diff --git a/functions.php b/functions.php
index f832fe6..879009c 100644
--- a/functions.php
+++ b/functions.php
@@ -1616,7 +1616,7 @@ function output_comments_qq_columns( $column_name, $comment_id ){
*/
add_filter( 'get_avatar', 'change_avatar', 10, 3 );
function change_avatar($avatar){
- global $comment,$sakura_pubkey;
+ global $comment,$sakura_privkey;
if ($comment) {
if( get_comment_meta( $comment->comment_ID, 'new_field_qq', true )){
$qq_number = get_comment_meta( $comment->comment_ID, 'new_field_qq', true );
@@ -1627,9 +1627,9 @@ function change_avatar($avatar){
preg_match('/:\"([^\"]*)\"/i',$qqavatar,$matches);
return '';
}else{
- openssl_public_encrypt($qq_number, $encrypted, openssl_pkey_get_public($sakura_pubkey));
- $qq_number = urlencode(base64_encode($encrypted));
- return '';
+ $encrypted = openssl_encrypt($qq_number, 'aes-128-cbc', $sakura_privkey, 0);
+ $encrypted = urlencode(base64_encode($encrypted));
+ return '';
}
}else{
return $avatar ;
@@ -1729,7 +1729,7 @@ add_action('pre_comment_on_post', 'allow_more_tag_in_comment');
* 随机图
*/
function create_sakura_table(){
- global $wpdb;
+ global $wpdb,$sakura_image_array,$sakura_privkey;
$sakura_table_name = $wpdb->base_prefix.'sakura';
require_once(ABSPATH . "wp-admin/includes/upgrade.php");
dbDelta("CREATE TABLE IF NOT EXISTS `" . $sakura_table_name . "` (
@@ -1755,22 +1755,13 @@ function create_sakura_table(){
if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'privkey'") ){
$privkey = array(
"mate_key" => "privkey",
- "mate_value" => file_get_contents(get_template_directory()."/manifest/private.key")
+ "mate_value" => wp_generate_password(8)
);
$wpdb->insert($sakura_table_name,$privkey);
}
- if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'pubkey'") ){
- $pubkey = array(
- "mate_key" => "pubkey",
- "mate_value" => file_get_contents(get_template_directory()."/manifest/public.key")
- );
- $wpdb->insert($sakura_table_name,$pubkey);
- }
//reduce sql query
- global $sakura_image_array,$sakura_privkey,$sakura_pubkey;
$sakura_image_array = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='manifest_json'");
$sakura_privkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='privkey'");
- $sakura_pubkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='pubkey'");
}
add_action( 'after_setup_theme', 'create_sakura_table' );
diff --git a/inc/api.php b/inc/api.php
index ef77961..b651fc5 100644
--- a/inc/api.php
+++ b/inc/api.php
@@ -407,25 +407,6 @@ function update_database() {
$wpdb->insert($sakura_table_name,$time);
$message = "manifest.json has been stored into database.";
}
- if(isset($_FILES["rsa"])){
- if($_FILES["rsa"]["name"]=="public.key"){
- $pubkey = array(
- "mate_key" => "pubkey",
- "mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"])
- );
- $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='pubkey'");
- $wpdb->insert($sakura_table_name,$pubkey);
- }
- if($_FILES["rsa"]["name"]=="private.key"){
- $privkey = array(
- "mate_key" => "privkey",
- "mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"])
- );
- $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='privkey'");
- $wpdb->insert($sakura_table_name,$privkey);
- }
- $message = "key pairs has been stored into database.";
- }
$output = array(
'status' => 200,
'success' => true,
@@ -453,20 +434,21 @@ function update_database() {
*/
function get_qq_avatar(){
global $sakura_privkey;
- $qq_number=$_GET["qq"];
- $encrypted = urldecode(base64_decode($qq_number));
- openssl_private_decrypt($encrypted, $qq_number, openssl_pkey_get_private($sakura_privkey));
- preg_match('/^\d{3,}$/', $qq_number, $matches);
- $imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100';
- if(akina_option('qq_avatar_link')=='off'){
- $imgdata = file_get_contents($imgurl);
- header("Content-type: image/jpeg");
- echo $imgdata;
- }else{
- $response = new WP_REST_Response();
- $response->set_status(302);
- $response->header('Location', $imgurl);
- return $response;
- }
-
+ $encrypted=$_GET["qq"];
+ if(isset($encrypted)){
+ $encrypted = urldecode(base64_decode($encrypted));
+ $qq_number = openssl_decrypt($encrypted, 'aes-128-cbc', $sakura_privkey, 0);
+ preg_match('/^\d{3,}$/', $qq_number, $matches);
+ $imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100';
+ if(akina_option('qq_avatar_link')=='type_1'){
+ $imgdata = file_get_contents($imgurl);
+ header("Content-type: image/jpeg");
+ echo $imgdata;
+ }else{
+ $response = new WP_REST_Response();
+ $response->set_status(302);
+ $response->header('Location', $imgurl);
+ return $response;
+ }
+ }
}
diff --git a/manifest/README.md b/manifest/README.md
index 2209345..10c0fab 100644
--- a/manifest/README.md
+++ b/manifest/README.md
@@ -24,7 +24,7 @@ pip3 install Pillow
pip install Pillow --user
```
-用同样的方法安装`requests`、`pycryptodome`
+用同样的方法安装`requests`
### 运行
把图片文件放到 `gallary` 目录,Windows 可直接双击 manifest.py,或者和其他操作系统一样,在 Terminal、Powershell、CMD 中运行:
diff --git a/manifest/manifest.py b/manifest/manifest.py
index 941b3fd..9828390 100644
--- a/manifest/manifest.py
+++ b/manifest/manifest.py
@@ -10,7 +10,6 @@ import json
import requests
import base64
import hashlib
-from Crypto.PublicKey import RSA
from PIL import Image
class Single(object):
@@ -52,7 +51,7 @@ class Single(object):
return self.mani
-class Upload2Wordpress:
+class Upload2Wordpress(object):
def __init__(self, username, password, url):
self.username = username
self.password = password
@@ -69,20 +68,10 @@ class Upload2Wordpress:
reply = requests.post(self.url, headers=headers, files=files)
print(json.loads(reply.content)['message'])
- def upload_manifest(self):
+ def main(self):
print('start uploading `manifest.json`...')
