├── LICENSE.txt ├── README.md ├── dist ├── php56 │ ├── README.md │ └── php_pdo_sqlcipher.dll ├── php70 │ ├── README.md │ └── php_pdo_sqlcipher.dll └── php71 │ ├── README.md │ └── php_pdo_sqlcipher.dll └── examples ├── BUILD.md ├── USAGE.md └── docker ├── Dockerfile └── include ├── apache_default ├── config.w32 └── run /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2008, ZETETIC LLC 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | * Redistributions of source code must retain the above copyright 7 | notice, this list of conditions and the following disclaimer. 8 | * Redistributions in binary form must reproduce the above copyright 9 | notice, this list of conditions and the following disclaimer in the 10 | documentation and/or other materials provided with the distribution. 11 | * Neither the name of the ZETETIC LLC nor the 12 | names of its contributors may be used to endorse or promote products 13 | derived from this software without specific prior written permission. 14 | 15 | THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY 16 | EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 | DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY 19 | DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 21 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 22 | ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 24 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ### SQLCipher PDO (PHP Data Objects) Extension for Windows PHP (DLL) 2 | 3 | *Disclaimer*: The built DLL's may be old and have vulnerabilities. Use at your own risk. 4 | 5 | This repo provides built versions of a PHP PDO interface for [sqlcipher](https://github.com/sqlcipher/sqlcipher) as a Windows PHP extension (DLL). 6 | 7 | Currently there are compiled versions for: 8 | - [PHP 7.1](dist/php71) (built from PHP 7.1.22) 9 | - [PHP 7.0](dist/php70) (built from PHP 7.0.32) 10 | - [PHP 5.6](dist/php56) (built from PHP 5.6.38) 11 | 12 | For Building the extension yourself, see the [build instructions](examples/BUILD.md). 13 | 14 | This project has not fully utilized all of the tools built into sqlite or sqlcipher, and as such, all APIs have not been tested to work (or not work). 15 | 16 | Credit to [sqlcipher/sqlcipher](https://github.com/sqlcipher/sqlcipher) project for their great work. 17 | 18 | Credit to [abbat/pdo_sqlcipher](https://github.com/abbat/pdo_sqlcipher/blob/master/README.en.md) for supplying a nice alternative to directly modifying the pdo_sqlite extension. 19 | 20 | Credit to [CovenantEyes](https://github.com/CovenantEyes/sqlcipher-windows) for some of the Windows-specific flags/modifications of the sqlcipher codebase in order to build on windows. 21 | 22 | License from Sqlcipher as it is their software. 23 | TODO add applicable license info for PHP 24 | -------------------------------------------------------------------------------- /dist/php56/README.md: -------------------------------------------------------------------------------- 1 | #### php_pdo_sqlcipher.dll 2 | 3 | Built from: 4 | 5 | - PHP 5.6.38 source 6 | - SQLCipher v3.4.2 (c6f709fca81c910ba133aaf6330c28e01ccfe5f8) 7 | - OpenSSL v.1.0.2p source 8 | -------------------------------------------------------------------------------- /dist/php56/php_pdo_sqlcipher.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kynetiv/php_pdo_sqlcipher/349abaf01805ba35a29c18a7a0828588b787e841/dist/php56/php_pdo_sqlcipher.dll -------------------------------------------------------------------------------- /dist/php70/README.md: -------------------------------------------------------------------------------- 1 | #### php_pdo_sqlcipher.dll 2 | 3 | Built with: 4 | 5 | - PHP 7.0.32 source 6 | - SQLCipher (tag: 3.4.2, c6f709fca81c910ba133aaf6330c28e01ccfe5f8), with some flag modifcations for windows 7 | - OpenSSL v1.0.2p source 8 | 9 | -------------------------------------------------------------------------------- /dist/php70/php_pdo_sqlcipher.