image
Redirect all traffic to HTTPS

use on your .htaccess file

2022-02-16 14:08:46 by Omar
Original Link Author Link 
                                    RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.domain\.com$ [NC]
RewriteRule ^(.*)$ https://www.domain.com/$1 [L,R=301]

Linux Other

TAGS : htaccess,ssl,redirect
image
JWT Login

2022-02-25 13:41:06 by Omar
Original Link Author Link 
                                    Sub Login
    Dim j As HttpJob
    j.Initialize("", Me) 'name is empty as it is no longer needed
    j.Download("http://xxx.xxx/peru/api/?action=login&username=admin&password=master")
    Wait For (j) JobDone(j As HttpJob)
    If j.Success Then
        Dim parser As JSONParser
        parser.Initialize(j.GetString)
        Dim root As Map = parser.NextObject
        Dim JWT As String = root.Get("JWT")
        Pass = JWT
        Log("Password: " & Pass)
    End If
    j.Release
End Sub

' after login and save the token, we can use :
Sub AddTask
    Dim j As HttpJob
    j.Initialize("", Me) 'name is empty as it is no longer needed
    j.Download("http://192.168.1.136/peru/api/?action=add&object=tareas&descripcion=PRUEBA DE METER&fecha='2019-04-17'&asignada='SI'&completada='NO'")
    j.GetRequest.SetHeader("X-Authorization","Bearer " & Pass)
    Wait For (j) JobDone(j As HttpJob)
    If j.Success Then
        Log("Añadido con éxito: " & j.GetString)
    End If
    j.Release
End Sub

Multiplatform - B4X Other

TAGS : jwt,login,token
image
PHP Functions for excryption

in PHP

2022-03-04 12:12:50 by Omar
Original Link Author Link 
                                     0 ? mcrypt_create_iv( 16 ) : "" );
	$temp .= hash_hmac( 'sha256', $plaintext, $mac_key, true );
	$temp .= hash_hmac( 'sha256', $meta, $mac_key, true );
	$mac = hash_hmac( 'sha256', $temp, $mac_key, true );
	$siv = substr( $mac, 0, 16 );

	// Encrypt the message
	$enc = mcrypt_encrypt( 'rijndael-128', $enc_key, $plaintext, 'ctr', $siv );
	return base64_encode( $siv . $nonce . $enc );

}

/**
 * Decrypts an encrypted string
 *
 * @param string $key       Encryption key, also used during encryption
 * @param string $encrypted Encrypted string to be decrypted
 * @param mixed  $meta      Associated data that must be the same as when encrypted
 *
 * @return string Decrypted string or `null` if key/meta has been tampered with
 */
function decrypt( $key, $ciphertext, $meta = '' ) {

	// Generate valid key
	$key = hash_pbkdf2( 'sha256', $key, '', 10000, 0, true );

	// Serialize metadata
	$meta = serialize($meta);

	// Derive two subkeys from the original key
	$mac_key = hash_hmac( 'sha256', 'mac', $key, true );
	$enc_key = hash_hmac( 'sha256', 'enc', $key, true );
	$enc_key = substr( $enc_key, 0, 32 );

	// Unpack MAC, nonce and encrypted message from the ciphertext
	$enc = base64_decode( $ciphertext );
	$siv = substr( $enc, 0, 16 );
	$nonce = substr( $enc, 16, 16 );
	$enc = substr( $enc, 16 + 16 );

	// Decrypt message
	$plaintext = mcrypt_decrypt( 'rijndael-128', $enc_key, $enc, 'ctr', $siv );

	// Verify MAC, return null if message is invalid
	$temp = $nonce;
	$temp .= hash_hmac( 'sha256', $plaintext, $mac_key, true );
	$temp .= hash_hmac( 'sha256', $meta, $mac_key, true );
	$mac = hash_hmac( 'sha256', $temp, $mac_key, true );
	if ( $siv !== substr( $mac, 0, 16 ) ) return null;

	return $plaintext;

}

/**
 * Encrypts a string
 *
 * Do not use this function, it is only here for historical reference
 *
 * @param string $key Encryption key, also required for decryption
 * @param string $raw Raw string to be encrypted
 *
 * @return string Raw data encrypted with key
 */
// function encrypt($key, $raw) {
// 	return base64_encode(mcrypt_encrypt(
// 			MCRYPT_RIJNDAEL_256,
// 			md5($key),
// 			$raw,
// 			MCRYPT_MODE_CBC,
// 			md5(md5($key))
// 	));
// }

/**
 * Decrypts an encrypted string
 *
 * Do not use this function, it is only here for historical reference
 *
 * @param string $key       Encryption key, also used during encryption
 * @param string $encrypted Encrypted string to be decrypted
 *
 * @return string Decrypted string or `null` if key/meta has been tampered with
 */
// function decrypt($key, $encrypted) {
// 	return rtrim(
// 		mcrypt_decrypt(
// 			MCRYPT_RIJNDAEL_256,
// 			md5($key),
// 			base64_decode($encrypted),
// 			MCRYPT_MODE_CBC,
// 			md5(md5($key))
// 		)
// 	);
// }


************



 'Rich', 'email' => 'rich@richjenks.com' ];
$encrypted = encrypt($key, $raw, $meta);
$decrypted = decrypt($key, $encrypted, $meta);

echo 'KEY:';
var_dump($key);
echo 'RAW:';
var_dump($raw);
echo 'META:';
var_dump($meta);
echo 'ENCRYPTED:';
var_dump($encrypted);
echo 'DENCRYPTED:';
var_dump($decrypted);

Other Web

TAGS : encryption,php