[wp-hackers] Wordpress database encryption.
Mike Schinkel
mikeschinkel at newclarity.net
Sun Nov 27 04:22:26 UTC 2011
Hi Jackie,
1st, your query looks like two queries, with the text " 127 Query " in between the two; have you checked to see why that is?
2nd, why are you hacking core instead of using the 'query' hook? The 'query' hook should allow you to transform the data in an a manner which is exactly as it appears you would like.
3rd, you should consider renaming your function dbuserquerychk() with a prefix, maybe like jcs_dbuserquerychk() or acs3_dbuserquerychk() or similar.
Hope this helps.
-Mike
On Nov 26, 2011, at 10:20 PM, jackie sparks wrote:
>
> I've been working on modding the core to allow database encryption. Im running into a problem. I have every field but the ID encrypted with AES, and changed to mediumblob. I first started off by doing this outside the wp-db class but now have shifted my efforts towards the db class. The data is encrypted at the mysql database server and also at the application with mcrypt functions. I don't understand why the data is not being retrieved properly.
>
> The mod to get row:
> function get_row( $query = null, $output = OBJECT, $y = 0 ) {
> $this->func_call = "\$db->get_row(\"$query\",$output,$y)";
> if ( $query )
> $this->query( $query );
> else
> return null;
> print_r($this->last_result[$y]);
>
> $newvalues=dbuserquerychk($query,$this->last_result[$y],$this->prefix);
>
> if($newvalues != false)
> $this->last_result[$y]=$newvalues;
>
> print_r($this->last_result[$y]);
> if ( !isset( $this->last_result[$y] ) )
> return null;
>
> if ( $output == OBJECT ) {
> return $this->last_result[$y] ? $this->last_result[$y] : null;
> } elseif ( $output == ARRAY_A ) {
>
>
> The function checking it. ust trying to perform the encryption on the users table atm and then proceed with the rest of the db.
>
> function dbuserquerychk($query,$data,$prefix){
> if(preg_match( '/'.$prefix.'users/', $query)){
> //echo "$data;
> foreach ($data as $key => $val) {
> if($key != "ID")
> $newvalues[$key]=decrypt($val);
> else
> $newvalues[$key]=$val;
> }
> return $newvalues;
> }
> return false;
> }
>
> The mysql query that gets submited:
>
> SELECT ID, AES_DECRYPT(user_login,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_login, AES_DECRYPT(user_pass,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_pass,
> AES_DECRYPT(user_nicename, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_nicename, AES_DECRYPT(user_email,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_email,
> AES_DECRYPT(user_url, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_url, AES_DECRYPT(user_registered,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP')as user_registered,
> AES_DECRYPT(user_activation_key,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_activation_key,
> AES_DECRYPT(user_status,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_status, AES_DECRYPT(display_name,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as display_name FROM wp2_users WHERE user_login = 'admin'
> 127 Query SELECT ID, AES_DECRYPT(user_login,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_login, AES_DECRYPT(user_pass,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_pass,
> AES_DECRYPT(user_nicename, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_nicename, AES_DECRYPT(user_email,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_email,
> AES_DECRYPT(user_url, '7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_url, AES_DECRYPT(user_registered,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP')as user_registered,
> AES_DECRYPT(user_activation_key,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_activation_key,
> AES_DECRYPT(user_status,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as user_status, AES_DECRYPT(display_name,'7pp3XeLESBCe89FuXT9hhbsxTRS6C3WmBXCxD3MfngOn35az70lPSW1yGtvSGd4KCnZZe0TDVETGyDvP5B960sTy9p7xOCnPx2T2dmxN7aOLR6xGPRtT0BvEOqzQtMQeEEvW0luzir7TdThKBtAeXGGToCsZeyk8fKGTsbpUS71rwPWUZ3llLFVDEW3F3OrcmBFzxbSN4HV9segA0qHBG7mKKpXAqzpPHVTb9A1tsDx7KL0Aeec7yTPwTeAgcrP') as display_name FROM wp2_users WHERE user_login = 'admin'
>
> apache errorlog with xdebug trace: I see that the variable data is no getting populated properly during the login request but I stuck as to knowing why at this point.
>
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Warning: Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 2. get_userdatabylogin() /var/www/aes3/wp-login.php:548, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 3. get_user_by() /var/www/aes3/wp-includes/pluggable.php:212, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 4. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 5. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Warning: Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 2. wp_signon() /var/www/aes3/wp-login.php:573, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 3. wp_authenticate() /var/www/aes3/wp-includes/user.php:53, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 4. apply_filters() /var/www/aes3/wp-includes/pluggable.php:540, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 5. call_user_func_array() /var/www/aes3/wp-includes/plugin.php:170, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 6. wp_authenticate_username_password() /var/www/aes3/wp-includes/plugin.php:0, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 7. get_user_by() /var/www/aes3/wp-includes/user.php:88, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 8. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:44:16 2011] [error] [client 127.0.0.1] PHP 9. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Warning: Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 2. get_userdatabylogin() /var/www/aes3/wp-login.php:548, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 3. get_user_by() /var/www/aes3/wp-includes/pluggable.php:212, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 4. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 5. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Warning: Invalid argument supplied for foreach() in /var/www/aes3/wp-includes/functions.php on line 46, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 1. {main}() /var/www/aes3/wp-login.php:0, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 2. wp_signon() /var/www/aes3/wp-login.php:573, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 3. wp_authenticate() /var/www/aes3/wp-includes/user.php:53, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 4. apply_filters() /var/www/aes3/wp-includes/pluggable.php:540, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 5. call_user_func_array() /var/www/aes3/wp-includes/plugin.php:170, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 6. wp_authenticate_username_password() /var/www/aes3/wp-includes/plugin.php:0, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 7. get_user_by() /var/www/aes3/wp-includes/user.php:88, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 8. wpdb->get_row() /var/www/aes3/wp-includes/pluggable.php:190, referer: http://localhost/aes3/wp-login.php
> [Sat Nov 26 20:45:17 2011] [error] [client 127.0.0.1] PHP 9. dbuserquerychk() /var/www/aes3/wp-includes/wp-db.php:1417, referer: http://localhost/aes3/wp-login.php
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list