############################################################## ## MOD Title: Private Message Encryption and Decryption ## MOD Author: Jason Bassford < jasonb@dante.com > https://jasonbassford.com/ ## MOD Description: ## ## This will allow you to encrypt private messages to other ## board users. The user will then be able to decrypt the ## message if they know the password that you used. This ## prevents any sensitive message from being read by somebody ## looking at the raw database records. ## ## Decryption happens onscreen - not within the database. So, ## even if you "decrypt" a message (and read it) it is still ## stored on the server in its encrypted form. ## ## If you've decrypted a message, and quote it back to the sender, ## it will be the decrypted text that is quoted back. The quote ## must, itself, be manually encrypted or else it will be sent back ## to the original sender in plain text. ## ## Once a message is encrypted and submitted, and in the sender's ## Outbox, it may be viewed and deleted, but it cannot be edited. ## ## This mod encrypts Private Messages using a 256-bit Rijndael ## block cipher. ## ## NOTE: In order to use this mod, you must have PHP compiled ## with libmcrypt2.4.x or higher! ## ## MOD Version: 1.0.0 ## ## Installation Level: Intermediate ## Installation Time: 10 Minutes ## Files To Edit: 3 ## privmsg.php ## templates/subSilber/posting_body.tpl ## templates/subSilver/privmsgs_read_body.tpl ## Included Files: N/A ############################################################## ## Author Notes: ## ############################################################## ## This MOD is released under the GPL License. ## Intellectual Property is retained by the MOD Author(s) listed above ############################################################## ## Before Adding This MOD To Your Forum, You Should Back Up All Files Related To This MOD ############################################################## ## NOTE: In order to use this mod, you must have PHP compiled ## with libmcrypt2.4.x or higher! # #-----[ OPEN ]------------------------------------------ # privmsg.php # #-----[ FIND ]------------------------------------------ # $preview = ( isset($HTTP_POST_VARS['preview']) ) ? TRUE : 0; # #-----[ AFTER, ADD ]------------------------------------ # $encrypt = ( isset($HTTP_POST_VARS['encrypt']) ) ? TRUE : 0; $encryption_key = ( !empty($HTTP_POST_VARS['encryption_key']) ) ? $HTTP_POST_VARS['encryption_key'] : 0; $decrypt = ( isset($HTTP_POST_VARS['decrypt']) ) ? TRUE : 0; $decrypt_quote = ( isset($HTTP_POST_VARS['decrypt_quote_x']) || isset($HTTP_POST_VARS['decrypt_quote_y']) ) ? TRUE : 0; # #-----[ FIND ]------------------------------------------ # $start = ( !empty($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) : 0; # #-----[ BEFORE, ADD ]------------------------------------ # if ($decrypt_quote) { $mode = "quote"; } # #-----[ FIND ]------------------------------------------ # else { $privmsg_id = ''; } # #-----[ BEFORE, ADD ]------------------------------------------ # else if ( $decrypt_quote ) { $privmsg_id = $HTTP_POST_VARS['privmsgs_id']; } # #-----[ FIND ]------------------------------------------ # } else if ( $mode == 'read' ) { if ( !empty($HTTP_GET_VARS[POST_POST_URL]) ) { $privmsgs_id = intval($HTTP_GET_VARS[POST_POST_URL]); } else { message_die(GENERAL_ERROR, $lang['No_post_id']); } # #-----[ REPLACE WITH ]------------------------------------------ # } else if ( $mode == 'read' || $decrypt ) { if ( !empty($HTTP_GET_VARS[POST_POST_URL]) ) { $privmsgs_id = intval($HTTP_GET_VARS[POST_POST_URL]); } else if ( $decrypt ) { $privmsgs_id = $HTTP_POST_VARS['privmsgs_id']; $mode = "read"; } else { message_die(GENERAL_ERROR, $lang['No_post_id']); } # #-----[ FIND ]------------------------------------------ # $post_icons = array( 'post_img' => '<a href="' . $post_urls['post'] . