When using a module that requires a key to decrypt the data all renewals that use a credit card will be added to a queue and processed when you enter your password for the module. The password is not stored in the system, we do store a hash of the password to verify that the correct data will be sent to your credit card processor.
A zip file is attached to this thread with the module. download and extract this module into your "encryption-modules" folder.
PHP Code:
<?php
/**
* GPG Encryption module for use with NixBill Automation
* This module will allow you to use GPG encryption for Credit Card data.
*
* For information on how to setup GNUPG on your server see:
* http://www.alt-php-faq.org/local/65/
* http://www.gnupg.org/
*
* @author Donald Sullivan
*/
class gpg {
/**
* Module ID in NixBill system
*
* @var int
*/
private $ModuleId;
/**
* Private decryption key
*
* @var string
*/
private $Key;
/**
* Home directory location
*
* @var string
*/
private $HomeDir;
/**
* gpg binary location
* ie: '/usr/local/bin/gpg'
* or just 'gpg'
* @var string
*/
private $GPGBinary;
/**
* gpg key username
*
* @var string
*/
private $KeyUser;
/**
* gpg key comment
*
* @var string
*/
private $KeyComment;
/**
* gpg key email
*
* @var string
*/
private $KeyEmail;
/**
* Temp file used for the decrypt method
* the system will write the encrypted text to this file then gpg will read it and decrypt
* This file must be writable by the web server.
*
* @var string
*/
private $TmpFile;
public function __construct($moduleid=false) {
/**
* If the module ID is not sent then we dont need to call for the options.
* The only reason to not have the module ID would be when creating new modules
*/
if($moduleid){
$this->ModuleId = $moduleid;
$Options = $this->GetModuleOptions ();
$this->HomeDir = $Options['NIXBILL'][0]['RESULT'][0]['OPTIONS'][0]['OPTION_HOMEDIR'][0]['VALUE'];
$this->GPGBinary = $Options['NIXBILL'][0]['RESULT'][0]['OPTIONS'][0]['OPTION_GPGBINARY'][0]['VALUE'];
$this->KeyUser = $Options['NIXBILL'][0]['RESULT'][0]['OPTIONS'][0]['OPTION_KEYUSER'][0]['VALUE'];
$this->KeyComment = $Options['NIXBILL'][0]['RESULT'][0]['OPTIONS'][0]['OPTION_KEYCOMMENT'][0]['VALUE'];
$this->KeyEmail = $Options['NIXBILL'][0]['RESULT'][0]['OPTIONS'][0]['OPTION_KEYEMAIL'][0]['VALUE'];
$this->TmpFile = $Options['NIXBILL'][0]['RESULT'][0]['OPTIONS'][0]['OPTION_TMPFILE'][0]['VALUE'];
/**
* Verify that the .gnupg directory is available and writable
*/
$dir = $this->HomeDir.'/.gnupg';
if(!is_dir($dir)){
die("$dir is not found on the server.");
}
if(!is_writable($dir)){
die("$dir is not writable.");
}
}
}
public function ModuleOptions() {
/**
* Each of these options will create an option on the admin page for this module.
*/
$options = array (
array ('formtype' => 'text', 'description' => LANG_NAME, 'name' => 'name', 'value' => 'GPG Encryption Module' ),//
array ('formtype' => 'text', 'description' => 'Key Username', 'name' => 'keyuser', 'value' => 'Your Name' ),//
array ('formtype' => 'text', 'description' => 'Key Comment', 'name' => 'keycomment', 'value' => 'Comments' ),//
array ('formtype' => 'text', 'description' => 'Key Email', 'name' => 'keyemail', 'value' => 'Email' ),//
array ('formtype' => 'text', 'description' => 'GPG Binary Location', 'name' => 'gpgbinary', 'value' => 'gpg' ),//
array ('formtype' => 'text', 'description' => 'User Home Dir', 'name' => 'homedir', 'value' => '/home/username' ),//
array ('formtype' => 'text', 'description' => 'Temp file', 'name' => 'tmpfile', 'value' => '/home/username/tmp/temp.gpg' ),//
array ('formtype' => 'textarea', 'description' => 'Private Key Hash', 'name' => 'keyhash', 'value' => 'This value will be hashed. The private key will not be stored in the database.' )//
);
return $options;
}
public function GetModuleOptions() {
/**
* Basic API call to get the module information
*/
$xml = '<nixbill>
<command>GetEncryptionModule</command>
<hash>' . GetApiHash () . '</hash>
<moduleid>' . $this->ModuleId . '</moduleid>
</nixbill>
';
$result = API ( $xml );
return $result;
}
/**
* If a key is required to decrypt using this module the key will be set with this method.
*/
public function SetPrivateKey($key) {
$this->Key = $key;
}
/**
* Retrun "true" if this module requires a key to decrypt the data. if not return "false"
*/
public function KeyRequiredToDecrypt() {
return true;
}
/**
* Main encryption function
* Use this method to create your encryption setup.
*/
public function Encrypt($data) {
$homedir = $this->HomeDir;
$pgp = $this->GPGBinary;
$recp = $this->KeyUser;
$keycomment = $this->KeyComment;
if($keycomment){
$recp.=$recp." ($keycomment)";
}
$keyemail = $this->GetKeyEmail;
if($keyemail){
$recp.=$recp." <$keyemail>";
}
$cmd = "echo $data|$pgp -a --always-trust --batch --no-secmem-warning -e -r '$recp'";
$oldhome = getEnv ( "HOME" );
putenv ( "HOME=/$homedir" );
$encrypted = array ();
exec ( $cmd, $encrypted);
putenv ( "HOME=/$oldhome" );
$message = implode ( "\n", $encrypted );
return $message;
}
/**
* Main decryption function
* Use this method to create your decryption setup.
*/
public function Decrypt($data) {
$homedir = $this->HomeDir;
$pgp = $this->GPGBinary;
$oldhome = getEnv ( "HOME" );
putenv ( "HOME=/$homedir" );
$tmpfile = $this->TmpFile;
$fp = fopen($tmpfile,'w');
fputs($fp,$data);
fclose($fp);
$cmd = "$pgp <$tmpfile -q --batch --always-trust --no-secmem-warning";
if($this->KeyRequiredToDecrypt()){
$cmd.=" --passphrase $this->Key";
}
$decrypted = exec ( $cmd );
putenv ( "HOME=/$oldhome" );
unlink ( $tmpfile );
return $decrypted;
}
}
?>
06-16-2009, 09:12 PM
GPG Encryption module for use with NixBill Automation
Linear Mode
