0

I have a class name aes.php (found when googling). This class use Rijndael-128. here the aes.php

<?php

    /*
        Version: 1.0
    */
    class aes_encryption{

        const CIPHER = MCRYPT_RIJNDAEL_128; // Rijndael-128 is AES
        const MODE   = MCRYPT_MODE_ECB;

        public $key = 'abcdefghij123456'; // needs to be 32 bytes for aes
        public $iv = '1234efgh'; // needs to be 16 bytes for aes

        public function encrypt($plaintext){            
            $ciphertext = mcrypt_encrypt(self::CIPHER, $this->key, $plaintext, self::MODE, $this->iv);
            return base64_encode($ciphertext);
        }

        public function decrypt($ciphertext){
            $ciphertext = base64_decode($ciphertext);
            $plaintext = mcrypt_decrypt(self::CIPHER, $this->key, $ciphertext, self::MODE, $this->iv);
            return rtrim($plaintext, "\0");
        }



public function encrypt_file($input_file, $output_file){
            $input_file_handle = @fopen($input_file, "r");
            $output_file_handle = @fopen($output_file, 'wb');

            if(!$input_file_handle){ throw new Exception("Could not open input file"); }
            if(!$output_file_handle){ throw new Exception("Could not open output file"); }

            while(!feof($input_file_handle)){
                $buffer = base64_encode(fread($input_file_handle, 4096));                     
                $encrypted_string = $this->encrypt($buffer);
                //echo strlen($encrypted_string).'<br>';
                fwrite($output_file_handle, $encrypted_string);
            }

            fclose($input_file_handle);
            fclose($output_file_handle);

            return true;
        }

        public function decrypt_file($input_file, $output_file){
            $input_file_handle = @fopen($input_file, "r");
            $output_file_handle = @fopen($output_file, 'wb');

            if(!$input_file_handle){ throw new Exception("Could not open input file"); }
            if(!$output_file_handle){ throw new Exception("Could not open output file"); }

            while(!feof($input_file_handle)){
                //4096 bytes plaintext become 7296 bytes of encrypted base64 text
                $buffer = fread($input_file_handle, 7296);
                $decrypted_string = base64_decode($this->decrypt($buffer));
                //echo strlen($buffer).'<br>';
                fwrite($output_file_handle, $decrypted_string);
            }

            fclose($input_file_handle);
            fclose($output_file_handle);

            return true;
        }

    }//class aes_encryption

?>

and a class name upload.php, this class is to upload a file and auto encrypt file when upload. 

<?php
include_once 'dbconfig.php';    
include 'aes.php';

session_start();
    if($_SESSION['user'] and ($_SESSION['nik'])){
    }
    else{ 
       header("location:index.php");
    }

if(isset($_POST['btn-upload']))

        $file       =rand(1000,100000)."-".$_FILES['file']['name'];
        $file_loc   =$_FILES['file']['tmp_name'];
        $file_size  =$_FILES['file']['size'];
        $dekripsi   =$_POST['dekripsi'];
        $file_type  =$_FILES['file']['type'];
        $file_nik   = $_SESSION ['nik'];
        $file_namalengkap = $_SESSION ['user'];
        $folder="uploads/";
        $new_size = $file_size/1024;  
        $new_file_name = strtolower($file);
        $final_file=str_replace(' ','-',$new_file_name);

        if (move_uploaded_file($file_loc,$folder.$final_file)){

            $sql="INSERT INTO tbl_uploads(file,namalengkap,nik,dekripsi,type,size) VALUES('$final_file','".$_SESSION ['user']."','".$_SESSION ['nik']."','$dekripsi','$file_type','$new_size')";
            mysql_query($sql);
            echo mysql_error();
            $crypt = new aes_encryption();

            $final_file = $file_loc; 

            $crypt->encrypt_file($final_file, $final_file.'.enc');


