public static function createSalt($length = 32, $add_entropy = null, $do_secure = true)
{
if (@(include_once 'sources/csprng/support/random.php' !== false && $do_secure)) {
// Do this cryptographically securely
try {
$rng = new CSPRNG();
$salt = $rng->GenerateString($length);
} catch (Exception $e) {
// run this again, not securely to escape the error
self::createSalt($length, $add_entropy, false);
}
} else {
// Don't give up the ghost, try something that's not quite as good
$id1 = uniqid(mt_rand(), true);
$id2 = md5(date('dDjlSwzWFmMntLYayABgGhiHsOZ'));
$id3 = crc32(self::curPageURL());
$charset = "!@#~`%^&*()-_+={}|[]:;'<>?,./";
$repeats = rand(0, 64);
$i = 0;
$csl = strlen($charset);
while ($i < $repeats) {
$pos = rand(0, $csl - 1);
$id4 = substr($charset, $pos, 1);
++$i;
}
$salt = sha1($id2 . $id1 . $id3 . $id4 . $add_entropy);
// add extra entropy if provided.
$len = strlen($salt);
if ($length > $len) {
$length = $len;
}
$diff = strlen($salt) - $length;
$offset = rand(0, $diff);
$salt = substr($salt, $offset, $length);
}
return $salt;
}
if (!isset($protectedfields[$key]) || !$protectedfields[$key]) {
$userinfo[$key] = isset($_REQUEST["field_edit_" . md5($key)]) ? $_REQUEST["field_edit_" . md5($key)] : "";
}
}
if (function_exists("AdminHook_EditUser_PostFieldsCheck")) {
AdminHook_EditUser_PostFieldsCheck();
}
if ($sso_site_admin && isset($_REQUEST["impersonation"])) {
if (!(int) $_REQUEST["impersonation"]) {
unset($userinfo["sso__impersonation"]);
unset($userinfo["sso__impersonation_key"]);
unset($userinfo["sso__impersonation_auto"]);
} else {
if (!isset($userinfo["sso__impersonation"])) {
$userinfo["sso__impersonation"] = "1";
$userinfo["sso__impersonation_key"] = $sso_rng->GenerateString(64);
$userinfo["sso__impersonation_auto"] = "0";
}
if (isset($_REQUEST["reset_impersonation_key"]) && $_REQUEST["reset_impersonation_key"] == "yes") {
$userinfo["sso__impersonation_key"] = $sso_rng->GenerateString(64);
}
if (isset($_REQUEST["impersonation_auto"])) {
$userinfo["sso__impersonation_auto"] = (string) (int) $_REQUEST["impersonation_auto"];
}
}
}
$info2 = SSO_CreateEncryptedUserInfo($userinfo);
$sso_db->Query("UPDATE", array($sso_db_users, array("version" => (int) $_REQUEST["version"], "info" => serialize($userinfo), "info2" => $info2), "WHERE" => "id = ?"), $row->id);
if ($sso_site_admin && $_REQUEST["tag_id"] != "" && $_REQUEST["tag_reason"] != "") {
try {
$sso_db->Query("INSERT", array($sso_db_user_tags, array("user_id" => $row->id, "tag_id" => (int) $_REQUEST["tag_id"], "issuer_id" => $sso_user_id, "reason" => $_REQUEST["tag_reason"], "created" => CSDB::ConvertToDBTime(time()))));
$seed = $rng->GenerateToken(128);
if ($seed === false) {
InstallError("Seed generation failed.");
}
define("SSO_BASE_RAND_SEED" . ($x ? $x + 1 : ""), $seed);
}
define("SSO_USE_LESS_SAFE_STORAGE", $_REQUEST["sso_use_less_safe_storage"] == "yes");
// Connect to the database server.
