/** * This file is a part of MyWebSQL package * * @file: modules/splash.php * @author Samnan ur Rehman * @copyright (c) 2008-2012 Samnan ur Rehman * @web http://mywebsql.net * @license http://mywebsql.net/license */ function getSplashScreen($msg = '', $formCode = '') { if ($formCode) { $formCode = '<div class="login"><form method="post" action="" name="dbform" id="dbform" style="text-align:center">' . $formCode . '</form></div>'; } $scripts = "jquery"; $extraScript = ""; if (secureLoginPage()) { $scripts = "jquery,encrypt"; $e = Session::get('auth_enc', 'e'); $d = Session::get('auth_enc', 'd'); $n = Session::get('auth_enc', 'n'); $keyLength = 128; if (!$e || !$d || !$n) { $enc_lib = BASE_PATH . (extension_loaded('openssl') && extension_loaded('gmp') && extension_loaded('bcmath') ? "/lib/external/jcryption.php" : "/lib/external/jcryption-legacy.php"); require_once $enc_lib; $jCryption = new jCryption(); $keys = $jCryption->generateKeypair($keyLength); $e = array("int" => $keys["e"], "hex" => $jCryption->dec2string($keys["e"], 16)); $d = array("int" => $keys["d"], "hex" => $jCryption->dec2string($keys["d"], 16)); $n = array("int" => $keys["n"], "hex" => $jCryption->dec2string($keys["n"], 16)); Session::set('auth_enc', 'e', $e); Session::set('auth_enc', 'd', $d); Session::set('auth_enc', 'n', $n); } $keyData = '{"e":"' . $e["hex"] . '","n":"' . $n["hex"] . '","maxdigits":"' . intval($keyLength * 2 / 16 + 3) . '"}'; $extraScript = '<script language="javascript" type="text/javascript"> $(function() { $.jCryption.defaultOptions.getKeysURL = ' . $keyData . '; $("#dbform").jCryption(); }); </script>'; } $replace = array('MESSAGE' => $msg ? '<div class="msg">' . htmlspecialchars($msg) . '</div>' : '', 'FORM' => $formCode, 'APP_VERSION' => APP_VERSION, 'PROJECT_SITEURL' => PROJECT_SITEURL, 'SCRIPTS' => $scripts, 'EXTRA_SCRIPT' => $extraScript); return view('splash', $replace); }
} } //update LOG logEvents('admin_action', 'Emails backlog', $_SESSION['user_id'], $_SESSION['login']); echo '[{"result":"admin_email_send_backlog", ' . @sendEmail($LANG['admin_email_test_subject'], $LANG['admin_email_test_body'], $_SESSION['settings']['email_from']) . '}]'; break; /* * Generate exchanges encryption keys */ /* * Generate exchanges encryption keys */ case "admin_action_generate_encrypt_keys": require_once "../includes/libraries/jCryption/jcryption.php"; $keyLength = 1024; $jCryption = new jCryption(); $numberOfPairs = 100; $arrKeyPairs = array(); for ($i = 0; $i < $numberOfPairs; $i++) { $arrKeyPairs[] = $jCryption->generateKeypair($keyLength); } $file = array(); $file[] = '<?php'; $file[] = '$arrKeys = '; $file[] = var_export($arrKeyPairs, true); $file[] = ';'; file_put_contents(SECUREPATH . "/" . $numberOfPairs . "_" . $keyLength . "_keys.inc.php", implode("\n", $file)); echo '[{"result":"generated_keys_file", "error":""}]'; break; /* * Correct passwords prefix
<?php session_start(); require_once "../../jcryption.php"; $keyLength = 256; $jCryption = new jCryption(); if (isset($_GET["generateKeypair"])) { $keys = $jCryption->generateKeypair($keyLength); $_SESSION["e"] = array("int" => $keys["e"], "hex" => $jCryption->dec2string($keys["e"], 16)); $_SESSION["d"] = array("int" => $keys["d"], "hex" => $jCryption->dec2string($keys["d"], 16)); $_SESSION["n"] = array("int" => $keys["n"], "hex" => $jCryption->dec2string($keys["n"], 16)); echo '{"e":"' . $_SESSION["e"]["hex"] . '","n":"' . $_SESSION["n"]["hex"] . '","maxdigits":"' . intval($keyLength * 2 / 16 + 3) . '"}'; } else { $var = $jCryption->decrypt($_POST['jCryption'], $_SESSION["d"]["int"], $_SESSION["n"]["int"]); echo $var; }
//saving connection to variable $config = new config(); $con = mysql_connect($config->getUserManagerDomain(), $config->getUserManagerUser(), $config->getUserManagerPass()); //checking to see if connection exists if (!$con) { die('Could not connect:' . mysql_error()); } //connect to database mysql_select_db($config->getUserManagerDB(), $con); //querying the table and setting it to a variable $result = mysql_query("SELECT * FROM UserInfo WHERE Email = '{$user}'"); if ($result) { $row = mysql_fetch_array($result); } if ($row['Email'] == $user && $row['Email'] != '') { $jCryption = new jCryption(); $var = $jCryption->decrypt($password, $_SESSION["d"]["int"], $_SESSION["n"]["int"]); if ($row['Password'] == $var) { //$sessionid = uniqid(); //$UserId = $row['UserId']; //$clientIp = $_SERVER['REMOTE_ADDR']; //mysql_query("DELETE FROM Session WHERE UserId='$UserId' AND ClientIp='$clientIp'"); //mysql_query("INSERT INTO Session (UserId, ClientIp, SessionKey) VALUES ('$UserId', '$clientIp', '$sessionid')"); echo 'Logged in!'; //create session here } else { echo "User found but password incorrect."; } } else { echo "User not found."; }
