From e8e5630907b4831c8c7b4ead5043e284b6587992 Mon Sep 17 00:00:00 2001 From: spirit Date: Thu, 5 Dec 2019 23:07:28 +0800 Subject: [PATCH] change encrypt method --- functions.php | 21 +++++------------- inc/api.php | 52 +++++++++++++++----------------------------- manifest/README.md | 2 +- manifest/manifest.py | 28 ++---------------------- manifest/private.key | 15 ------------- manifest/public.key | 6 ----- 6 files changed, 26 insertions(+), 98 deletions(-) delete mode 100644 manifest/private.key delete mode 100644 manifest/public.key diff --git a/functions.php b/functions.php index f832fe6..879009c 100644 --- a/functions.php +++ b/functions.php @@ -1616,7 +1616,7 @@ function output_comments_qq_columns( $column_name, $comment_id ){ */ add_filter( 'get_avatar', 'change_avatar', 10, 3 ); function change_avatar($avatar){ - global $comment,$sakura_pubkey; + global $comment,$sakura_privkey; if ($comment) { if( get_comment_meta( $comment->comment_ID, 'new_field_qq', true )){ $qq_number = get_comment_meta( $comment->comment_ID, 'new_field_qq', true ); @@ -1627,9 +1627,9 @@ function change_avatar($avatar){ preg_match('/:\"([^\"]*)\"/i',$qqavatar,$matches); return '😀'; }else{ - openssl_public_encrypt($qq_number, $encrypted, openssl_pkey_get_public($sakura_pubkey)); - $qq_number = urlencode(base64_encode($encrypted)); - return '😀'; + $encrypted = openssl_encrypt($qq_number, 'aes-128-cbc', $sakura_privkey, 0); + $encrypted = urlencode(base64_encode($encrypted)); + return '😀'; } }else{ return $avatar ; @@ -1729,7 +1729,7 @@ add_action('pre_comment_on_post', 'allow_more_tag_in_comment'); * 随机图 */ function create_sakura_table(){ - global $wpdb; + global $wpdb,$sakura_image_array,$sakura_privkey; $sakura_table_name = $wpdb->base_prefix.'sakura'; require_once(ABSPATH . "wp-admin/includes/upgrade.php"); dbDelta("CREATE TABLE IF NOT EXISTS `" . $sakura_table_name . "` ( @@ -1755,22 +1755,13 @@ function create_sakura_table(){ if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'privkey'") ){ $privkey = array( "mate_key" => "privkey", - "mate_value" => file_get_contents(get_template_directory()."/manifest/private.key") + "mate_value" => wp_generate_password(8) ); $wpdb->insert($sakura_table_name,$privkey); } - if ( !$wpdb->get_var("SELECT COUNT(*) FROM $sakura_table_name WHERE mate_key = 'pubkey'") ){ - $pubkey = array( - "mate_key" => "pubkey", - "mate_value" => file_get_contents(get_template_directory()."/manifest/public.key") - ); - $wpdb->insert($sakura_table_name,$pubkey); - } //reduce sql query - global $sakura_image_array,$sakura_privkey,$sakura_pubkey; $sakura_image_array = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='manifest_json'"); $sakura_privkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='privkey'"); - $sakura_pubkey = $wpdb->get_var("SELECT `mate_value` FROM `wp_sakura` WHERE `mate_key`='pubkey'"); } add_action( 'after_setup_theme', 'create_sakura_table' ); diff --git a/inc/api.php b/inc/api.php index ef77961..b651fc5 100644 --- a/inc/api.php +++ b/inc/api.php @@ -407,25 +407,6 @@ function update_database() { $wpdb->insert($sakura_table_name,$time); $message = "manifest.json has been stored into database."; } - if(isset($_FILES["rsa"])){ - if($_FILES["rsa"]["name"]=="public.key"){ - $pubkey = array( - "mate_key" => "pubkey", - "mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"]) - ); - $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='pubkey'"); - $wpdb->insert($sakura_table_name,$pubkey); - } - if($_FILES["rsa"]["name"]=="private.key"){ - $privkey = array( - "mate_key" => "privkey", - "mate_value" => file_get_contents($_FILES["rsa"]["tmp_name"]) - ); - $wpdb->query("DELETE FROM `wp_sakura` WHERE `mate_key` ='privkey'"); - $wpdb->insert($sakura_table_name,$privkey); - } - $message = "key pairs has been stored into database."; - } $output = array( 'status' => 200, 'success' => true, @@ -453,20 +434,21 @@ function update_database() { */ function get_qq_avatar(){ global $sakura_privkey; - $qq_number=$_GET["qq"]; - $encrypted = urldecode(base64_decode($qq_number)); - openssl_private_decrypt($encrypted, $qq_number, openssl_pkey_get_private($sakura_privkey)); - preg_match('/^\d{3,}$/', $qq_number, $matches); - $imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100'; - if(akina_option('qq_avatar_link')=='off'){ - $imgdata = file_get_contents($imgurl); - header("Content-type: image/jpeg"); - echo $imgdata; - }else{ - $response = new WP_REST_Response(); - $response->set_status(302); - $response->header('Location', $imgurl); - return $response; - } - + $encrypted=$_GET["qq"]; + if(isset($encrypted)){ + $encrypted = urldecode(base64_decode($encrypted)); + $qq_number = openssl_decrypt($encrypted, 'aes-128-cbc', $sakura_privkey, 0); + preg_match('/^\d{3,}$/', $qq_number, $matches); + $imgurl='https://q2.qlogo.cn/headimg_dl?dst_uin='.