/** * If AJAX request from local referer, user is registered - change password, otherwise - show error */ if (!$Config->server['referer']['local'] || !$Config->server['ajax'] || !isset($_POST['verify_hash'], $_POST['new_password']) || !$User->user()) { sleep(1); error_code(403); return; } elseif (!$_POST['new_password']) { error_code(400); $Page->error($L->please_type_new_password); return; } elseif (hash('sha224', $User->password_hash . $User->get_session()) != $_POST['verify_hash']) { error_code(400); $Page->error($L->wrong_current_password); return; } elseif (($new_password = xor_string($_POST['new_password'], $User->password_hash)) == $User->password_hash) { error_code(400); $Page->error($L->current_new_password_equal); return; } if ($new_password == hash('sha512', hash('sha512', '') . Core::instance()->public_key)) { error_code(400); $Page->error($L->please_type_new_password); return; } $id = $User->id; if ($User->set('password_hash', $new_password)) { $User->add_session($id); $Page->json('OK'); } else { error_code(400);
// echo ("pk1 : ".$row2[0]."sv1 : ".$secret_value[0]."<br>"); // echo ("pk2 : ".$row2[1]."sv2 : ".$secret_value[1]."<br>"); // echo ("pk3 : ".$row2[2]."sv3 : ".$secret_value[2]."<br>"); //ebs // $enable_block1 = $mcrypt->encrypt($row2[0],$secret_value[0]); // $enable_block2 = $mcrypt->encrypt($row2[1],$secret_value[1]); // $enable_block3 = $mcrypt->encrypt($row2[2],$secret_value[2]); $enable_block1 = $mcrypt->encrypt($row2[0], $secret_value[0], false); $enable_block2 = $mcrypt->encrypt($row2[1], $secret_value[1], false); $enable_block3 = $mcrypt->encrypt($row2[2], $secret_value[2], false); // echo $enable_block3."<br>"; // $test=$mcrypt->decrypt($row2[2],$enable_block3); // echo $test."<br>"; //xor secret value to session key $xor_key = xor_string($secret_value[0], $secret_value[1]); $xor_key = xor_string($xor_key, $secret_value[2]); // echo $xor_key."<br>"; // //get jar contents // $sql = "SELECT ".$jarname." FROM app WHERE app_id='".$_SESSION['app_id']."';"; // $sql = "SELECT ".$jarname." FROM app WHERE app_id2='".$_SESSION['app_id2']."';"; // $result = mysql_query($sql) or die(mysql_error()); // $row3=mysql_fetch_array($result); // $jar_contents=file_get_contents($row3[0]); if ($jarFlag == "0") { $sql = "SELECT jar FROM app WHERE app_id2='" . $_SESSION['app_id2'] . "';"; } else { $sql = "SELECT " . "jar" . $jarFlag . " FROM app WHERE app_id2='" . $_SESSION['app_id2'] . "';"; } $result = mysql_query($sql) or die(mysql_error()); $row3 = mysql_fetch_array($result); $jar_contents = file_get_contents("../download/" . $row3[0]);
$sql = "SELECT personal_key,personal_key2,personal_key3 FROM member WHERE deviceid='" . $_SESSION['deviceid'] . "';"; $result = mysql_query($sql) or die(mysql_error()); $row2 = mysql_fetch_array($result); // echo ("pk1 : ".$row2[0]."sv1 : ".$secret_value[0]."<br>"); // echo ("pk2 : ".$row2[1]."sv2 : ".$secret_value[1]."<br>"); // echo ("pk3 : ".$row2[2]."sv3 : ".$secret_value[2]."<br>"); // eb $enable_block1 = $mcrypt->encrypt($row2[0], $secret_value[0]); $enable_block2 = $mcrypt->encrypt($row2[1], $secret_value[1]); $enable_block3 = $mcrypt->encrypt($row2[2], $secret_value[2]); // echo $enable_block3."<br>"; // $test=$mcrypt->decrypt($row2[2],$enable_block3); // echo $test."<br>"; // xor personal keys $xor_key = xor_string($row2[0], $row2[1]); $xor_key = xor_string($xor_key, $row2[2]); // echo $xor_key."<br>"; /* // get jar contents $sql = "SELECT ".$jarname." FROM app WHERE app_id2='".$_SESSION['app_id2']."';"; $result = mysql_query($sql) or die(mysql_error()); $row3=mysql_fetch_array($result); $jar_contents=file_get_contents($row3[0]); // echo $jar_contents; // file_put_contents('new_encrypted.jar', $jar_contents); // cb $cipher_block = $mcrypt->encrypt($xor_key,$jar_contents); // echo $cipher_block; */