public function __construct($cryptosafe = false)
{
$this->mode = false;
$this->fp = false;
$this->cryptosafe = $cryptosafe;
// OpenSSL first.
if (function_exists("openssl_random_pseudo_bytes")) {
// PHP 5.4.0 introduced native Windows CryptGenRandom() integration via php_win32_get_random_bytes() for performance.
@openssl_random_pseudo_bytes(4, $strong);
if ($strong) {
$this->mode = "openssl";
}
}
// Locate a (relatively) suitable source of entropy or raise an exception.
if (strtoupper(substr(PHP_OS, 0, 3)) === "WIN") {
// PHP 5.3.0 introduced native Windows CryptGenRandom() integration via php_win32_get_random_bytes() for functionality.
if ($this->mode === false && PHP_VERSION_ID > 50300 && function_exists("mcrypt_create_iv")) {
$this->mode = "mcrypt";
}
} else {
if (!$cryptosafe && $this->mode === false && file_exists("/dev/arandom")) {
// OpenBSD. mcrypt doesn't attempt to use this despite claims of higher quality entropy with performance.
$this->fp = @fopen("/dev/arandom", "rb");
if ($this->fp !== false) {
$this->mode = "file";
}
}
if ($cryptosafe && $this->mode === false && file_exists("/dev/random")) {
// Everything else.
$this->fp = @fopen("/dev/random", "rb");
if ($this->fp !== false) {
$this->mode = "file";
}
}
if (!$cryptosafe && $this->mode === false && file_exists("/dev/urandom")) {
// Everything else.
$this->fp = @fopen("/dev/urandom", "rb");
if ($this->fp !== false) {
$this->mode = "file";
}
}
if ($this->mode === false && function_exists("mcrypt_create_iv")) {
// mcrypt_create_iv() is last because it opens and closes a file handle every single call.
$this->mode = "mcrypt";
}
}
// Throw an exception if unable to find a suitable entropy source.
if ($this->mode === false) {
throw new Exception(CSPRNG::RNG_Translate("Unable to locate a suitable entropy source."));
exit;
}
}
public static function createSalt($length = 32, $add_entropy = null, $do_secure = true)
{
if (@(include_once 'sources/csprng/support/random.php' !== false && $do_secure)) {
// Do this cryptographically securely
try {
$rng = new CSPRNG();
$salt = $rng->GenerateString($length);
} catch (Exception $e) {
// run this again, not securely to escape the error
self::createSalt($length, $add_entropy, false);
}
} else {
// Don't give up the ghost, try something that's not quite as good
$id1 = uniqid(mt_rand(), true);
$id2 = md5(date('dDjlSwzWFmMntLYayABgGhiHsOZ'));
$id3 = crc32(self::curPageURL());
$charset = "!@#~`%^&*()-_+={}|[]:;'<>?,./";
$repeats = rand(0, 64);
$i = 0;
$csl = strlen($charset);
while ($i < $repeats) {
$pos = rand(0, $csl - 1);
$id4 = substr($charset, $pos, 1);
++$i;
}
$salt = sha1($id2 . $id1 . $id3 . $id4 . $add_entropy);
// add extra entropy if provided.
$len = strlen($salt);
if ($length > $len) {
$length = $len;
}
$diff = strlen($salt) - $length;
$offset = rand(0, $diff);
$salt = substr($salt, $offset, $length);
}
return $salt;
}
// Set up page-level calculation variables.
define("SSO_ROOT_PATH", str_replace("\\", "/", dirname(__FILE__)));
$url = dirname(BB_GetRequestURLBase());
if (substr($url, -1) == "/") {
$url = substr($url, 0, -1);
}
define("SSO_ROOT_URL", $url);
$url = dirname(BB_GetFullRequestURLBase());
if (substr($url, -1) != "/") {
$url .= "/";
}
define("SSO_LOGIN_URL", $url);
define("SSO_SUPPORT_PATH", "support");
define("SSO_PROVIDER_PATH", "providers");
// Generate random seeds.
$rng = new CSPRNG(true);
$sso_rng = $rng;
for ($x = 0; $x < 14; $x++) {
$seed = $rng->GenerateToken(128);
if ($seed === false) {
InstallError("Seed generation failed.");
}
define("SSO_BASE_RAND_SEED" . ($x ? $x + 1 : ""), $seed);
}
define("SSO_USE_LESS_SAFE_STORAGE", $_REQUEST["sso_use_less_safe_storage"] == "yes");
// Connect to the database server.
