[44] | 1 | <?php
|
---|
| 2 | /*************************************************************************
|
---|
| 3 | * http://www.fpdf.org/fr/script/script37.php
|
---|
| 4 | *
|
---|
| 5 | * @author Klemen Vodopivec
|
---|
| 6 | *
|
---|
| 7 | * Ce script permet de protéger le PDF, c'est-à-dire empêcher l'utilisateur de copier son contenu, de l'imprimer ou de le modifier.
|
---|
| 8 | *
|
---|
| 9 | * SetProtection([array permissions [, string user_pass [, string owner_pass]]])
|
---|
| 10 | *
|
---|
| 11 | * permissions : l'ensemble des permissions. Vide par défaut (seule la lecture est autorisée).
|
---|
| 12 | * user_pass : mot de passe utilisateur. Vide par défaut.
|
---|
| 13 | * owner_pass : mot de passe propriétaire. Par défaut, une valeur aléatoire est choisie.
|
---|
| 14 | *
|
---|
| 15 | * Le tableau des permissions est composé de valeurs prises parmi les suivantes :
|
---|
| 16 | * * copy : copie du texte et des images dans le presse-papier
|
---|
| 17 | * * print : impression du document
|
---|
| 18 | * * modify : modification (autre ques les annotations et les formulaires)
|
---|
| 19 | * * annot-forms : ajout d'annotations ou de formulaires
|
---|
| 20 | *
|
---|
| 21 | * Remarque : la protection contre la modification concerne les personnes possédant la version complète d'Acrobat.
|
---|
| 22 | *
|
---|
| 23 | * Si vous ne spécifiez pas de mot de passe, le document s'ouvrira normalement. Si vous indiquez un mot de passe utilisateur,
|
---|
| 24 | * le lecteur de PDF le demandera avant d'afficher le document. Le mot de passe propriétaire, s'il est différent de celui utilisateur,
|
---|
| 25 | * permet d'obtenir l'accès complet.
|
---|
| 26 | *
|
---|
| 27 | * Note : protéger un document nécessite de le crypter, ce qui augmente le temps de traitement de manière importante.
|
---|
| 28 | * Cela peut dans certains cas entraîner un time-out au niveau de PHP, en particulier si le document contient des
|
---|
| 29 | * images ou des polices.
|
---|
| 30 | ************************************************************************/
|
---|
| 31 |
|
---|
| 32 | if (!defined('__CLASS_FPDF_PROTECTION__'))
|
---|
| 33 | {
|
---|
| 34 | define('__CLASS_FPDF_PROTECTION__', true);
|
---|
| 35 |
|
---|
| 36 | require_once(dirname(__FILE__).'/02_fpdf_formulaire.class.php');
|
---|
| 37 |
|
---|
| 38 | class FPDF_Protection extends FPDF_Formulaire
|
---|
| 39 | {
|
---|
| 40 | var $encrypted; //whether document is protected
|
---|
| 41 | var $Uvalue; //U entry in pdf document
|
---|
| 42 | var $Ovalue; //O entry in pdf document
|
---|
| 43 | var $Pvalue; //P entry in pdf document
|
---|
| 44 | var $enc_obj_id; //encryption object id
|
---|
| 45 | var $last_rc4_key; //last RC4 key encrypted (cached for optimisation)
|
---|
| 46 | var $last_rc4_key_c; //last RC4 computed key
|
---|
| 47 |
|
---|
| 48 | function FPDF_Protection($orientation='P',$unit='mm',$format='A4')
|
---|
| 49 | {
|
---|
| 50 | $this->FPDF_Formulaire($orientation,$unit,$format);
|
---|
| 51 |
|
---|
| 52 | $this->encrypted=false;
|
---|
| 53 | $this->last_rc4_key='';
|
---|
| 54 | $this->padding="\x28\xBF\x4E\x5E\x4E\x75\x8A\x41\x64\x00\x4E\x56\xFF\xFA\x01\x08".
