The main idea behind "EFC/XFSS - Enhanced File Crypt/Extended File Stealth System" is to have your uploaded files safe in the server in a way that, even if someone can get them, no one can read them without knowing a few details to decrypt the files.
The class uses a random trick to select the encryption method that is used. This will always generate diferent encrypted files.
The file names are also obfuscated, so a sneaker will not know what the original format was.
This class was mainly developed to be used with GPL'ed Care2002 Medical Information System (www.care2x.org). However, its use was postponed because most of the files uploaded were images and most of them do not have any personal identifiable info on them.
This class, in a broader sense, has yet a long way to go. For now it is simply a sub-class of part of the RC4Crypt class. It allows an easy process of encryption and decryption of uploaded files. It requires libmcrypt support and, when possible, an SSL internet connection to be used.
The only files that you need to look at into are index.php, srcefc.php, mkconfig.php and .htaccess (the last one to use in the secured directory for strict security if you can not put it outside Web document tree).
The documentation is inside these PHP scripts.
You also need to search for the definition of __SECURE_PATH__, and modify the path in the above PHP files.
This class can used to generate license style keys to control the distribution and functionality of PHP applications.
It generates license strings that can bind PHP applications to specific domains, specific servers, can only be executed during limited time period, or to restrictions placed on a home server within the license key.
The binding to server process attempts to use the server network card MAC address. This feature was tested on servers are Mac OS X (Darwin), Linux, Windows XP, although it may also work for FreeBSD, NetBSD, Solaris.
PADL also attempts to use information from $_SERVER variable to encode that server name, server IP, server application path and server application url to the license key. Part of the process also binds the IP Address from the $_SERVER variable if found, but it also attempts to parse the server config file (the same used to get the MAC address) for any more IPs.
The server binding can be disabled if required, and it also possible to block the key being generated for the localhost address (127.0.0.1).
The time limiting of the license uses a start period (and a given start offset to allow for time discrepancies) and an expiry date if required.
If required when validating a key it is also possible to dial home to check the license key on your own PADL License Server, examples are given.
The PHP_OS and PHP_VERSION of the php that the key was generated for is also encrypted into the key.
It is also possible to encrypt additional information into the license key to enable you to place restrictive features in your application to allow the creation of trialware or demoware.
This class is still in development however it is stable. A GUI is to follow.
Web based manager to browse the server file system
This class implements a Web based file manager user interface to browse the structure of web servers file system.
On Mozilla and Internet Explorer a context menu opens up on clicking the right mouse button on a listed file or folder. With Opera there is a button which opens the menu. With Konqueror it brought up with a left mouse button click.
The menu allows you to execute the following actions on files: upload, download, create, edit, copy, move or rename and delete. With directories it allows you to execute these actions: create, move or rename and delete.
You can also enter PHP script in a textarea to execute it on the server.
Be careful when using this tool as it is very powerful and should only be accessible to Web site administrators.
This is just a handy little class (with example) that allows a user browse a unix file system when PHP is not in safe mode.
This is just a handy little class (with example) that allows a user browse a unix file system when PHP is not in safe mode. This is a script that I have given to some ISPs to check security of their servers when they tell me that their setup is secure.
When files are readable by the web server, they are displayed to you. This script is not limited to $DOCUMENT_ROOT and below. This will browse the entire file system (again, not in safe mode).