$databases = SSO_GetSupportedDatabases();
$dbtype = (string) $_REQUEST["db_select"];
if (!isset($databases[$dbtype])) {
InstallError("Please select a database server.");
}
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/random.php";
SetDebugLevel();
Str::ProcessAllInput();
// Don't proceed any further if this is an acciental re-upload of this file to the root path.
if (SSO_STO_ADMIN && SSO_ROOT_PATH == str_replace("\\", "/", dirname(__FILE__))) {
exit;
}
if (SSO_USE_HTTPS && !BB_IsSSLRequest()) {
header("Location: " . BB_GetFullRequestURLBase("https"));
exit;
}
// Initialize language settings.
BB_InitLangmap(SSO_ROOT_PATH . "/" . SSO_LANG_PATH . "/", SSO_DEFAULT_LANG);
BB_SetLanguage(SSO_ROOT_PATH . "/" . SSO_LANG_PATH . "/", SSO_ADMIN_LANG);
// Initialize the global CSPRNG instance.
$sso_rng = new CSPRNG();
// Calculate the remote IP address.
$sso_ipaddr = SSO_GetRemoteIP();
$bb_randpage = SSO_BASE_RAND_SEED;
$bb_rootname = "SSO Server Admin";
$bb_usertoken = "";
$sso_site_admin = false;
$sso_user_id = "0";
// Require developers to inject code here. For example, integration with a specific login system or IP address restrictions.
if (file_exists("admin_hook.php")) {
require_once "admin_hook.php";
}
if (!is_string($bb_usertoken) || $bb_usertoken === "") {
echo "Invalid user token.\n";
exit;
}
require_once "config.php";
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/str_basics.php";
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/sso_functions.php";
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/blowfish.php";
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/aes.php";
if (!ExtendedAES::IsMcryptAvailable()) {
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/phpseclib/AES.php";
}
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/random.php";
Str::ProcessAllInput();
// Don't proceed any further if this is an acciental re-upload of this file to the root path.
if (SSO_STO_ENDPOINT && SSO_ROOT_PATH == str_replace("\\", "/", dirname(__FILE__))) {
exit;
}
// Initialize the global CSPRNG instance.
$sso_rng = new CSPRNG();
// Timing attack defense.
$sso_skipsleep = false;
// Calculate the remote IP address.
$sso_ipaddr = SSO_GetRemoteIP();
// Start out with plain-text responses until the data packet is decrypted.
$sso_encrypted = false;
function SSO_EndpointOutput($result)
{
global $sso_encrypted, $sso_apikey_info, $sso_data, $sso_skipsleep;
if (!$sso_skipsleep) {
SSO_RandomSleep();
}
$result = @json_encode($result);
if ($sso_encrypted) {
if ($sso_apikey_info["keyinfo"]["mode"] === "aes256") {
function BB_CreatePage($bb_dir, $bb_file)
{
if (defined("DEFAULT_PAGE_LANG") && DEFAULT_PAGE_LANG != "") {
$bb_pref_lang = DEFAULT_PAGE_LANG;
} else {
$clientlangs = BB_ExtractClientLanguages();
$bb_pref_lang = count($clientlangs) ? $clientlangs[0] : "en";
}
BB_RunPluginActionInfo("bb_createpage_pref_lang", $bb_pref_lang);
$bb_page = array("ver" => 1.0, "redirect" => "", "cachetime" => -1, "easyedit" => true, "sitemap" => false, "sitemappriority" => "normal", "doctype" => "HTML 5", "metarobots" => "", "perms" => array(), "langs" => array($bb_pref_lang => array()), "onelang" => true, "defaultlang" => $bb_pref_lang);
// Map 'en' to 'en_us'.