|
---|
| 55 | "\x2E\x2E\x00\xB6\xD0\x68\x3E\x80\x2F\x0C\xA9\xFE\x64\x53\x69\x7A";
|
---|
| 56 | }
|
---|
| 57 |
|
---|
| 58 | /**
|
---|
| 59 | * Function to set permissions as well as user and owner passwords
|
---|
| 60 | *
|
---|
| 61 | * - permissions is an array with values taken from the following list:
|
---|
| 62 | * copy, print, modify, annot-forms
|
---|
| 63 | * If a value is present it means that the permission is granted
|
---|
| 64 | * - If a user password is set, user will be prompted before document is opened
|
---|
| 65 | * - If an owner password is set, document can be opened in privilege mode with no
|
---|
| 66 | * restriction if that password is entered
|
---|
| 67 | */
|
---|
| 68 | function SetProtection($permissions=array(),$user_pass='',$owner_pass=null)
|
---|
| 69 | {
|
---|
| 70 | $options = array('print' => 4, 'modify' => 8, 'copy' => 16, 'annot-forms' => 32 );
|
---|
| 71 | $protection = 192;
|
---|
| 72 | foreach($permissions as $permission){
|
---|
| 73 | if (!isset($options[$permission]))
|
---|
| 74 | $this->Error('Incorrect permission: '.$permission);
|
---|
| 75 | $protection += $options[$permission];
|
---|
| 76 | }
|
---|
| 77 | if ($owner_pass === null)
|
---|
| 78 | $owner_pass = uniqid(rand());
|
---|
| 79 | $this->encrypted = true;
|
---|
| 80 | $this->_generateencryptionkey($user_pass, $owner_pass, $protection);
|
---|
| 81 | }
|
---|
| 82 |
|
---|
| 83 | /****************************************************************************
|
---|
| 84 | * *
|
---|
| 85 | * Private methods *
|
---|
| 86 | * *
|
---|
| 87 | ****************************************************************************/
|
---|
| 88 |
|
---|
| 89 | function _putstream($s)
|
---|
| 90 | {
|
---|
| 91 | if ($this->encrypted) {
|
---|
| 92 | $s = $this->_RC4($this->_objectkey($this->n), $s);
|
---|
| 93 | }
|
---|
| 94 | parent::_putstream($s);
|
---|
| 95 | }
|
---|
| 96 |
|
---|
| 97 | function _textstring($s)
|
---|
| 98 | {
|
---|
| 99 | if ($this->encrypted) {
|
---|
| 100 | $s = $this->_RC4($this->_objectkey($this->n), $s);
|
---|
| 101 | }
|
---|
| 102 | return parent::_textstring($s);
|
---|
| 103 | }
|
---|
| 104 |
|
---|
| 105 | /**
|
---|
| 106 | * Compute key depending on object number where the encrypted data is stored
|
---|
| 107 | */
|
---|
| 108 | function _objectkey($n)
|
---|
| 109 | {
|
---|
| 110 | return substr($this->_md5_16($this->encryption_key.pack('VXxx',$n)),0,10);
|
---|
| 111 | }
|
---|
| 112 |
|
---|
| 113 | function _putresources()
|
---|
| 114 | {
|
---|
| 115 | parent::_putresources();
|
---|
| 116 | if ($this->encrypted) {
|
---|
| 117 | $this->_newobj();
|
---|
| 118 | $this->enc_obj_id = $this->n;
|
---|
| 119 | $this->_out('<<');
|
---|
| 120 | $this->_putencryption();
|
---|
| 121 | $this->_out('>>');
|
---|
| 122 | $this->_out('endobj');
|
---|
| 123 | }
|
---|
| 124 | }
|
---|
| 125 |
|
---|
| 126 | function _putencryption()
|
---|
| 127 | {
|
---|
| 128 | $this->_out('/Filter /Standard');
|
---|
| 129 | $this->_out('/V 1');
|
---|
| 130 | $this->_out('/R 2');
|
---|
| 131 | $this->_out('/O ('.$this->_escape($this->Ovalue).')');
|
---|
| 132 | $this->_out('/U ('.$this->_escape($this->Uvalue).')');
|
---|
| 133 | $this->_out('/P '.$this->Pvalue);