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kynetiv/php_pdo_sqlcipher/349abaf01805ba35a29c18a7a0828588b787e841/dist/php70/php_pdo_sqlcipher.dll -------------------------------------------------------------------------------- /dist/php71/README.md: -------------------------------------------------------------------------------- 1 | #### php_pdo_sqlcipher.dll 2 | 3 | Built with: 4 | 5 | - PHP 7.1.22 source 6 | - SQLCipher (tag: 3.4.2, c6f709fca81c910ba133aaf6330c28e01ccfe5f8), with some flag modifcations for windows 7 | - OpenSSL v1.0.2p source 8 | 9 | -------------------------------------------------------------------------------- /dist/php71/php_pdo_sqlcipher.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kynetiv/php_pdo_sqlcipher/349abaf01805ba35a29c18a7a0828588b787e841/dist/php71/php_pdo_sqlcipher.dll -------------------------------------------------------------------------------- /examples/BUILD.md: -------------------------------------------------------------------------------- 1 | ### Building the php_pdo_sqlcipher.dll extension 2 | 3 | The following steps to build the extension are somewhat problematic and error-prone due to multiple projects and environmental issues. Not to mention I'm not a Windows dev but somehow managed to get this built ;-) I'll try to layout what worked for _me_, although, YMMV. 4 | 5 | 1. A linux box to build the PHP extension from source with updated namespaces (`sqlite` to `sqlcipher`); 6 | 2. A Windows box with the necessary build tools (more on that in a bit) to build OpenSSl from source and PHP from source. 7 | 3. Extra patience 8 | 9 | If you know your way around a Windows box, its possible you don't need to follow my steps building extension steps in Linux below, although it was easier this way for me. 10 | 11 | #### Build the extension on Linux: 12 | 13 | I used the provided Dockerfile to create a linux environment for the build and the targeted PHP version (currently PHP 7.1). you may use something else just as well. You can also update the dockerfile to choose which PHP version to install. 14 | 15 | ```sh 16 | docker build -f docker/Dockerfile -t myuser/php71-sqlcipher . 17 | ``` 18 | 19 | Once built I'll run it and then ssh in. 20 | (TODO: Automate the following into the dockerfile) 21 | 22 | ```sh 23 | docker run --name=sqlcipher -p="8001:80" -d myuser/php71-sqlcipher 24 | docker exec -it sqlcipher bash 25 | ``` 26 | 27 | Now we'll use my fork of [pdo_sqlcipher](https://github.com/abbat/pdo_sqlcipher) project to create the extension files. It will essentially recognize the PHP version running in the environment and pull down necessary source PHP files for building the extension. 28 | 29 | (Still in the above container shell) 30 | ```sh 31 | cd /opt 32 | git clone https://github.com/kynetiv/pdo_sqlcipher 33 | cd pdo_sqlcipher 34 | git checkout windows-build 35 | chmod +x build.sh 36 | ./build.sh 37 | ``` 38 | If the environment and the version of PHP available (may need to add new versions to config.m4), it should build a `release` folder with the applicable files for _Linux_. Although we're mostly interested in the following output files/folders: 39 | 40 | - php source (tar file, eg php-7.1.11.tar.gz) 41 | - 'build' directory - this is our renamed pdo_sqlcipher extension 42 | - config.w32 (needed for building the Windows PHP extension later, also provided in this repo in the docker folder) 43 | 44 | Copy these files and directories from docker somewhere where you can find them in your Windows machine 45 | 46 | ```bash 47 | docker cp sqlcipher:/opt/pdo_sqlcipher/php-7.1.11.tar.gz . 48 | docker cp sqlcipher:/opt/pdo_sqlcipher/build/ . 49 | docker cp sqlcipher:/opt/pdo_sqlcipher/config.w32 . 50 | ``` 51 | 52 | #### Windows Steps 53 | 54 | I've been using a windows 7 VM to do following steps. There is a lot to setup here. 55 | 56 | First grab a [Windows VM](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/) provided by MS. The following instructions were done on the `IE11 on Win7 (x86)` box. I also used the Virtualbox flavor. 