self.upload('manifest.json', 'manifest')
- def upload_key(self):
- print('start uploading `private.key`...')
- self.upload('private.key', 'rsa')
- print('start uploading `public.key`...')
- self.upload('public.key', 'rsa')
-
- def main(self):
- self.upload_manifest()
- self.upload_key()
-
def gen_manifest_json():
onlyfiles = [f for f in os.listdir('gallary') if os.path.isfile(os.path.join('gallary', f))]
@@ -97,21 +86,8 @@ def gen_manifest_json():
json.dump(Manifest, json_file)
-def gen_key_pairs():
- key = RSA.generate(1024)
- pv_key_string = key.exportKey()
- with open("private.key", "w+") as prv_file:
- print("{}".format(pv_key_string.decode()), file=prv_file)
- pb_key_string = key.publickey().exportKey()
- with open("public.key", "w+") as pub_file:
- print("{}".format(pb_key_string.decode()), file=pub_file)
-
-
def main():
gen_manifest_json()
- if not os.path.exists("public.key") or not os.path.exists("private.key"):
- print("start generating key pairs...")
- gen_key_pairs()
username = input('Enter your username: ')
password = input('Enter your password: ')
url = input('Enter your rest api url: ')
diff --git a/manifest/private.key b/manifest/private.key
deleted file mode 100644
index 32d26d4..0000000
--- a/manifest/private.key
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDC2aXWaqi3rnlmHm97aEPtgvfW6brUztfev88GxdizNLCItEfy
-qrNEovewoXXNOVlEfzgWpGyMbcdno5S0Q4H+nc9WPIzKIrx3AeSyzGAuammcZ/m9
-5fPlS9oVCcH9kakgpkvut6VCx2DMNz+UeHJ7E0qyIIbZH2o3t0ZXuJ+fEQIDAQAB
-AoGAI3ucEhhZQh3ROLH5Ljl2CUYM2QO2RLOoJwW57ytPQ48oSLS/12aTf7/HqFA2
-0hkL8wfR0Hm/1LDXG73zwgH7JW9ByYGNFbnjEIAcY6DZc0zFuV++yUqNiYVggkVa
-ae0e0Z0aoLC1S5494Oa5XEYb9kCCezb6n5GMyqlmlcPr5ksCQQDC9BYYuTilSOVC
-AnwOXaIE88Yr006WXQFYBeEeNB17eDSpNKsc/1z+K+NOZacCRP5rTViIsiNWcodM
-3EWhPljfAkEA/91IXqF8gxutvRN1eAa6YZlFEeZtDSPDtB7bmds4NEqgCMwxKQaG
-VLAmbVsJpevXRiu10ewOz688XWN+GBLWDwJBAJal7YlPX/GBYf9fUiP7wN6YzdNB
-52GUHxy49lvTo9Csc+0pEO1Ie8DBg1YqgSLk08FxNG/1UA9WUy1WrcvLFPsCQQCW
-agDEWMy4yom9cHYLJHFnNNJM7phHNDI1bjqM3TnSS9h+s4Nm6cYIfTFp8i3e06FP
-SBzwFoSyhQLIp9eV0WTzAkEAo8ByUQGurZnv7PeLoEt2P2pBPYYEU6iA1qUNq7oY
-cnVtlsQiDWiecc+aqhX3LQ3VVNdDvg0BSywB0nixDeD0CQ==
------END RSA PRIVATE KEY-----
diff --git a/manifest/public.key b/manifest/public.key
deleted file mode 100644
index f94d13f..0000000
--- a/manifest/public.key
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2aXWaqi3rnlmHm97aEPtgvfW
-6brUztfev88GxdizNLCItEfyqrNEovewoXXNOVlEfzgWpGyMbcdno5S0Q4H+nc9W
-PIzKIrx3AeSyzGAuammcZ/m95fPlS9oVCcH9kakgpkvut6VCx2DMNz+UeHJ7E0qy
-IIbZH2o3t0ZXuJ+fEQIDAQAB
------END PUBLIC KEY-----