|
---|
| 134 | }
|
---|
| 135 |
|
---|
| 136 | function _puttrailer()
|
---|
| 137 | {
|
---|
| 138 | parent::_puttrailer();
|
---|
| 139 | if ($this->encrypted) {
|
---|
| 140 | $this->_out('/Encrypt '.$this->enc_obj_id.' 0 R');
|
---|
| 141 | $this->_out('/ID [()()]');
|
---|
| 142 | }
|
---|
| 143 | }
|
---|
| 144 |
|
---|
| 145 | /**
|
---|
| 146 | * RC4 is the standard encryption algorithm used in PDF format
|
---|
| 147 | */
|
---|
| 148 | function _RC4($key, $text)
|
---|
| 149 | {
|
---|
| 150 | if ($this->last_rc4_key != $key) {
|
---|
| 151 | $k = str_repeat($key, 256/strlen($key)+1);
|
---|
| 152 | $rc4 = range(0,255);
|
---|
| 153 | $j = 0;
|
---|
| 154 | for ($i=0; $i<256; $i++){
|
---|
| 155 | $t = $rc4[$i];
|
---|
| 156 | $j = ($j + $t + ord($k{$i})) % 256;
|
---|
| 157 | $rc4[$i] = $rc4[$j];
|
---|
| 158 | $rc4[$j] = $t;
|
---|
| 159 | }
|
---|
| 160 | $this->last_rc4_key = $key;
|
---|
| 161 | $this->last_rc4_key_c = $rc4;
|
---|
| 162 | } else {
|
---|
| 163 | $rc4 = $this->last_rc4_key_c;
|
---|
| 164 | }
|
---|
| 165 |
|
---|
| 166 | $len = strlen($text);
|
---|
| 167 | $a = 0;
|
---|
| 168 | $b = 0;
|
---|
| 169 | $out = '';
|
---|
| 170 | for ($i=0; $i<$len; $i++){
|
---|
| 171 | $a = ($a+1)%256;
|
---|
| 172 | $t= $rc4[$a];
|
---|
| 173 | $b = ($b+$t)%256;
|
---|
| 174 | $rc4[$a] = $rc4[$b];
|
---|
| 175 | $rc4[$b] = $t;
|
---|
| 176 | $k = $rc4[($rc4[$a]+$rc4[$b])%256];
|
---|
| 177 | $out.=chr(ord($text{$i}) ^ $k);
|
---|
| 178 | }
|
---|
| 179 |
|
---|
| 180 | return $out;
|
---|
| 181 | }
|
---|
| 182 |
|
---|
| 183 | /**
|
---|
| 184 | * Get MD5 as binary string
|
---|
| 185 | */
|
---|
| 186 | function _md5_16($string)
|
---|
| 187 | {
|
---|
| 188 | return pack('H*',md5($string));
|
---|
| 189 | }
|
---|
| 190 |
|
---|
| 191 | /**
|
---|
| 192 | * Compute O value
|
---|
| 193 | */
|
---|
| 194 | function _Ovalue($user_pass, $owner_pass)
|
---|
| 195 | {
|
---|
| 196 | $tmp = $this->_md5_16($owner_pass);
|
---|
| 197 | $owner_RC4_key = substr($tmp,0,5);
|
---|
| 198 | return $this->_RC4($owner_RC4_key, $user_pass);
|
---|
| 199 | }
|
---|
| 200 |
|
---|
| 201 | /**
|
---|
| 202 | * Compute U value
|
---|
| 203 | */
|
---|
| 204 | function _Uvalue()
|
---|
| 205 | {
|
---|
| 206 | return $this->_RC4($this->encryption_key, $this->padding);
|
---|
| 207 | }
|
---|
| 208 |
|
---|
| 209 | /**
|
---|
| 210 | * Compute encryption key
|
---|
| 211 | */
|
---|
| 212 | function _generateencryptionkey($user_pass, $owner_pass, $protection)
|
---|
| 213 | {
|
---|
| 214 | // Pad passwords
|
---|
| 215 | $user_pass = substr($user_pass.$this->padding,0,32);
|
---|
| 216 | $owner_pass = substr($owner_pass.$this->padding,0,32);
|
---|
| 217 | // Compute O value
|
---|
| 218 | $this->Ovalue = $this->_Ovalue($user_pass,$owner_pass);
|
---|
| 219 | // Compute encyption key
|
---|
| 220 | $tmp = $this->_md5_16($user_pass.$this->Ovalue.chr($protection)."\xFF\xFF\xFF");
|
---|
| 221 | $this->encryption_key = substr($tmp,0,5);
|
---|
| 222 | // Compute U value
|
---|
| 223 | $this->Uvalue = $this->_Uvalue();
|
---|
| 224 | // Compute P value
|
---|
| 225 | $this->Pvalue = -(($protection^255)+1);
|
---|
| 226 | }
|
---|
| 227 | }
|
---|
| 228 | }
|
---|
| 229 | ?> |
---|