if (strpos($bb_pref_lang, "_")) {
$bb_page["langs"][substr($bb_pref_lang, 0, strpos($bb_pref_lang, "_"))] = $bb_pref_lang;
}
BB_RunPluginActionInfo("bb_createpage_bb_page", $bb_page);
require_once ROOT_PATH . "/" . SUPPORT_PATH . "/random.php";
$rng = new CSPRNG(false);
$bb_langpage = array("title" => "", "metadesc" => "", "widgets" => array("root" => array("_f" => "Root/Page", "_m" => true, "_a" => "root", "_id" => "root", "_ids" => array())), "pagerand" => $rng->GenerateToken());
BB_RunPluginActionInfo("bb_createpage_bb_langpage", $bb_langpage);
$bb_langpagerevisions = array("rootrev" => 0, "branches" => array(), "revisions" => array(array("", serialize($bb_langpage), time(), time(), "Initial Page")));
BB_RunPluginActionInfo("bb_createpage_bb_langpagerevisions", $bb_langpagerevisions);
$bb_relroot = BB_MakePageDirs($bb_dir);
$data = "<" . "?php\n";
$data .= "\tdefine(\"BB_FILE\", 1);\n";
$data .= "\trequire_once \"" . $bb_file . "_page.php\";\n";
if ($bb_relroot != "") {
$data .= "\tchdir(\$bb_relroot);\n";
}
$data .= "\trequire_once \"main.php\";\n";
$data .= "?" . ">";
if (BB_WriteFile($bb_dir . "/" . $bb_file . ".php", $data) === false) {
return false;
}
$data = "<" . "?php\n";
$data .= "\t\$bb_dir = \"" . $bb_dir . "\";\n";
$data .= "\t\$bb_file = \"" . $bb_file . "\";\n";
$data .= "\t\$bb_relroot = \"" . $bb_relroot . "\";\n";
$data .= "\t\$bb_page = " . BB_CreatePHPStorageData($bb_page) . ";\n";
$data .= "?" . ">";
if (BB_WriteFile($bb_dir . "/" . $bb_file . "_page.php", $data) === false) {
return false;
}
$data = "<" . "?php\n\t\$bb_langpage = " . BB_CreatePHPStorageData($bb_langpage) . ";\n?" . ">";
if (BB_WriteFile($bb_dir . "/" . $bb_file . "_" . $bb_pref_lang . "_page.php", $data) === false) {
return false;
}
$data = "<" . "?php\n\t\$bb_langpagerevisions = " . BB_CreatePHPStorageData($bb_langpagerevisions) . ";\n?" . ">";
if (BB_WriteFile($bb_dir . "/" . $bb_file . "_" . $bb_pref_lang . "_rev.php", $data) === false) {
return false;
}
BB_RunPluginAction("post_bb_createpage");
return true;
}
define("WIDGET_PATH", "widgets");
define("PLUGIN_PATH", "plugins");
define("LANG_PATH", "lang");
define("DEFAULT_LANG", $_REQUEST["default_lang"]);
define("DEFAULT_PAGE_LANG", $_REQUEST["default_page_lang"]);
if ($_REQUEST["write_perms"] == "g") {
$bb_writeperms = 0220;
} else {
if ($_REQUEST["write_perms"] == "w") {
$bb_writeperms = 0222;
} else {
$bb_writeperms = 0200;
}
}
try {
$rng = new CSPRNG(true);
} catch (Exception $e) {
InstallError("Unable to initialize CSPRNG. Insufficient entropy available to this host.");
}
$baserand = $rng->GenerateToken();
if ($baserand === false) {
InstallError("Unable to generate token with CSPRNG.");
}
define("BASE_RAND_SEED", $baserand);
$baserand = $rng->GenerateToken();
if ($baserand === false) {
InstallError("Unable to generate token with CSPRNG.");
}
define("BASE_RAND_SEED2", $baserand);
define("USE_LESS_SAFE_STORAGE", $_REQUEST["use_less_safe_storage"] == "yes");
// Generate the last widget update file (used for refreshing cached files after a widget is changed).
// Wipe all existing sessions.
DisplayMessage("Resetting all sessions.");
try {
$sso_db->Query("TRUNCATE TABLE", array($sso_db_user_sessions));
$sso_db->Query("TRUNCATE TABLE", array($sso_db_temp_sessions));
} catch (Exception $e) {
UpgradeError("Unable to wipe sessions. " . htmlspecialchars($e->getMessage()));
}
$sso_settings[""]["dbversion"] = 2;
// Save the settings so the database version is saved.
SSO_SaveSettings();
}
if ($sso_settings[""]["dbversion"] == 2) {
// Generate random seeds.
if (!defined("SSO_BASE_RAND_SEED8")) {
$rng = new CSPRNG(true);
for ($x = 0; $x < 10; $x++) {
$seed = $rng->GenerateToken(128);
if ($seed === false) {
UpgradeError("Seed generation failed.");
}
define("SSO_BASE_RAND_SEED" . ($x + 5), $seed);
}
$data = file_get_contents("config.php");
$data .= "<" . "?php\n";
$data .= "\tdefine(\"SSO_BASE_RAND_SEED5\", " . var_export(SSO_BASE_RAND_SEED5, true) . ");\n";
$data .= "\tdefine(\"SSO_BASE_RAND_SEED6\", " . var_export(SSO_BASE_RAND_SEED6, true) . ");\n";
$data .= "\tdefine(\"SSO_BASE_RAND_SEED7\", " . var_export(SSO_BASE_RAND_SEED7, true) . ");\n";
$data .= "\tdefine(\"SSO_BASE_RAND_SEED8\", " . var_export(SSO_BASE_RAND_SEED8, true) . ");\n";
$data .= "\tdefine(\"SSO_BASE_RAND_SEED9\", " . var_export(SSO_BASE_RAND_SEED9, true) . ");\n";
$data .= "\tdefine(\"SSO_BASE_RAND_SEED10\", " . var_export(SSO_BASE_RAND_SEED10, true) . ");\n";