57 | 58 | ##### Windows Build tools 59 | Once your VM is setup and booted you'll need the following build tools / dependencies 60 | 61 | You may need to download a newer version of .net framework as well. I used 4.6 as it worked in this Win7 VM 62 | - [Download .Net framework v4.6](https://www.microsoft.com/en-us/download/details.aspx?id=48130) 63 | 64 | Currently for PHP7, according to the [PHP Windows docs](https://wiki.php.net/internals/windows/stepbystepbuild), you'll need the Visual C++ 14.0 (Visual Studio 2015). I beleive a full build of VS2015 will have the build tools but the below link is _just_ the bare necessity of build tools and the Command Prompt 65 | 66 | - [Download Visual C++ Build Tools 2015](http://download.microsoft.com/download/5/F/7/5F7ACAEB-8363-451F-9425-68A90F98B238/visualcppbuildtools_full.exe) - found here https://visualstudio.microsoft.com/vs/older-downloads/, (Redistributables and Build Tools) 67 | 68 | For PHP5.6, you can try looking around microsoft.com, but here is a currently working link to the Visual 2012 Express for Windows Desktop 69 | 70 | - [Download Visual Studio 2012 Express for Windows Desktop](http://download.microsoft.com/download/1/F/5/1F519CC5-0B90-4EA3-8159-33BFB97EF4D9/VS2012_WDX_ENU.iso) 71 | 72 | 73 | If you don't have one, get a zip utility for some of these gzip'd source. I just used 7-zip (free) but other would be fine. 74 | 75 | - [Download 7-Zip](http://www.7-zip.org/) 76 | 77 | Also, a rar and iso tool (VS2012 iso), like WinRar (free). 78 | 79 | - https://www.win-rar.com/ 80 | 81 | Perl, NASM, Bison. 82 | These are needed for building OpenSSL and/or PHP from source 83 | 84 | - [Download Strawberry Perl](http://strawberryperl.com/download/5.26.0.1/strawberry-perl-5.26.0.1-32bit.msi) 85 | - [Download NASM](http://www.nasm.us/pub/nasm/releasebuilds/2.13.02/win32/) 86 | - [Download Bison](https://sourceforge.net/projects/gnuwin32/files/bison/2.4.1/bison-2.4.1-setup.exe/download?use_mirror=versaweb) 87 | 88 | *Note* May need to copy some of these utility folders to the root `C:\ ` directory in addition to Program Files if issues with environment variables occur. (TODO how to setup paths inside Program Files). 89 | 90 | You'll also need a recent version of OpenSSL. I've had luck on the 1.0.2 version and so grab the latest. 91 | OpenSSL Version updates may cause issues building from version to version. If building your own is having issue, or you don't mind using php.net's pre-built version, you can find a build version in here: 92 | 93 | - https://windows.php.net/downloadS/php-sdk/deps/vc11/x86/ 94 | 95 | Filename like: openssl-1.0.2p-vc11-x86.zip 96 | 97 | Otherwise download the source yourself: 98 | 99 | - https://www.openssl.org/source/ 100 | 101 | PHP source, I'll typically copy over the php version downloaded by the pdo_sqlcipher build step above and unpack to the `C:\ ` directory. 102 | 103 | #### Setup build directories 104 | 105 | Because this is essentially a throw-away VM, I put everything i need in the `C:\ ` directory. Should looks something like this: 106 | 107 | - C:\php-src # the unpacked PHP version 108 | - C:\openssl-src # the unpacked OpenSSL version 109 | 110 | 111 | #### Build OpenSSL 112 | 113 | If you do want to build from source follow these steps. Otherwise, download the prebuilt version from windows.php.net (link above). 114 | 115 | I originally followed [this guide](http://developer.covenanteyes.com/building-openssl-for-visual-studio/) before, but the following is specific for this VM: 116 | 117 | Open up the Windows Start Menu and find the "Native" x86 only prompt, so: 118 | 119 | Visual C++ Build Tools -> Windows Desktop Command Prompts -> Visual C++ 2015 x86 Native Build Tools Command Prompt 120 | *NOTE* run as administrator 121 | 122 | ##### Environment Variables 123 | 124 | For OpenSSL we'll need NASM in our path 125 | 126 | ```sh 127 | SET PATH=%PATH%;"C:\Program Files\NASM" 128 | ``` 129 | 130 | Now build OpenSSL 131 | 132 | ```sh 133 | cd C:\openssl-src 134 | perl Configure VC-WIN32 --prefix=C:\openssl 135 | ms\do_nasm 136 | nmake -f ms\nt.mak 137 | nmake -f ms\nt.mak install 138 | ``` 139 | 140 | You may see warnings, but this should complete and puts the output in `C:\openssl` 141 | This is an error prone step so following the described environment will be helpful. 