private function getAuthCustom() { $server = $this->getDefaultServer(); $username = $password = ''; if (secureLoginPage() && isset($_POST['mywebsql_auth'])) { $enc_lib = BASE_PATH . (extension_loaded('openssl') && extension_loaded('gmp') ? "/lib/external/jcryption.php" : "/lib/external/jcryption-legacy.php"); require_once $enc_lib; $jCryption = new jCryption(); $d = Session::get('auth_enc', 'd'); $n = Session::get('auth_enc', 'n'); if (!isset($d['int']) || !isset($n['int'])) { return $this->setError('Invalid Credentials'); } $decoded = $jCryption->decrypt($_POST['mywebsql_auth'], $d['int'], $n['int']); if (!$decoded) { return $this->setError('Invalid Credentials'); } parse_str($decoded, $info); $server = $this->getServer(v($info['server'])); $username = v($info['auth_user']); $password = v($info['auth_pwd']); } else { if (isset($_POST['auth_user']) && isset($_POST['auth_pwd'])) { $server = $this->getServer(v($_POST['server'])); $username = v($_POST['auth_user']); $password = v($_POST['auth_pwd']); } } return $this->custom_auth->authenticate($username, $password, $server); return false; }
<?php session_start(); require_once "../../jcryption.php"; $keyLength = 1024; $jCryption = new jCryption(); if (isset($_GET["generateKeypair"])) { require_once "../../100_1024_keys.inc.php"; $keys = $arrKeys[mt_rand(0, 100)]; $_SESSION["e"] = array("int" => $keys["e"], "hex" => $jCryption->dec2string($keys["e"], 16)); $_SESSION["d"] = array("int" => $keys["d"], "hex" => $jCryption->dec2string($keys["d"], 16)); $_SESSION["n"] = array("int" => $keys["n"], "hex" => $jCryption->dec2string($keys["n"], 16)); echo '{"e":"' . $_SESSION["e"]["hex"] . '","n":"' . $_SESSION["n"]["hex"] . '","maxdigits":"' . intval($keyLength * 2 / 16 + 3) . '"}'; } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Result</title> <style type="text/css"> html,body { margin:0; padding:0; font-family:Tahoma; font-size:12px; } </style> </head> <body>
public function ShowLogin($is_https, &$msg) { $timedout = UIBase::GrabInput('get', 'timedout', 'int'); $logoff = UIBase::GrabInput('get', 'logoff', 'int'); $msg = ''; if ($timedout == 1 || $logoff == 1) { $this->clear(); if ($timedout == 1) { $msg = DMsg::Err('err_sessiontimeout'); } else { $msg = DMsg::Err('err_loggedoff'); } } else { if ($this->IsValid()) { return FALSE; } } $userid = NULL; $pass = NULL; if (isset($_POST['jCryption'])) { $jCryption = new jCryption(); $var = $jCryption->decrypt($_POST['jCryption'], $_SESSION['d_int'], $_SESSION['n_int']); unset($_SESSION['d_int']); unset($_SESSION['n_int']); parse_str($var, $result); $userid = $result['userid']; $pass = $result['pass']; } else { if ($is_https && isset($_POST['userid'])) { $userid = UIBase::GrabGoodInput('POST', 'userid'); $pass = UIBase::GrabInput('POST', 'pass'); } } if ($userid != NULL) { if ($this->authenticate($userid, $pass) === TRUE) { return FALSE; } else { $msg = DMsg::Err('err_login'); } } return TRUE; }
$e_hex = RSAKeyImport::dec2string($e_int, 16); $n_hex = RSAKeyImport::dec2string($n_int, 16); $mykeys = array('e_hex' => $e_hex, 'n_hex' => $n_hex, 'd_int' => $d_int, 'n_int' => $n_int); return $mykeys; } } ## main # openssl genrsa -out key.pem 512 $mykeys = NULL; if (isset($argv[1])) { $pemfile = $argv[1]; $mykeys = RSAKeyImport::import_and_convert($pemfile); } if ($mykeys == FALSE) { echo "Using php to generate keys, please be patient ... \n"; $keyLength = 512; $jCryption = new jCryption(); $keys = $jCryption->generateKeypair($keyLength); $e_hex = $jCryption->dec2string($keys['e'], 16); $n_hex = $jCryption->dec2string($keys['n'], 16); $mykeys = array('e_hex' => $e_hex, 'n_hex' => $n_hex, 'd_int' => $keys['d'], 'n_int' => $keys['n']); } $keyfile = '../conf/jcryption_keypair'; $serialized_str = serialize($mykeys); $result = file_put_contents($keyfile, $serialized_str); chmod($keyfile, 0600); if ($result == TRUE) { exit(0); } else { exit(1); }