            ?>
                <script>
                    alert('successfully uploaded');
                    window.location.href='home.php?success';
                </script>
            <?php

        }
        else
        {
            ?>
                <script>
                    alert('gagal upload');
                    window.location.href='home.php?fail';
                </script>
            <?php
        }


?>

and I am trying to run, but it show me error,

Fatal error: Uncaught exception 'Exception' with message 'Could not open input file' in C:\xampp\htdocs\aes\aes.php:29 Stack trace: #0 C:\xampp\htdocs\aes\uploadaes.php(40): aes_encryption->encrypt_file('C:\xampp\tmp\ph...', 'C:\xampp\tmp\ph...') #1 {main} thrown in C:\xampp\htdocs\aes\aes.php on line 29

I think the problem is $final_file = $file_loc ; cant get the value, and I dont know why it cant get the value of $file_loc but if you have opinion where is the problem, could you tell me?

John
  • 45
  • 8

1 Answers1

0

You have already moved the file from $file_loc to $folder.$final_file, so this seems to be the root of your issue. You should be keeping $final_file as it is, and use:

$crypt->encryt_file($folder.$final_file, $folder.$final_file.'.enc');

You also need to do some kind of checking on the input to your MySQL query statement. Also note that mysql_query is deprecated, and I recommend that you opt to use a more up-to-date library such as pdo or mysqli.

Jake
  • 822
  • 5
  • 14
  • i've try that, but the error cange to `Fatal error: Uncaught exception 'Exception' with message 'Could not open input file' in C:\xampp\htdocs\aes\aes.php:29 Stack trace: #0 C:\xampp\htdocs\aes\uploadaes.php(41): aes_encryption->encrypt_file('uploads/uploads...', 'uploads/uploads...') #1 {main} thrown in C:\xampp\htdocs\aes\aes.php on line 29` yes thanks, i will use that library later, – John Oct 27 '15 at 16:37
  • thats my mistake, i miss your description about `You should be keeping $final_file as it is` thanks its working now. – John Oct 27 '15 at 16:46
  • one more thing, if i want to auto delete the original file after encrypted, so there is just encrypted file on the server. what i suppose to add on my code? – John Oct 27 '15 at 16:53
  • For that, see this post: http://stackoverflow.com/questions/2371408/how-to-delete-a-file-via-php – Jake Oct 27 '15 at 16:58
  • yes that post problem is same as mine, i use unlink to, but always gives me an error that the file does not exist and i dont have permision to the folder . in that post i see the answer who use `realpath` , `is_writeable` , and `unlink`, could give me sample code about that? – John Oct 27 '15 at 17:16
  • Did you use the absolute path (as explained in the answers to the question linked)? Also, which variable are you using? Try using echo to verify any assumptions – Jake Oct 27 '15 at 17:17
  • hey bro i have a 1 problem anymore, the `delete.php` now didn work correctly, if i push buttn delete, it should be delete the data from mysql and server, but now just from mysql, the data still remain on the server, i already use `realpath` , `is writable` , and `unlink` to on the `delete.php` how to fix that, because file in the server become `.doc.enc` is the problem because the extension? – John Oct 27 '15 at 17:44
  • Look at the mysql records, specifically the file name. When you use unlink, echo the file name youre unlinking. Is it correct? – Jake Oct 27 '15 at 17:56
  • sorry to reply now, because i have a internet issue, yes the mysql record fill with the name of file `.doc` not `doc.enc` , if i want the mysql record fill with the name of file who was encrypted, what i suppose to do? where should i put the code `$crypt = new aes_encryption(); $final_file = $folder.$final_file ; $crypt->encrypt_file($final_file, $final_file.'.enc');` – John Oct 28 '15 at 00:23
  • Well, if you want your mysql insert query to contain the .enc, simply put it directly into the query. Alternatively, set a variable to the encrypted file name above the query, use it inside the query and in the encrypt_file method of `crypt`. – Jake Oct 28 '15 at 01:38