142 | 143 | ##### More Environment Variables 144 | 145 | Now that OpenSSL is built (or you downloaded it and extracted it to `C:\openssl`), we'll update our paths for the PHP build. Adding in some additional paths for Bison 146 | 147 | ```sh 148 | SET PATH=%PATH%;C:\openssl\bin;%ProgramFiles%\GnuWin32\bin; 149 | SET LIB=%LIB%;C:\openssl\lib; 150 | SET INCLUDE=%INCLUDE%;C:\openssl\include 151 | SET BISON_PKGDATADIR="%ProgramFiles%\GnuWin32\bin\bison" 152 | ``` 153 | 154 | *Note* May have issues with the "Program Files" `space`, so use the %aliases% above. 155 | 156 | 157 | #### PHP Extension Build 158 | 159 | Now place the `build` directory from pdo_sqlcipher directory (linux) earlier into the `php-src\ext` folder renaming it to `pdo_sqlcipher`. This should be alongside other core modules such as `pdo_sqlite` 160 | 161 | Also add the `config.w32` from the pdo_sqlcipher directory (linux) into the root of the new `pdo_sqlcipher` extensions directory 162 | 163 | On Windows, the PHP build steps use different files. We'll need to modify only a couple of these files in our extension folder: 164 | 165 | ##### php_pdo_sqlcipher_int.h 166 | 167 | We'll need to update the include path 168 | 169 | from: `#include ` 170 | 171 | to: `#include ` 172 | 173 | around line 24 174 | 175 | ##### sqlcipher3.c 176 | 177 | Need to add the following flags to the top of this file: 178 | 179 | ``` 180 | /******** BEGIN SQLCIPHER-WINDOWS ********/ 181 | #define SQLITE_ENABLE_COLUMN_METADATA 1 182 | #define SQLITE_ENABLE_UNLOCK_NOTIFY 1 183 | #define SQLITE_ENABLE_UPDATE_DELETE_LIMIT 1 184 | #define SQLITE_HAS_CODEC 1 185 | #define SQLITE_TEMP_STORE 2 186 | /******** END SQLCIPHER-WINDOWS **********/ 187 | 188 | ``` 189 | 190 | #### Run Build Commands 191 | 192 | With the existing shell still open with our paths still in environment variables, enter the php-src directory: 193 | 194 | ```sh 195 | cd C:\php-src 196 | ``` 197 | 198 | Run the `buildconf.bat` windows batch file: 199 | 200 | ```sh 201 | buildconf.bat 202 | ``` 203 | 204 | Next will configure which extensions and PHP-specific options to set and enable: 205 | 206 | ```sh 207 | configure --disable-all --enable-pdo --enable-pdo_sqlcipher --disable-zts --enable-cli 208 | ``` 209 | 210 | *Note: thread safety has not been tested, only non-thread-safe. `--enable-cli` is to bypass some issues, not really needed other than to get the build to run. 211 | 212 | The above command should show some table output and take notice that you see `pdo_sqlcipher` listed as `shared`, meaning to be built as a dll. 213 | 214 | ```sh 215 | Enabled extensions: 216 | -------------------------- 217 | | Extension | Mode | 218 | -------------------------- 219 | | date | static | 220 | | pcre | static | 221 | | pdo | static | 222 | | pdo_sqlcipher | shared | 223 | | reflection | static | 224 | | spl | static | 225 | | standard | static | 226 | -------------------------- 227 | ``` 228 | 229 | If you get some error from the JSRuntime, open the `configure.js` (file that buildconf generated) and inspect the line. 230 | I once got a cryptic error: 231 | 232 | ```bash 233 | C:\php-src\configure.js(5475, 1) Microsoft JScript runtime error: '‹¯¨' is undefined 234 | ``` 235 | about some invisible bom (‹¯¨) at the first (1) position need to be deleted, so just needed backspace to the left of: 236 | 237 | ```bash 238 | // $Id$ 239 | ``` 240 | 241 | Side note, really JavaScript builds php on windows?!?! ... moving on.... 242 | 243 | ### Build it already 244 | OK, last step! 245 | 246 | ```sh 247 | nmake php_pdo_sqlcipher.dll 248 | ``` 249 | 250 | You'll see plenty of warnings and this will take a moment to build. It should end with: 251 | 252 | ```sh 253 | EXT pdo_sqlcipher build complete 254 | ``` 255 | 256 | You should find the resulting `php_pdo_sqlcipher.dll` file located in: 257 | 258 | C:\php-src\Release\php_pdo_sqlcipher.dll 259 | 260 | Celebrate! :tada: 261 | 262 | Otherwise... review your errors and `nmake clean` and repeat. Good Luck! :) 263 | -------------------------------------------------------------------------------- /examples/USAGE.md: -------------------------------------------------------------------------------- 1 | 2 | #### General Usage Example for pdo_sqlcipher 3 | In general you can use this extension much like `pdo_sqlite` extension. Only difference is that we've modified the namespace from `sqlite` to `sqlcipher`. 