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0" /></a>', 'post' => '<a href="' . $post_urls['post'] . '">' . $lang['Post_new_pm'] . '</a>', 'reply_img' => '<a href="' . $post_urls['reply'] . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0" /></a>', 'reply' => '<a href="' . $post_urls['reply'] . '">' . $lang['Post_reply_pm'] . '</a>', 'quote_img' => '<a href="' . $post_urls['quote'] . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post_quote_pm'] . '" border="0" /></a>', 'quote' => '<a href="' . $post_urls['quote'] . '">' . $lang['Post_quote_pm'] . '</a>', 'edit_img' => '<a href="' . $post_urls['edit'] . '"><img src="' . $images['pm_editmsg'] . '" alt="' . $lang['Edit_pm'] . '" border="0" /></a>', 'edit' => '<a href="' . $post_urls['edit'] . '">' . $lang['Edit_pm'] . '</a>' ); # #-----[ REPLACE WITH ]------------------------------------------ # if ($decrypt) { $post_icons = array( 'post_img' => '<a href="' . $post_urls['post'] . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0" /></a>', 'post' => '<a href="' . $post_urls['post'] . '">' . $lang['Post_new_pm'] . '</a>', 'reply_img' => '<a href="' . $post_urls['reply'] . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0" /></a>', 'reply' => '<a href="' . $post_urls['reply'] . '">' . $lang['Post_reply_pm'] . '</a>', 'quote_img' => '<input style="border: 0px" type="image" src="' . $images['pm_quotemsg'] . '" name="decrypt_quote" class="liteoption" value="Quote" />', 'quote' => '<input style="border: 0px" type="image" src="' . $images['pm_quotemsg'] . '" name="decrypt_quote" class="liteoption" value="Quote" />', 'edit_img' => '', 'edit' => '' ); } else { $post_icons = array( 'post_img' => '<a href="' . $post_urls['post'] . '"><img src="' . $images['pm_postmsg'] . '" alt="' . $lang['Post_new_pm'] . '" border="0" /></a>', 'post' => '<a href="' . $post_urls['post'] . '">' . $lang['Post_new_pm'] . '</a>', 'reply_img' => '<a href="' . $post_urls['reply'] . '"><img src="' . $images['pm_replymsg'] . '" alt="' . $lang['Post_reply_pm'] . '" border="0" /></a>', 'reply' => '<a href="' . $post_urls['reply'] . '">' . $lang['Post_reply_pm'] . '</a>', 'quote_img' => '<a href="' . $post_urls['quote'] . '"><img src="' . $images['pm_quotemsg'] . '" alt="' . $lang['Post _quote_pm'] . '" border="0" /></a>', 'quote' => '<a href="' . $post_urls['quote'] . '">' . $lang['Post_quote_pm'] . '</a>', 'edit_img' => '<a href="' . $post_urls['edit'] . '"><img src="' . $images['pm_editmsg'] . '" alt="' . $lang['Edit_pm'] . '" border="0" /></a>', 'edit' => '<a href="' . $post_urls['edit'] . '">' . $lang['Edit_pm'] . '</a>' ); } # #-----[ FIND ]------------------------------------------ # // // Processing of post // $post_subject = $privmsg['privmsgs_subject']; $private_message = $privmsg['privmsgs_text']; # #-----[ AFTER, ADD ]------------------------------------ # if ( $decrypt ) { $cipher_alg = MCRYPT_RIJNDAEL_256; $decrypted_message = str_replace("Encrypted message follows:\n\n", "", $private_message); $decrypted_message = str_replace("<br>", "", $decrypted_message); $decrypted_message = trim(mcrypt_decrypt($cipher_alg, $encryption_key, pack("H*", $decrypted_message), MCRYPT_MODE_CFB, "1")); $private_message = str_replace("\r\n", "<br>", $decrypted_message); $decrypted_message = str_replace("\"", """, $decrypted_message); } # #-----[ FIND ]------------------------------------------ # 'YIM' => $yim) ); # #-----[ REPLACE WITH ]------------------------------------------ # 'YIM' => $yim, 'PRIVMSGS_ID' => $privmsgs_id, 'DECRYPT_QUOTE' => $decrypt, 'DECRYPTED_MESSAGE' => $decrypted_message) ); # #-----[ FIND ]------------------------------------------ # else if ( $submit || $refresh || $mode != '' ) # #-----[ REPLACE WITH]------------------------------------------ # else if ( $submit || $encrypt || $refresh || $mode != '' ) # #-----[ FIND ]------------------------------------------ # if ( $submit && $mode != 'edit' ) # #-----[ REPLACE WITH ]------------------------------------------ # if ( ($submit || $encrypt) && $mode != 'edit' ) # #-----[ FIND ]------------------------------------------ # if ( $submit ) # #-----[ REPLACE WITH ]------------------------------------------ # if ( $submit || $encrypt ) # #-----[ FIND ]------------------------------------------ # if ( $submit && !