pluggable.php:540, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   5. call_user_func_array() /var/www/aes3/wp-includes/plugin.php:170, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   6. wp_authenticate_username_password() /var/www/aes3/wp-includes/plugin.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   7. get_user_by() /var/www/aes3/wp-includes/user.php:88, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   8. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP   9. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Warning:  Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   2. get_userdatabylogin() /var/www/aes3/wp-login.php:548, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   3. get_user_by() /var/www/aes3/wp-includes/pluggable.php:212, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   4. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   5. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Warning:  Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   2. wp_signon() /var/www/aes3/wp-login.php:573, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   3. wp_authenticate() /var/www/aes3/wp-includes/user.php:53, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   4. apply_filters() /var/www/aes3/wp-includes/pluggable.php:540, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   5. call_user_func_array() /var/www/aes3/wp-includes/plugin.php:170, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   6. wp_authenticate_username_password() /var/www/aes3/wp-includes/plugin.php:0, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   7. get_user_by() /var/www/aes3/wp-includes/user.php:88, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   8. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
[Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP   9. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
 		 	   		  


More information about the wp-hackers mailing list