install/includes/payload.php
changeset 1240 2b6cdff92b09
parent 1227 bdac73ed481e
child 1259 49db7495f6b8
equal deleted inserted replaced
1239:e88534039a8d 1240:2b6cdff92b09
    29 }
    29 }
    30 
    30 
    31 function stg_password_decode()
    31 function stg_password_decode()
    32 {
    32 {
    33 	global $db;
    33 	global $db;
       
    34 	global $dh_public, $dh_private, $aes_fallback;
    34 	static $pass = false;
    35 	static $pass = false;
    35 	
    36 	
    36 	if ( $pass )
    37 	if ( $pass )
    37 		return $pass;
    38 		return $pass;
    38 	
    39 	
    39 	if ( !isset($_POST['crypt_data']) && !empty($_POST['password']) && $_POST['password'] === $_POST['password_confirm'] )
    40 	if ( empty($_POST['crypt_data']) && !empty($_POST['password']) && $_POST['password'] === $_POST['password_confirm'] )
    40 		$pass = $_POST['password'];
    41 		$pass = $_POST['password'];
    41 	
    42 	
    42 	$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
    43 	require_once(ENANO_ROOT . '/includes/rijndael.php');
    43 	// retrieve encryption key
    44 	require_once(ENANO_ROOT . '/includes/sessions.php');
    44 	$q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name=\'install_aes_key\';');
    45 	
    45 	if ( !$q )
    46 	try
    46 		$db->_die();
    47 	{
    47 	if ( $db->numrows() < 1 )
    48 		$keys = array(
    48 		return false;
    49 				'public' => $dh_public,
    49 	list($aes_key) = $db->fetchrow_num();
    50 				'private' => $dh_private,
    50 	$aes_key = hexdecode($aes_key);
    51 				'aes' => $aes_fallback
    51 	
    52 			);
    52 	$pass = $aes->decrypt($_POST['crypt_data'], $aes_key, ENC_HEX);
    53 		$pass = sessionManager::get_aes_post('password', $keys);
    53 	if ( !$pass )
    54 	}
    54 		return false;
    55 	catch ( Exception $e )
       
    56 	{
       
    57 		echo "<p>Exception details:</p><pre>$e</pre>";
       
    58 		return false;
       
    59 	}
    55 	
    60 	
    56 	return $pass; // Will be true if the password isn't crapped
    61 	return $pass; // Will be true if the password isn't crapped
    57 }
    62 }
    58 
    63 
    59 function stg_make_private_key()
    64 function stg_make_private_key()