4 | 5 | So a typical connection to the `pdo_sqlcipher` extension may look something like: 6 | 7 | ```php 8 | $key = 'my-sqlite-key'; 9 | $sql = 'SELECT * FROM mytable'; 10 | 11 | $dbh = new PDO('sqlcipher:db.sqlite', null, null, null)or die("cannot open the database");; 12 | 13 | # decrypt database 14 | $dbh->exec('PRAGMA key = "' . $key . '";'); 15 | 16 | $ret = $dbh->query($sql); 17 | 18 | if($ret) 19 | { 20 | foreach($ret as $i) { 21 | echo $i[0]; 22 | } 23 | } 24 | else 25 | { 26 | echo 'Error: '; 27 | print_r($dbh->errorInfo()); 28 | } 29 | 30 | ``` -------------------------------------------------------------------------------- /examples/docker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:centos7 2 | 3 | # build dependencies 4 | RUN yum update -y && \ 5 | yum install -y \ 6 | libicu-devel \ 7 | readline-devel \ 8 | openssl-devel \ 9 | tcl-devel \ 10 | build-essential \ 11 | pkg-config \ 12 | git \ 13 | vim \ 14 | nano \ 15 | gcc \ 16 | make \ 17 | cmake \ 18 | autoconf \ 19 | automake \ 20 | m4 \ 21 | nasm \ 22 | wget \ 23 | curl && \ 24 | echo "set number" >> /root/.vimrc && \ 25 | echo "set hlsearch" >> /root/.vimrc && \ 26 | echo "export TERM=xterm" >> /root/.bashrc && \ 27 | echo "export EDITOR=vim" >> /root/.bashrc && \ 28 | yum clean all && \ 29 | rm -rf /var/cache/yum/* && \ 30 | rm -rf /tmp/* && \ 31 | rm -rf /var/tmp/* 32 | 33 | # php repo with latest versions 34 | RUN rpm -Uvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \ 35 | rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm 36 | 37 | # Install desired PHP version (remi-php) # 38 | RUN yum update -y && \ 39 | yum install --enablerepo="remi,remi-php71" -y \ 40 | php \ 41 | php-devel \ 42 | php-cli \ 43 | php-pdo \ 44 | php-gd \ 45 | php-mbstring \ 46 | php-xml && \ 47 | yum clean all && \ 48 | rm -rf /var/cache/yum/* && \ 49 | rm -rf /tmp/* && \ 50 | rm -rf /var/tmp/* 51 | 52 | # Include apache just to keep container running 53 | COPY include/apache_default /etc/httpd/conf.d/vhosts.conf 54 | COPY include/run /usr/local/bin/run 55 | RUN chmod +x /usr/local/bin/run 56 | 57 | RUN mkdir /project 58 | 59 | WORKDIR /project 60 | 61 | EXPOSE 80 22 62 | 63 | CMD ["/usr/local/bin/run"] 64 | -------------------------------------------------------------------------------- /examples/docker/include/apache_default: -------------------------------------------------------------------------------- 1 | 2 | #ServerName localhost 3 | 4 | ServerAdmin webmaster@localhost 5 | DocumentRoot /project 6 | 7 | 8 | AllowOverride All 9 | Order allow,deny 10 | Allow from all 11 | 12 | 13 | ErrorLog /dev/stdout 14 | CustomLog /dev/stdout combined 15 | 16 | -------------------------------------------------------------------------------- /examples/docker/include/config.w32: -------------------------------------------------------------------------------- 1 | // $Id$ 2 | // vim:ft=javascript 3 | 4 | ARG_ENABLE("pdo_sqlcipher", "Enable PHP Data Objects support", "no"); 5 | 6 | if (PHP_PDO_SQLCIPHER != "no") { 7 | EXTENSION('pdo_sqlcipher', 'pdo_sqlcipher.c sqlcipher_driver.c sqlcipher_statement.c sqlcipher3.c crypto.c crypto_cc.c crypto_impl.c crypto_libtomcrypt.c crypto_openssl.c', true); 8 | ADD_EXTENSION_DEP('pdo_sqlcipher', 'pdo'); 9 | PHP_INSTALL_HEADERS("ext/pdo", "php_pdo.h php_pdo_driver.h"); 10 | PHP_INSTALL_HEADERS("ext/pdo_sqlcipher", "crypto.h sqlcipher3.h"); 11 | ADD_FLAG("LIBS", "gdi32.lib libeay32.lib ssleay32.lib"); 12 | } 13 | -------------------------------------------------------------------------------- /examples/docker/include/run: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | echo "ServerName localhost" >> /etc/httpd/conf/httpd.conf 5 | sed -ri 's#^DocumentRoot "/var/www/html"#DocumentRoot "/project"#' /etc/httpd/conf/httpd.conf 6 | sed -ri 's#^##' /etc/httpd/conf/httpd.conf 7 | sed -ri 's#^##' /etc/httpd/conf/httpd.conf 8 | 9 | 10 | exec /usr/sbin/httpd -DFOREGROUND --------------------------------------------------------------------------------