/**
* If AJAX request from local referer, user is registered - change password, otherwise - show error
*/
if (!$Config->server['referer']['local'] || !$Config->server['ajax'] || !isset($_POST['verify_hash'], $_POST['new_password']) || !$User->user()) {
sleep(1);
error_code(403);
return;
} elseif (!$_POST['new_password']) {
error_code(400);
$Page->error($L->please_type_new_password);
return;
} elseif (hash('sha224', $User->password_hash . $User->get_session()) != $_POST['verify_hash']) {
error_code(400);
$Page->error($L->wrong_current_password);
return;
} elseif (($new_password = xor_string($_POST['new_password'], $User->password_hash)) == $User->password_hash) {
error_code(400);
$Page->error($L->current_new_password_equal);
return;
}
if ($new_password == hash('sha512', hash('sha512', '') . Core::instance()->public_key)) {
error_code(400);
$Page->error($L->please_type_new_password);
return;
}
$id = $User->id;
if ($User->set('password_hash', $new_password)) {
$User->add_session($id);
$Page->json('OK');
} else {
error_code(400);
// echo ("pk1 : ".$row2[0]."sv1 : ".$secret_value[0]."<br>");
// echo ("pk2 : ".$row2[1]."sv2 : ".$secret_value[1]."<br>");
// echo ("pk3 : ".$row2[2]."sv3 : ".$secret_value[2]."<br>");
//ebs
// $enable_block1 = $mcrypt->encrypt($row2[0],$secret_value[0]);
// $enable_block2 = $mcrypt->encrypt($row2[1],$secret_value[1]);
// $enable_block3 = $mcrypt->encrypt($row2[2],$secret_value[2]);
$enable_block1 = $mcrypt->encrypt($row2[0], $secret_value[0], false);
$enable_block2 = $mcrypt->encrypt($row2[1], $secret_value[1], false);
$enable_block3 = $mcrypt->encrypt($row2[2], $secret_value[2], false);
// echo $enable_block3."<br>";
// $test=$mcrypt->decrypt($row2[2],$enable_block3);
// echo $test."<br>";
//xor secret value to session key
$xor_key = xor_string($secret_value[0], $secret_value[1]);
$xor_key = xor_string($xor_key, $secret_value[2]);
// echo $xor_key."<br>";
// //get jar contents
// $sql = "SELECT ".$jarname." FROM app WHERE app_id='".$_SESSION['app_id']."';";
// $sql = "SELECT ".$jarname." FROM app WHERE app_id2='".$_SESSION['app_id2']."';";
// $result = mysql_query($sql) or die(mysql_error());
// $row3=mysql_fetch_array($result);
// $jar_contents=file_get_contents($row3[0]);
if ($jarFlag == "0") {
$sql = "SELECT jar FROM app WHERE app_id2='" . $_SESSION['app_id2'] . "';";
} else {
$sql = "SELECT " . "jar" . $jarFlag . " FROM app WHERE app_id2='" . $_SESSION['app_id2'] . "';";
}
$result = mysql_query($sql) or die(mysql_error());
$row3 = mysql_fetch_array($result);
$jar_contents = file_get_contents("../download/" . $row3[0]);
$sql = "SELECT personal_key,personal_key2,personal_key3 FROM member WHERE deviceid='" . $_SESSION['deviceid'] . "';";
$result = mysql_query($sql) or die(mysql_error());
$row2 = mysql_fetch_array($result);
// echo ("pk1 : ".$row2[0]."sv1 : ".$secret_value[0]."<br>");
// echo ("pk2 : ".$row2[1]."sv2 : ".$secret_value[1]."<br>");
// echo ("pk3 : ".$row2[2]."sv3 : ".$secret_value[2]."<br>");
// eb
$enable_block1 = $mcrypt->encrypt($row2[0], $secret_value[0]);
$enable_block2 = $mcrypt->encrypt($row2[1], $secret_value[1]);
$enable_block3 = $mcrypt->encrypt($row2[2], $secret_value[2]);
// echo $enable_block3."<br>";
// $test=$mcrypt->decrypt($row2[2],$enable_block3);
// echo $test."<br>";
// xor personal keys
$xor_key = xor_string($row2[0], $row2[1]);
$xor_key = xor_string($xor_key, $row2[2]);
// echo $xor_key."<br>";
/*
// get jar contents
$sql = "SELECT ".$jarname." FROM app WHERE app_id2='".$_SESSION['app_id2']."';";
$result = mysql_query($sql) or die(mysql_error());
$row3=mysql_fetch_array($result);
$jar_contents=file_get_contents($row3[0]);
// echo $jar_contents;
// file_put_contents('new_encrypted.jar', $jar_contents);
// cb
$cipher_block = $mcrypt->encrypt($xor_key,$jar_contents);
// echo $cipher_block;
*/