$databases = SSO_GetSupportedDatabases();
$dbtype = (string) $_REQUEST["db_select"];
if (!isset($databases[$dbtype])) {
InstallError("Please select a database server.");
}
if ($_REQUEST["db_dsn"] == "") {
$dsn = $databases[$dbtype]["default_dsn"];
$dsn = str_replace("@RANDOM@", $rng->GenerateString(), $dsn);
$dsn = str_replace("@PATH@", str_replace("\\", "/", dirname(__FILE__)), $dsn);
$_REQUEST["db_dsn"] = $dsn;
}
require_once "support/csdb/db_" . $dbtype . ".php";
$dbclassname = "CSDB_" . $dbtype;
try {
$db = new $dbclassname($dbtype . ":" . $_REQUEST["db_dsn"], $databases[$dbtype]["login"] ? $_REQUEST["db_user"] : false, $databases[$dbtype]["login"] ? $_REQUEST["db_pass"] : false);
if ($_REQUEST["db_master_dsn"] != "") {
$db->SetMaster($dbtype . ":" . $_REQUEST["db_master_dsn"], $databases[$dbtype]["login"] ? $_REQUEST["db_master_user"] : false, $databases[$dbtype]["login"] ? $_REQUEST["db_master_pass"] : false);
}
} catch (Exception $e) {
InstallError("Database connection failed. " . htmlspecialchars($e->getMessage()));
}
try {
InstallSuccess("Successfully connected to the database server. Running " . htmlspecialchars($db->GetDisplayName() . " " . $db->GetVersion()));
$session_info = unserialize($sessionrow->info);
if (!isset($session_info["validated"])) {
SSO_EndpointError("Namespace referenced session is not validated.");
}
if (!isset($session_info["ipaddr"]) || !isset($_REQUEST["ipaddr"]) || $session_info["ipaddr"] != $_REQUEST["ipaddr"]) {
SSO_EndpointError("Namespace referenced session is from an unspecified or different IP address.");
}
$result = array("success" => true);
SSO_EndpointOutput($result);
} else {
if ($sso_data["action"] == "initlogin") {
if ($sso_apikey_info["type"] != "normal") {
SSO_EndpointError("Invalid API key type.");
}
// Create a new session.
$sid = $sso_rng->GenerateString();
$recoverid = $sso_rng->GenerateString();
$info = array("url" => base64_encode(isset($sso_data["url"]) ? $sso_data["url"] : ""), "files" => (bool) (int) (isset($sso_data["files"]) ? $sso_data["files"] : 0), "initmsg" => base64_encode(isset($sso_data["initmsg"]) ? $sso_data["initmsg"] : ""), "rid" => $recoverid, "appurl" => base64_encode(isset($sso_data["appurl"]) ? $sso_data["appurl"] : ""));
if ($info["url"] == "") {
SSO_EndpointError("Return URL not specified.");
}
$sso_db->Query("INSERT", array($sso_db_temp_sessions, array("apikey_id" => $sso_apirow->id, "updated" => CSDB::ConvertToDBTime(time()), "created" => CSDB::ConvertToDBTime(time()), "heartbeat" => SSO_HEARTBEAT_LIMIT, "session_id" => $sid, "ipaddr" => isset($_REQUEST["ipaddr"]) ? $_REQUEST["ipaddr"] : "APIKEY: " . $sso_ipaddr["ipv6"], "info" => serialize($info), "recoverinfo" => base64_encode(isset($sso_data["info"]) ? $sso_data["info"] : "")), "AUTO INCREMENT" => "id"));
$id = $sso_db->GetInsertID();
$url = SSO_LOGIN_URL . "?sso_id=" . urlencode($sid . "-" . $id) . "&lang=" . urlencode(isset($sso_data["lang"]) ? $sso_data["lang"] : "");
if (isset($sso_data["extra"])) {
foreach ($sso_data["extra"] as $key => $val) {
$url .= "&" . urlencode($key) . "=" . urlencode($val);
}
}
$result = array("success" => true, "url" => $url, "rid" => $recoverid);
SSO_EndpointOutput($result);
