From 17a8e61d2ae9e938aaf60292666b6ccf5cb09067 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sat, 7 Jan 2017 14:25:46 +0300
Subject: deprecate encrypted feed passwords because mcrypt is getting removed
 from php 7.1

1. transparent decryption for existing installs stays for the time being
2. new passwords are not going to be encrypted even if FEED_CRYPT_KEY is defined
3. added update.php --decrypt-feeds to bulk decrypt existing encrypted passwords
4. updated install to not auto-generate crypt key
5. added warning to config.php-dist
---
 include/crypt.php     | 15 ---------------
 include/functions.php |  9 +--------
 include/rssfuncs.php  |  4 ++--
 3 files changed, 3 insertions(+), 25 deletions(-)

(limited to 'include')

diff --git a/include/crypt.php b/include/crypt.php
index f06483ef1..217ad3b0f 100644
--- a/include/crypt.php
+++ b/include/crypt.php
@@ -18,19 +18,4 @@
 
 		return false;
 	}
-
-	function encrypt_string($str) {
-		$key = hash('SHA256', FEED_CRYPT_KEY, true);
-
-		$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128,
-			MCRYPT_MODE_CBC), MCRYPT_RAND);
-
-		$encstr = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $str,
-			MCRYPT_MODE_CBC, $iv);
-
-		$iv_base64 = base64_encode($iv);
-		$encstr_base64 = base64_encode($encstr);
-
-		return "$iv_base64:$encstr_base64";
-	}
 ?>
diff --git a/include/functions.php b/include/functions.php
index f10c3a00b..ce7627d5a 100755
--- a/include/functions.php
+++ b/include/functions.php
@@ -1749,14 +1749,7 @@
 			"SELECT id FROM ttrss_feeds
 			WHERE feed_url = '$url' AND owner_uid = ".$_SESSION["uid"]);
 
-		if (strlen(FEED_CRYPT_KEY) > 0) {
-			require_once "crypt.php";
-			$auth_pass = substr(encrypt_string($auth_pass), 0, 250);
-			$auth_pass_encrypted = 'true';
-		} else {
-			$auth_pass_encrypted = 'false';
-		}
-
+		$auth_pass_encrypted = 'false';
 		$auth_pass = db_escape_string($auth_pass);
 
 		if (db_num_rows($result) == 0) {
diff --git a/include/rssfuncs.php b/include/rssfuncs.php
index e667df41f..6c342971f 100644
--- a/include/rssfuncs.php
+++ b/include/rssfuncs.php
@@ -254,7 +254,7 @@
 		$auth_login = db_fetch_result($result, 0, "auth_login");
 		$auth_pass = db_fetch_result($result, 0, "auth_pass");
 
-		if ($auth_pass_encrypted) {
+		if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
 			require_once "crypt.php";
 			$auth_pass = decrypt_string($auth_pass);
 		}
@@ -347,7 +347,7 @@
 		$auth_login = db_fetch_result($result, 0, "auth_login");
 		$auth_pass = db_fetch_result($result, 0, "auth_pass");
 
-		if ($auth_pass_encrypted) {
+		if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
 			require_once "crypt.php";
 			$auth_pass = decrypt_string($auth_pass);
 		}
-- 
cgit v1.2.3