$matches[0].'&spec=100'; + if(akina_option('qq_avatar_link')=='type_1'){ + $imgdata = file_get_contents($imgurl); + header("Content-type: image/jpeg"); + echo $imgdata; + }else{ + $response = new WP_REST_Response(); + $response->set_status(302); + $response->header('Location', $imgurl); + return $response; + } + } } diff --git a/manifest/README.md b/manifest/README.md index 2209345..10c0fab 100644 --- a/manifest/README.md +++ b/manifest/README.md @@ -24,7 +24,7 @@ pip3 install Pillow pip install Pillow --user ``` -用同样的方法安装`requests`、`pycryptodome` +用同样的方法安装`requests` ### 运行 把图片文件放到 `gallary` 目录,Windows 可直接双击 manifest.py,或者和其他操作系统一样,在 Terminal、Powershell、CMD 中运行: diff --git a/manifest/manifest.py b/manifest/manifest.py index 941b3fd..9828390 100644 --- a/manifest/manifest.py +++ b/manifest/manifest.py @@ -10,7 +10,6 @@ import json import requests import base64 import hashlib -from Crypto.PublicKey import RSA from PIL import Image class Single(object): @@ -52,7 +51,7 @@ class Single(object): return self.mani -class Upload2Wordpress: +class Upload2Wordpress(object): def __init__(self, username, password, url): self.username = username self.password = password @@ -69,20 +68,10 @@ class Upload2Wordpress: reply = requests.post(self.url, headers=headers, files=files) print(json.loads(reply.content)['message']) - def upload_manifest(self): + def main(self): print('start uploading `manifest.json`...') self.upload('manifest.json', 'manifest') - def upload_key(self): - print('start uploading `private.key`...') - self.upload('private.key', 'rsa') - print('start uploading `public.key`...') - self.upload('public.key', 'rsa') - - def main(self): - self.upload_manifest() - self.upload_key() - def gen_manifest_json(): onlyfiles = [f for f in os.listdir('gallary') if os.path.isfile(os.path.join('gallary', f))] @@ -97,21 +86,8 @@ def gen_manifest_json(): json.dump(Manifest, json_file) -def gen_key_pairs(): - key = RSA.generate(1024) - pv_key_string = key.exportKey() - with open("private.key", "w+") as prv_file: - print("{}".format(pv_key_string.decode()), file=prv_file) - pb_key_string = key.publickey().exportKey() - with open("public.key", "w+") as pub_file: - print("{}".format(pb_key_string.decode()), file=pub_file) - - def main(): gen_manifest_json() - if not os.path.exists("public.key") or not os.path.exists("private.key"): - print("start generating key pairs...") - gen_key_pairs() username = input('Enter your username: ') password = input('Enter your password: ') url = input('Enter your rest api url: ') diff --git a/manifest/private.key b/manifest/private.key deleted file mode 100644 index 32d26d4..0000000 --- a/manifest/private.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDC2aXWaqi3rnlmHm97aEPtgvfW6brUztfev88GxdizNLCItEfy -qrNEovewoXXNOVlEfzgWpGyMbcdno5S0Q4H+nc9WPIzKIrx3AeSyzGAuammcZ/m9 -5fPlS9oVCcH9kakgpkvut6VCx2DMNz+UeHJ7E0qyIIbZH2o3t0ZXuJ+fEQIDAQAB -AoGAI3ucEhhZQh3ROLH5Ljl2CUYM2QO2RLOoJwW57ytPQ48oSLS/12aTf7/HqFA2 -0hkL8wfR0Hm/1LDXG73zwgH7JW9ByYGNFbnjEIAcY6DZc0zFuV++yUqNiYVggkVa -ae0e0Z0aoLC1S5494Oa5XEYb9kCCezb6n5GMyqlmlcPr5ksCQQDC9BYYuTilSOVC -AnwOXaIE88Yr006WXQFYBeEeNB17eDSpNKsc/1z+K+NOZacCRP5rTViIsiNWcodM -3EWhPljfAkEA/91IXqF8gxutvRN1eAa6YZlFEeZtDSPDtB7bmds4NEqgCMwxKQaG -VLAmbVsJpevXRiu10ewOz688XWN+GBLWDwJBAJal7YlPX/GBYf9fUiP7wN6YzdNB -52GUHxy49lvTo9Csc+0pEO1Ie8DBg1YqgSLk08FxNG/1UA9WUy1WrcvLFPsCQQCW -agDEWMy4yom9cHYLJHFnNNJM7phHNDI1bjqM3TnSS9h+s4Nm6cYIfTFp8i3e06FP -SBzwFoSyhQLIp9eV0WTzAkEAo8ByUQGurZnv7PeLoEt2P2pBPYYEU6iA1qUNq7oY -cnVtlsQiDWiecc+aqhX3LQ3VVNdDvg0BSywB0nixDeD0CQ== ------END RSA PRIVATE KEY----- diff --git a/manifest/public.key b/manifest/public.key deleted file mode 100644 index f94d13f..0000000 --- a/manifest/public.key +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC2aXWaqi3rnlmHm97aEPtgvfW -6brUztfev88GxdizNLCItEfyqrNEovewoXXNOVlEfzgWpGyMbcdno5S0Q4H+nc9W -PIzKIrx3AeSyzGAuammcZ/m95fPlS9oVCcH9kakgpkvut6VCx2DMNz+UeHJ7E0qy -IIbZH2o3t0ZXuJ+fEQIDAQAB ------END PUBLIC KEY-----