$salt = hash_hmac('sha256', $saltKey, $i, true); if ($row['hash'] == substr(hash_hmac('sha512', $_POST['password'], $salt, false), 0, 64)) { // CORRECT PASSWORD: $found = true; $key = substr(hash_hmac('sha512', $_POST['password'], $salt, true), 32); // 32 bytes = 256 bits, encryption key $IV = hash_hmac('sha256', $_POST['password'], $salt, true); // 32 bytes = 256 bits, IV $newHash = hash('sha256', openssl_random_pseudo_bytes(64)); $url = AES256_Decrypt($row['ciphertext'], $key, $IV); $newCipher = base64_encode(openssl_random_pseudo_bytes(strlen(base64_decode($row['ciphertext'])))); // For replacing $DB->exec("UPDATE rings SET validFlag = '0', ciphertext = '{$newCipher}', hash = '{$newHash}' WHERE id = '{$i}'"); $numValid--; if ($numValid < 1) { while (!shredData(NONCE_ROOT . "{$req}.ring")) { // If it returns false, wait a few clock cycles usleep(1000); } } // Overwrite //ob_end_clean(); if (!$_COOKIE['neverForward']) { header("Location: {$data}"); die($url); } else { $data = removeXSS($data); // Experimental; without warranty include "includes/header.php"; echo "The destination URL is: <a href=\"" . $data . "\">" . $data . "</a>"; include "includes/footer.php";
if ($_COOKIE['alwaysForward']) { header("Location: {$data}"); } else { $data = removeXSS($data); // Experimental; without warranty include "includes/header.php"; echo "The destination URL is: <a href=\"" . $data . "\">" . $data . "</a>"; include "includes/footer.php"; } } else { // Prompt for username and password include "includes/header.php"; echo "<div style=\"color: red;\">Incorrect password.</div>\n"; include "includes/nonce-pw.php"; include "includes/footer.php"; } } else { // Prompt for username and password include "includes/header.php"; include "includes/nonce-pw.php"; include "includes/footer.php"; } } else { while (!shredData(NONCE_ROOT . "{$req}.nonce")) { // If it returns false, wait a few clock cycles usleep(1000); } header("Location: http://tlwsd.in/404.php", false, 404); exit; // LOL NOPE }