$salt = hash_hmac('sha256', $saltKey, $i, true);
if ($row['hash'] == substr(hash_hmac('sha512', $_POST['password'], $salt, false), 0, 64)) {
// CORRECT PASSWORD:
$found = true;
$key = substr(hash_hmac('sha512', $_POST['password'], $salt, true), 32);
// 32 bytes = 256 bits, encryption key
$IV = hash_hmac('sha256', $_POST['password'], $salt, true);
// 32 bytes = 256 bits, IV
$newHash = hash('sha256', openssl_random_pseudo_bytes(64));
$url = AES256_Decrypt($row['ciphertext'], $key, $IV);
$newCipher = base64_encode(openssl_random_pseudo_bytes(strlen(base64_decode($row['ciphertext']))));
// For replacing
$DB->exec("UPDATE rings SET validFlag = '0', ciphertext = '{$newCipher}', hash = '{$newHash}' WHERE id = '{$i}'");
$numValid--;
if ($numValid < 1) {
while (!shredData(NONCE_ROOT . "{$req}.ring")) {
// If it returns false, wait a few clock cycles
usleep(1000);
}
}
// Overwrite
//ob_end_clean();
if (!$_COOKIE['neverForward']) {
header("Location: {$data}");
die($url);
} else {
$data = removeXSS($data);
// Experimental; without warranty
include "includes/header.php";
echo "The destination URL is: <a href=\"" . $data . "\">" . $data . "</a>";
include "includes/footer.php";
if ($_COOKIE['alwaysForward']) {
header("Location: {$data}");
} else {
$data = removeXSS($data);
// Experimental; without warranty
include "includes/header.php";
echo "The destination URL is: <a href=\"" . $data . "\">" . $data . "</a>";
include "includes/footer.php";
}
} else {
// Prompt for username and password
include "includes/header.php";
echo "<div style=\"color: red;\">Incorrect password.</div>\n";
include "includes/nonce-pw.php";
include "includes/footer.php";
}
} else {
// Prompt for username and password
include "includes/header.php";
include "includes/nonce-pw.php";
include "includes/footer.php";
}
} else {
while (!shredData(NONCE_ROOT . "{$req}.nonce")) {
// If it returns false, wait a few clock cycles
usleep(1000);
}
header("Location: http://tlwsd.in/404.php", false, 404);
exit;
// LOL NOPE
}
