fix(security): fix SQL injection in updatePaymetToPaid, OTP random_int, static IV encryption, storage mismatch
This commit is contained in:
Hamza-Ayed
@@ -41,8 +41,9 @@ class EncryptionHelper {
|
||||
public function encryptData($plainText) {
|
||||
$plainText = mb_convert_encoding($plainText, 'UTF-8');
|
||||
$paddedText = $this->addPadding($plainText);
|
||||
$encrypted = openssl_encrypt($paddedText, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
|
||||
return base64_encode($encrypted);
|
||||
$iv = random_bytes(16);
|
||||
$encrypted = openssl_encrypt($paddedText, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv);
|
||||
return base64_encode($iv . $encrypted);
|
||||
}
|
||||
|
||||
public function decryptData($encryptedText) {
|
||||
@@ -53,6 +54,22 @@ class EncryptionHelper {
|
||||
return false;
|
||||
}
|
||||
|
||||
// محاولة أولى: استخراج IV عشوائي من أول 16 بايت
|
||||
if (strlen($decoded) >= 16) {
|
||||
$iv = substr($decoded, 0, 16);
|
||||
$payload = substr($decoded, 16);
|
||||
|
||||
$decrypted = openssl_decrypt($payload, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv);
|
||||
|
||||
if ($decrypted !== false) {
|
||||
$pad = ord($decrypted[strlen($decrypted) - 1]);
|
||||
if ($pad >= 1 && $pad <= 16) {
|
||||
return substr($decrypted, 0, -$pad);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// محاولة ثانية: IV ثابت (للبيانات القديمة)
|
||||
$decrypted = openssl_decrypt($decoded, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
|
||||
|
||||
if ($decrypted === false) {
|
||||
@@ -60,7 +77,6 @@ class EncryptionHelper {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Verify padding is valid before removal
|
||||
$pad = ord($decrypted[strlen($decrypted) - 1]);
|
||||
if ($pad < 1 || $pad > 16) {
|
||||
error_log("[ERROR] Invalid padding value ($pad) for decrypted input: $encryptedText");
|
||||
@@ -82,13 +98,23 @@ class EncryptionHelper {
|
||||
return true;
|
||||
}
|
||||
public function encryptBinary($data) {
|
||||
$encrypted = openssl_encrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
|
||||
return $encrypted;
|
||||
$iv = random_bytes(16);
|
||||
$encrypted = openssl_encrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv);
|
||||
return $iv . $encrypted;
|
||||
}
|
||||
|
||||
public function decryptBinary($data) {
|
||||
if (strlen($data) >= 16) {
|
||||
$iv = substr($data, 0, 16);
|
||||
$payload = substr($data, 16);
|
||||
$decrypted = openssl_decrypt($payload, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv);
|
||||
if ($decrypted !== false) {
|
||||
return $decrypted;
|
||||
}
|
||||
}
|
||||
|
||||
// للبيانات القديمة ذات IV الثابت
|
||||
$decrypted = openssl_decrypt($data, 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $this->iv);
|
||||
// CRIT-07 FIX: التحقق من فشل openssl_decrypt
|
||||
if ($decrypted === false) {
|
||||
error_log('[CRIT-07] openssl_decrypt failed in decryptBinary');
|
||||
throw new Exception('Decryption failed');
|
||||
|
||||
@@ -3,11 +3,15 @@ include "../../connect.php";
|
||||
|
||||
$driverID = filterRequest("driverID");
|
||||
|
||||
if (empty($driverID)) {
|
||||
printFailure("Driver ID is required");
|
||||
exit;
|
||||
}
|
||||
|
||||
$sql = "UPDATE `payments` SET `isGiven`='Paid' WHERE driverID='$driverID'";
|
||||
$sql = "UPDATE `payments` SET `isGiven`='Paid' WHERE driverID = :driverID";
|
||||
|
||||
$stmt = $con->prepare($sql);
|
||||
$stmt->execute();
|
||||
$stmt->execute([':driverID' => $driverID]);
|
||||
|
||||
if ($stmt->rowCount() > 0) {
|
||||
// Print a success message
|
||||
|
||||
Reference in New Issue
Block a user