function login($email, $password) { global $sid, $master_key, $rsa_priv_key; $password_aes = prepare_key(str_to_a32($password)); $uh = stringhash(strtolower($email), $password_aes); $res = api_req(array('a' => 'us', 'user' => $email, 'uh' => $uh)); $enc_master_key = base64_to_a32($res->k); $master_key = decrypt_key($enc_master_key, $password_aes); if (!empty($res->csid)) { $enc_rsa_priv_key = base64_to_a32($res->privk); $rsa_priv_key = decrypt_key($enc_rsa_priv_key, $master_key); $privk = a32_to_str($rsa_priv_key); $rsa_priv_key = array(0, 0, 0, 0); for ($i = 0; $i < 4; $i++) { $l = (ord($privk[0]) * 256 + ord($privk[1]) + 7) / 8 + 2; $rsa_priv_key[$i] = mpi2bc(substr($privk, 0, $l)); $privk = substr($privk, $l); } $enc_sid = mpi2bc(base64urldecode($res->csid)); $sid = rsa_decrypt($enc_sid, $rsa_priv_key[0], $rsa_priv_key[1], $rsa_priv_key[2]); $sid = base64urlencode(substr(strrev($sid), 0, 43)); } }
function SavedLogin($user, $pass) { global $T8, $cookie, $secretkey; if (!defined('DOWNLOAD_DIR')) { global $options; if (substr($options['download_dir'], -1) != '/') { $options['download_dir'] .= '/'; } define('DOWNLOAD_DIR', substr($options['download_dir'], 0, 6) == 'ftp://' ? '' : $options['download_dir']); } $user = strtolower($user); $filename = DOWNLOAD_DIR . basename('mega_ul.php'); if (!file_exists($filename) || filesize($filename) <= 6) { return Login($user, $pass); } $file = file($filename); $savedcookies = unserialize($file[1]); unset($file); $hash = hash('crc32b', $user . ':' . $pass); if (is_array($savedcookies) && array_key_exists($hash, $savedcookies)) { $_secretkey = $secretkey; $secretkey = hash('crc32b', $pass) . sha1($user . ':' . $pass) . hash('crc32b', $user); // A 56 char key should be safer. :D $cookie = decrypt(urldecode($savedcookies[$hash]['enc'])) == 'OK' ? IWillNameItLater($savedcookies[$hash]['cookie']) : ''; $secretkey = $_secretkey; if (is_array($cookie) && count($cookie) < 1 || empty($cookie)) { return Login($user, $pass); } $T8['sid'] = $cookie['sid']; $T8['user_handle'] = $cookie['user_handle']; $T8['master_key'] = base64_to_a32($cookie['master_key']); $T8['root_id'] = $cookie['root_id']; $rsa_priv_key = explode('/T8\\', $cookie['rsa_priv_key']); $test = apiReq(array('a' => 'uq')); // I'm using the 'User quota details' request for validating the session id. if (is_numeric($test[0]) && $test[0] < 0) { if ($test[0] == -15) { // Session code expired... We need to get a newer one. if (!extension_loaded('bcmath')) { html_error('This plugin needs BCMath extension for login.'); } $T8['sid'] = false; // Do not send old sid or it will get '-15' error. $res = apiReq(array('a' => 'us', 'user' => $user, 'uh' => $T8['user_handle'])); if (is_numeric($res[0])) { check_errors($res[0], 'Cannot re-login'); } $T8['sid'] = rsa_decrypt(mpi2bc(base64url_decode($res[0]['csid'])), $rsa_priv_key[0], $rsa_priv_key[1], $rsa_priv_key[2]); $T8['sid'] = base64url_encode(substr(strrev($T8['sid']), 0, 43)); t8ArrToCookieArr(); SaveCookies($user, $pass); // Update cookies file with new SID. $cookie = ''; return; } check_errors($test[0], 'Cannot validate saved-login'); } SaveCookies($user, $pass); // Update last used time. $cookie = ''; return; } return Login($user, $pass); }