Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:37676
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: error (pb1.pair.com: domain chiaraquartet.net from 38.99.98.18 cause and error)
Message-ID: <482D9F49.5040704@chiaraquartet.net>
Date: Fri, 16 May 2008 09:50:49 -0500
User-Agent: Thunderbird 2.0.0.14 (X11/20080502)
MIME-Version: 1.0
To: Andreas K Santoso <aks_flint_4t@yahoo.com>
CC: internals@lists.php.net
References: <488669.34393.qm@web46402.mail.sp1.yahoo.com>
In-Reply-To: <488669.34393.qm@web46402.mail.sp1.yahoo.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: Please help about zend engine
From: greg@chiaraquartet.net (Gregory Beaver)

Andreas K Santoso wrote:
> Hello sir/ma'am
> 
> My name is andre from Indonesia. I am a student of a university, and
> i'm doing my thesis. I subscribe to this list to look for some help. 
> Oh by the way, my thesis is about PHP file encryption. So i need to
> decrypt the file when it's accessed and before any further
> processing. I'm surely not as smart and experienced as all of you, so
> please be patient
> 
> Mr. Malyshev told me that i have 2 options 1. Override the
> zend_compile function (he said that this one seems to be the easiest
> way) 2. Use the PHP stream system (http://php.net/streams) to create
> filters that decrypt data on-the-fly.
> 
> So i decided to try the second option. But still i can't understand
> it well. The example  i've read (http://php.net/streams) is not clear
> enough for me. I mean, how to make the filter itself, and how to use
> it? and can the filter automaticaly applied to every .php files?
> 
> And can anyone tell me where i must insert my codes if i want to
> override the zend_compile? I'm afraid that i don't have much time
> left, so if i can't use option 2, i will use option 1 instead.
> 
> 
> Sorry if my english impolite or confusing. Thank you very much for
> your patience and help.

Hi Andreas,

For stream filters, check out the zlib and bz2 stream filters in
ext/zlib/zlib_filter.c and
ext/bz2/bz2_filter.c

The filter can't be automatically applied without overriding
zend_compile, but I still highly recommend you implement it as a stream
filter.  Why?  You can check for encryption on file inclusion and then
append the  stream filter to the returned stream inside the
zend_file_handle, or disable this in php.ini and decrypt on a per-file
basis manually.

For an example of zend_compile() interception that does something
similar, look at the end of ext/phar/phar.c.  In this case, phar's
zend_compile override checks for filenames containing '.phar' and
attempts to process them as a phar archive, creates a phar stream URL
and passes that to zend_stream_open_function to return a file_handle.
You could simply call zend_stream_open_function, and then read in the
first few bytes of the file handle in the modified zend_file_handle * to
determine if decryption is necessary, and then use code something like
this to append the filter and compile the file:

filter = php_stream_filter_create("my.encrypt", NULL,
php_stream_is_persistent(file_handle->handle.stream.handle) TSRMLS_CC);
php_stream_filter_append(&file_handle->handle.stream.handle->readfilters,
encrypt_filter);
return encrypt_orig_compile_file(file_handle, type TSRMLS_CC);

where encrypt_orig_compile_file is the saved value of zend_compile_file.

Greg