Encrytping Smarty Templates


The Encoder provides encrypting and decrypting functionality for non-PHP files. While this is not as secure as encoding, it allows you to provide some protection to files which cannot be encoded. Smarty templates are one such example of non-PHP files that you may want to protect, which is why in this tutorial, we will be looking at how to patch Smarty to be able to read encrypted templates.

Encrypting the Templates

As the Encoder is only able to encode PHP files, we cannot encode Smarty template files or any other files. We can however encrypt non-PHP files and decrypt them at run-time. To do this, we want to configure our template files to be encrypted whenever the Encoder runs.
To do this, go to the “Project” > “Project Settings” > “Source” tab. The easiest method for setting up all template files to be encrypted is to add the file extension for the template files to the “Non-PHP encryption extensions” list. Simply type “.tpl” into the box, then press the plus button to add it to the list.

smarty

As can be seen by the file tree to the left, all of the .tpl files have been given an icon with a green key. This indicates that they have been marked for encryption. Once this has been done, simply run the Encoder and it will encrypt the files.

 

Smarty itself is unable to run without applying a patch to allow the reading of encrypted files, so we must first patch it before are able to run them.

 

Patching Smarty 2

For Smarty version 2, you will need to edit the Smarty.class.php file. In this file, you will want to remove the function _read_file and replace it with the following function:

function _read_file($filename){    $res = false;    if (file_exists($filename))    {        if (function_exists('ioncube_read_file'))        {            $res = ioncube_read_file($filename);            if (is_int($res)) $res = false;        }        else if ( ($fd = @fopen($filename, 'rb')) )        {            $res = ($size = filesize($filename)) ? fread($fd, $size) : '';            fclose($fd);        }    }    return $res;}
 

Patching Smarty 3

For Smarty version 3, you will need to edit the smarty_internal_resource_file.php file. In this file, you will want to remove the function getContent and replace it with the following function:

public function getContent(Smarty_Template_Source $source){    if ($source->timestamp)    {        if (function_exists('ioncube_read_file'))        {            $res = ioncube_read_file($source->filepath);            if (is_int($res)) $res = false;            return $res;        }        else        {            return file_get_contents($source->filepath);        }    }    if ($source instanceof Smarty_Config_Source)    {        throw new SmartyException("Unable to read config {$source->type} '{$source->name}'");    }    throw new SmartyException("Unable to read template {$source->type} '{$source->name}'");}
 

After Patching Smarty

As ioncube_read_file can only be called from an encoded file, the patched file must be encoded. As the source code for Smarty is publicly available, there is no point in making the file as secure as possible, the bare minimum settings will be fine.

 

Once the file has been encoded, replace the original unencoded file with the patched encoded file. You are now able to read both encoded and unencoded Smarty templates.


Có thể bạn quan tâm
21/09/2015
1027