$error ) # #-----[ REPLACE WITH ]------------------------------------------ # if ( ($submit || $encrypt) && !$error ) # #-----[ FIND ]------------------------------------------ # if ( $mode != 'edit' ) { $privmsg_sent_id = $db->sql_nextid(); $sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text) VALUES ($privmsg_sent_id, '" . $bbcode_uid . "', '" . str_replace("\'", "''", $privmsg_message) . "')"; } # #-----[ REPLACE WITH ]------------------------------------------ # if ( $mode != 'edit' ) { $privmsg_sent_id = $db->sql_nextid(); if ($encrypt) { $cipher_alg = MCRYPT_RIJNDAEL_256; $encrypted_message = str_replace("\\\"", "\"", $privmsg_message); $encrypted_message = str_replace("\\'", "'", $encrypted_message); $encrypted_message = str_replace("\\\\", "\\", $encrypted_message); $encrypted_message = bin2hex(mcrypt_encrypt($cipher_alg, $encryption_key, $encrypted_message, MCRYPT_MODE_CFB, "1")); $encrypted_message = wordwrap($encrypted_message, 80, "<br>", 1); $encrypted_message = "Encrypted message follows:\n\n" . $encrypted_message; $sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text) VALUES ($privmsg_sent_id, '" . $bbcode_uid . "', '" . $encrypted_message . "')"; } else { $sql = "INSERT INTO " . PRIVMSGS_TEXT_TABLE . " (privmsgs_text_id, privmsgs_bbcode_uid, privmsgs_text) VALUES ($privmsg_sent_id, '" . $bbcode_uid . "', '" . str_replace("\'", "''", $privmsg_message) . "')"; } } # #-----[ FIND ]------------------------------------------ # if ( $mode == 'quote' ) { $privmsg_message = $privmsg['privmsgs_text']; # #-----[ REPLACE WITH ]------------------------------------------ # if ( $mode == 'quote' ) { if ($decrypt_quote) { $privmsg_message = $HTTP_POST_VARS['decrypted_message']; $privmsg_message = str_replace("\\\"", "\"", $privmsg_message); $privmsg_message = str_replace("\\'", "'", $privmsg_message); $privmsg_message = str_replace("\\\\", "\\", $privmsg_message); } else { $privmsg_message = $privmsg['privmsgs_text']; } # #-----[ OPEN ]------------------------------------------ # templates/subSilver/posting_body.tpl # #-----[ FIND ]------------------------------------------ # {POLLBOX} <tr> <td class="catBottom" colspan="2" align="center" height="28"> {S_HIDDEN_FORM_FIELDS}<input type="submit" tabindex="5" name="preview" class="mainoption" value="{L_PREVIEW}" /> <input type="submit" accesskey="s" tabindex="6" name="post" class="mainoption" value="{L_SUBMIT}" /> # #-----[ AFTER, ADD ]------------------------------------ # <!-- BEGIN switch_privmsg --> <span style="margin-left: 50px; font-size: 80%">Password: </span> <input type="password" tabindex="7" class="post" name="encryption_key" /> <input type="submit" tabindex="8" name="encrypt" class="mainoption" value="Encrypt & Submit" /> <!-- END switch_privmsg --> </td> # #-----[ OPEN ]------------------------------------------ # templates/subSilver/privmsgs_read_body.tpl # #-----[ FIND ]------------------------------------------ # <input type="submit" name="delete" value="{L_DELETE_MSG}" class="liteoption" /> # #-----[ AFTER, ADD ]------------------------------------ # <span style="margin-left: 50px; font-size: 80%">Password: </span> <input type="password" class="post" name="encryption_key" /> <input type="submit" name="decrypt" class="liteoption" value="Decrypt Message" /> <input type="hidden" name="privmsgs_id" value="{PRIVMSGS_ID}" /> <input type="hidden" name="decrypted_message" value="{DECRYPTED_MESSAGE}" /> # #-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ # # EoM