I have a class name aes.php (found when googling). This class use Rijndael-128. here the aes.php
<?php
/*
Version: 1.0
*/
class aes_encryption{
const CIPHER = MCRYPT_RIJNDAEL_128; // Rijndael-128 is AES
const MODE = MCRYPT_MODE_ECB;
public $key = 'abcdefghij123456'; // needs to be 32 bytes for aes
public $iv = '1234efgh'; // needs to be 16 bytes for aes
public function encrypt($plaintext){
$ciphertext = mcrypt_encrypt(self::CIPHER, $this->key, $plaintext, self::MODE, $this->iv);
return base64_encode($ciphertext);
}
public function decrypt($ciphertext){
$ciphertext = base64_decode($ciphertext);
$plaintext = mcrypt_decrypt(self::CIPHER, $this->key, $ciphertext, self::MODE, $this->iv);
return rtrim($plaintext, "\0");
}
public function encrypt_file($input_file, $output_file){
$input_file_handle = @fopen($input_file, "r");
$output_file_handle = @fopen($output_file, 'wb');
if(!$input_file_handle){ throw new Exception("Could not open input file"); }
if(!$output_file_handle){ throw new Exception("Could not open output file"); }
while(!feof($input_file_handle)){
$buffer = base64_encode(fread($input_file_handle, 4096));
$encrypted_string = $this->encrypt($buffer);
//echo strlen($encrypted_string).'<br>';
fwrite($output_file_handle, $encrypted_string);
}
fclose($input_file_handle);
fclose($output_file_handle);
return true;
}
public function decrypt_file($input_file, $output_file){
$input_file_handle = @fopen($input_file, "r");
$output_file_handle = @fopen($output_file, 'wb');
if(!$input_file_handle){ throw new Exception("Could not open input file"); }
if(!$output_file_handle){ throw new Exception("Could not open output file"); }
while(!feof($input_file_handle)){
//4096 bytes plaintext become 7296 bytes of encrypted base64 text
$buffer = fread($input_file_handle, 7296);
$decrypted_string = base64_decode($this->decrypt($buffer));
//echo strlen($buffer).'<br>';
fwrite($output_file_handle, $decrypted_string);
}
fclose($input_file_handle);
fclose($output_file_handle);
return true;
}
}//class aes_encryption
?>
and a class name upload.php, this class is to upload a file and auto encrypt file when upload.
<?php
include_once 'dbconfig.php';
include 'aes.php';
session_start();
if($_SESSION['user'] and ($_SESSION['nik'])){
}
else{
header("location:index.php");
}
if(isset($_POST['btn-upload']))
$file =rand(1000,100000)."-".$_FILES['file']['name'];
$file_loc =$_FILES['file']['tmp_name'];
$file_size =$_FILES['file']['size'];
$dekripsi =$_POST['dekripsi'];
$file_type =$_FILES['file']['type'];
$file_nik = $_SESSION ['nik'];
$file_namalengkap = $_SESSION ['user'];
$folder="uploads/";
$new_size = $file_size/1024;
$new_file_name = strtolower($file);
$final_file=str_replace(' ','-',$new_file_name);
if (move_uploaded_file($file_loc,$folder.$final_file)){
$sql="INSERT INTO tbl_uploads(file,namalengkap,nik,dekripsi,type,size) VALUES('$final_file','".$_SESSION ['user']."','".$_SESSION ['nik']."','$dekripsi','$file_type','$new_size')";
mysql_query($sql);
echo mysql_error();
$crypt = new aes_encryption();
$final_file = $file_loc;
$crypt->encrypt_file($final_file, $final_file.'.enc');
?>
<script>
alert('successfully uploaded');
window.location.href='home.php?success';
</script>
<?php
}
else
{
?>
<script>
alert('gagal upload');
window.location.href='home.php?fail';
</script>
<?php
}
?>
and I am trying to run, but it show me error,
Fatal error: Uncaught exception 'Exception' with message 'Could not open input file' in C:\xampp\htdocs\aes\aes.php:29 Stack trace: #0 C:\xampp\htdocs\aes\uploadaes.php(40): aes_encryption->encrypt_file('C:\xampp\tmp\ph...', 'C:\xampp\tmp\ph...') #1 {main} thrown in C:\xampp\htdocs\aes\aes.php on line 29
I think the problem is $final_file = $file_loc ; cant get the value, and I dont know why it cant get the value of $file_loc but if you have opinion where is the problem, could you tell me?
You have already moved the file from $file_loc to $folder.$final_file, so this seems to be the root of your issue. You should be keeping $final_file as it is, and use:
$crypt->encryt_file($folder.$final_file, $folder.$final_file.'.enc');
You also need to do some kind of checking on the input to your MySQL query statement. Also note that mysql_query is deprecated, and I recommend that you opt to use a more up-to-date library such as pdo or mysqli.