public function testKeyProtectedByPasswordCorrect() { $pkey1 = KeyProtectedByPassword::createRandomPasswordProtectedKey('password'); $pkey2 = KeyProtectedByPassword::loadFromAsciiSafeString($pkey1->saveToAsciiSafeString()); $key1 = $pkey1->unlockKey('password'); $key2 = $pkey2->unlockKey('password'); $this->assertSame($key1->getRawBytes(), $key2->getRawBytes()); }
include_once $rootdir . 'includes/config.php'; $dbh = new PDO(DB_DRIVER . ":host=" . DB_SERVER . ";port=" . DB_PORT . ";dbname=" . DB_NAME, DB_USER_PROFILE_GRABBER, DB_PASS_PROFILE_GRABBER); $get_profile = $dbh->prepare("SELECT `PEOPLE_ENCRYPTED_ENCRYPTION_KEY`,`PEOPLE_LAST_NAME`,`PEOPLE_EMAIL_ADDRESS`,`PEOPLE_PHONE_NUMBER`,`PEOPLE_ADDR_FORMATTED_ADDR`,`PEOPLE_EMAIL_VERIFIED`,`PEOPLE_REGISTERED_IP`,`PEOPLE_REGISTERED_UA`,`PEOPLE_REGISTERED_TIMESTAMP`,`PEOPLE_LAST_LOGIN_IP`,`PEOPLE_LAST_LOGIN_UA`,`PEOPLE_LAST_LOGIN_TIMESTAMP`,`PEOPLE_STATS_QUEUES_USED` FROM `" . DB_PEOPLE_TABLE . "` WHERE `PEOPLE_ID` = :PEOPLE_ID AND `PEOPLE_ACCOUNT_ACTIVE` = 1;"); $get_profile->bindParam("PEOPLE_ID", $_SESSION['id']); $get_profile->execute(); if ($get_profile->rowCount() == 0) { $_SESSION["loggedin"] = false; header("Location: " . $rootdir . "Login"); die; } $profile = $get_profile->fetch(); // crypto require_once '../includes/defuse-crypto.phar'; use Defuse\Crypto\Crypto; use Defuse\Crypto\KeyProtectedByPassword; $protected_key = KeyProtectedByPassword::loadFromAsciiSafeString($profile["PEOPLE_ENCRYPTED_ENCRYPTION_KEY"]); $user_key = $protected_key->unlockKey($_SESSION["key_unlocker"]); include_once $rootdir . 'includes/top.php'; ?> <div class="container"> <div class="section"> <h1>Settings</h1> </div> <div class="section"> <div class="row"> <div class="classol s12"> <ul class="tabs"> <li class="tab col s3"><a class="active" href="#user">User</a></li> <li class="tab col s3"><a href="#security">Security</a></li> <li class="tab col s3"><a href="#stats">Statistics</a></li> <li class="tab col s3"><a href="#delete">Delete</a></li>
<?php session_start(); ini_set("log_errors", 1); ini_set("error_log", "/tmp/php-error.log"); error_log("Hello, errors!"); require_once '../includes/defuse-crypto.phar'; use Defuse\Crypto\Crypto; use Defuse\Crypto\KeyProtectedByPassword; include_once '../includes/config.php'; $dbh = new PDO(DB_DRIVER . ":host=" . DB_SERVER . ";port=" . DB_PORT . ";dbname=" . DB_NAME, DB_USER_TEL_CHANGER, DB_PASS_TEL_CHANGER); /* Check if valid */ if (preg_replace('/\\D/', '', filter_var($_POST["TEL"], FILTER_SANITIZE_NUMBER_INT, FILTER_NULL_ON_FAILURE)) == "") { header('HTTP/1.1 400 User is a noob'); die(json_encode(array("result" => false, "message" => "Please enter a telephone number", "error_code" => "tc100"))); } $get_key_stmt = $dbh->prepare("SELECT `PEOPLE_ENCRYPTED_ENCRYPTION_KEY` FROM `" . DB_PEOPLE_TABLE . "` WHERE `" . DB_PEOPLE_TABLE . "`.`PEOPLE_ID` = :PEOPLE_ID;"); $get_key_stmt->bindParam(":PEOPLE_ID", $_SESSION["id"]); $get_key_stmt->execute(); $protected_key = KeyProtectedByPassword::loadFromAsciiSafeString($get_key_stmt->fetch()["PEOPLE_ENCRYPTED_ENCRYPTION_KEY"]); $user_key = $protected_key->unlockKey($_SESSION["key_unlocker"]); $update_stmt = $dbh->prepare("UPDATE `" . DB_PEOPLE_TABLE . "` SET `PEOPLE_PHONE_NUMBER` = :PEOPLE_PHONE_NUMBER WHERE `" . DB_PEOPLE_TABLE . "`.`PEOPLE_ID` = :PEOPLE_ID;"); $update_stmt->bindParam(":PEOPLE_PHONE_NUMBER", Crypto::encrypt(preg_replace('/\\D/', '', filter_var($_POST["TEL"], FILTER_SANITIZE_NUMBER_INT, FILTER_NULL_ON_FAILURE)), $user_key)); $update_stmt->bindParam(":PEOPLE_ID", $_SESSION["id"]); $update_stmt->execute(); header("HTTP/1.1 200 Change successful");