<?php session_start(); require_once "../../jcryption.php"; $keyLength = 256; $jCryption = new jCryption(); if (isset($_GET["generateKeypair"])) { $keys = $jCryption->generateKeypair($keyLength); $_SESSION["e"] = array("int" => $keys["e"], "hex" => $jCryption->dec2string($keys["e"], 16)); $_SESSION["d"] = array("int" => $keys["d"], "hex" => $jCryption->dec2string($keys["d"], 16)); $_SESSION["n"] = array("int" => $keys["n"], "hex" => $jCryption->dec2string($keys["n"], 16)); echo '{"e":"' . $_SESSION["e"]["hex"] . '","n":"' . $_SESSION["n"]["hex"] . '","maxdigits":"' . intval($keyLength * 2 / 16 + 3) . '"}'; } else { $var = $jCryption->decrypt($_POST['jCryption'], $_SESSION["d"]["int"], $_SESSION["n"]["int"]); echo $var; }
private function getAuthCustom() { $server = $this->getDefaultServer(); $username = $password = ''; if (secureLoginPage() && isset($_POST['mywebsql_auth'])) { $enc_lib = BASE_PATH . (extension_loaded('openssl') && extension_loaded('gmp') ? "/lib/external/jcryption.php" : "/lib/external/jcryption-legacy.php"); require_once $enc_lib; $jCryption = new jCryption(); $d = Session::get('auth_enc', 'd'); $n = Session::get('auth_enc', 'n'); if (!isset($d['int']) || !isset($n['int'])) { return $this->setError('Invalid Credentials'); } $decoded = $jCryption->decrypt($_POST['mywebsql_auth'], $d['int'], $n['int']); if (!$decoded) { return $this->setError('Invalid Credentials'); } parse_str($decoded, $info); $server = $this->getServer(v($info['server'])); $username = v($info['auth_user']); $password = v($info['auth_pwd']); } else { if (isset($_POST['auth_user']) && isset($_POST['auth_pwd'])) { $server = $this->getServer(v($_POST['server'])); $username = v($_POST['auth_user']); $password = v($_POST['auth_pwd']); } } return $this->custom_auth->authenticate($username, $password, $server); return false; }
$config = new config(); $con = mysql_connect($config->getUserManagerDomain(), $config->getUserManagerUser(), $config->getUserManagerPass()); //checking to see if connection exists if (!$con) { die('Could not connect:' . mysql_error()); } //connect to database mysql_select_db($config->getUserManagerDB(), $con); //querying the table and setting it to a variable $result = mysql_query("SELECT * FROM UserInfo WHERE Email = '{$user}'"); if ($result) { $row = mysql_fetch_array($result); } if ($row['Email'] == $user && $row['Email'] != '') { $jCryption = new jCryption(); $var = $jCryption->decrypt($password, $_SESSION["d"]["int"], $_SESSION["n"]["int"]); if ($row['Password'] == $var) { //$sessionid = uniqid(); //$UserId = $row['UserId']; //$clientIp = $_SERVER['REMOTE_ADDR']; //mysql_query("DELETE FROM Session WHERE UserId='$UserId' AND ClientIp='$clientIp'"); //mysql_query("INSERT INTO Session (UserId, ClientIp, SessionKey) VALUES ('$UserId', '$clientIp', '$sessionid')"); echo 'Logged in!'; //create session here } else { echo "User found but password incorrect."; } } else { echo "User not found."; } //echo "encrypted: " . $password . " decrypted: " . $var;
public function ShowLogin($is_https, &$msg) { $timedout = UIBase::GrabInput('get', 'timedout', 'int'); $logoff = UIBase::GrabInput('get', 'logoff', 'int'); $msg = ''; if ($timedout == 1 || $logoff == 1) { $this->clear(); if ($timedout == 1) { $msg = DMsg::Err('err_sessiontimeout'); } else { $msg = DMsg::Err('err_loggedoff'); } } else { if ($this->IsValid()) { return FALSE; } } $userid = NULL; $pass = NULL; if (isset($_POST['jCryption'])) { $jCryption = new jCryption(); $var = $jCryption->decrypt($_POST['jCryption'], $_SESSION['d_int'], $_SESSION['n_int']); unset($_SESSION['d_int']); unset($_SESSION['n_int']); parse_str($var, $result); $userid = $result['userid']; $pass = $result['pass']; } else { if ($is_https && isset($_POST['userid'])) { $userid = UIBase::GrabGoodInput('POST', 'userid'); $pass = UIBase::GrabInput('POST', 'pass'); } } if ($userid != NULL) { if ($this->authenticate($userid, $pass) === TRUE) { return FALSE; } else { $msg = DMsg::Err('err_login'); } } return TRUE; }