Exemplo n.º 1
0
 public function __construct($cryptosafe = false)
 {
     $this->mode = false;
     $this->fp = false;
     $this->cryptosafe = $cryptosafe;
     // OpenSSL first.
     if (function_exists("openssl_random_pseudo_bytes")) {
         // PHP 5.4.0 introduced native Windows CryptGenRandom() integration via php_win32_get_random_bytes() for performance.
         @openssl_random_pseudo_bytes(4, $strong);
         if ($strong) {
             $this->mode = "openssl";
         }
     }
     // Locate a (relatively) suitable source of entropy or raise an exception.
     if (strtoupper(substr(PHP_OS, 0, 3)) === "WIN") {
         // PHP 5.3.0 introduced native Windows CryptGenRandom() integration via php_win32_get_random_bytes() for functionality.
         if ($this->mode === false && PHP_VERSION_ID > 50300 && function_exists("mcrypt_create_iv")) {
             $this->mode = "mcrypt";
         }
     } else {
         if (!$cryptosafe && $this->mode === false && file_exists("/dev/arandom")) {
             // OpenBSD.  mcrypt doesn't attempt to use this despite claims of higher quality entropy with performance.
             $this->fp = @fopen("/dev/arandom", "rb");
             if ($this->fp !== false) {
                 $this->mode = "file";
             }
         }
         if ($cryptosafe && $this->mode === false && file_exists("/dev/random")) {
             // Everything else.
             $this->fp = @fopen("/dev/random", "rb");
             if ($this->fp !== false) {
                 $this->mode = "file";
             }
         }
         if (!$cryptosafe && $this->mode === false && file_exists("/dev/urandom")) {
             // Everything else.
             $this->fp = @fopen("/dev/urandom", "rb");
             if ($this->fp !== false) {
                 $this->mode = "file";
             }
         }
         if ($this->mode === false && function_exists("mcrypt_create_iv")) {
             // mcrypt_create_iv() is last because it opens and closes a file handle every single call.
             $this->mode = "mcrypt";
         }
     }
     // Throw an exception if unable to find a suitable entropy source.
     if ($this->mode === false) {
         throw new Exception(CSPRNG::RNG_Translate("Unable to locate a suitable entropy source."));
         exit;
     }
 }
 public static function createSalt($length = 32, $add_entropy = null, $do_secure = true)
 {
     if (@(include_once 'sources/csprng/support/random.php' !== false && $do_secure)) {
         // Do this cryptographically securely
         try {
             $rng = new CSPRNG();
             $salt = $rng->GenerateString($length);
         } catch (Exception $e) {
             // run this again, not securely to escape the error
             self::createSalt($length, $add_entropy, false);
         }
     } else {
         // Don't give up the ghost, try something that's not quite as good
         $id1 = uniqid(mt_rand(), true);
         $id2 = md5(date('dDjlSwzWFmMntLYayABgGhiHsOZ'));
         $id3 = crc32(self::curPageURL());
         $charset = "!@#~`%^&*()-_+={}|[]:;'<>?,./";
         $repeats = rand(0, 64);
         $i = 0;
         $csl = strlen($charset);
         while ($i < $repeats) {
             $pos = rand(0, $csl - 1);
             $id4 = substr($charset, $pos, 1);
             ++$i;
         }
         $salt = sha1($id2 . $id1 . $id3 . $id4 . $add_entropy);
         // add extra entropy if provided.
         $len = strlen($salt);
         if ($length > $len) {
             $length = $len;
         }
         $diff = strlen($salt) - $length;
         $offset = rand(0, $diff);
         $salt = substr($salt, $offset, $length);
     }
     return $salt;
 }
Exemplo n.º 3
0
 // Set up page-level calculation variables.
 define("SSO_ROOT_PATH", str_replace("\\", "/", dirname(__FILE__)));
 $url = dirname(BB_GetRequestURLBase());
 if (substr($url, -1) == "/") {
     $url = substr($url, 0, -1);
 }
 define("SSO_ROOT_URL", $url);
 $url = dirname(BB_GetFullRequestURLBase());
 if (substr($url, -1) != "/") {
     $url .= "/";
 }
 define("SSO_LOGIN_URL", $url);
 define("SSO_SUPPORT_PATH", "support");
 define("SSO_PROVIDER_PATH", "providers");
 // Generate random seeds.
 $rng = new CSPRNG(true);
 $sso_rng = $rng;
 for ($x = 0; $x < 14; $x++) {
     $seed = $rng->GenerateToken(128);
     if ($seed === false) {
         InstallError("Seed generation failed.");
     }
     define("SSO_BASE_RAND_SEED" . ($x ? $x + 1 : ""), $seed);
 }
 define("SSO_USE_LESS_SAFE_STORAGE", $_REQUEST["sso_use_less_safe_storage"] == "yes");
 // Connect to the database server.
 $databases = SSO_GetSupportedDatabases();
 $dbtype = (string) $_REQUEST["db_select"];
 if (!isset($databases[$dbtype])) {
     InstallError("Please select a database server.");
 }
Exemplo n.º 4
0
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/random.php";
SetDebugLevel();
Str::ProcessAllInput();
// Don't proceed any further if this is an acciental re-upload of this file to the root path.
if (SSO_STO_ADMIN && SSO_ROOT_PATH == str_replace("\\", "/", dirname(__FILE__))) {
    exit;
}
if (SSO_USE_HTTPS && !BB_IsSSLRequest()) {
    header("Location: " . BB_GetFullRequestURLBase("https"));
    exit;
}
// Initialize language settings.
BB_InitLangmap(SSO_ROOT_PATH . "/" . SSO_LANG_PATH . "/", SSO_DEFAULT_LANG);
BB_SetLanguage(SSO_ROOT_PATH . "/" . SSO_LANG_PATH . "/", SSO_ADMIN_LANG);
// Initialize the global CSPRNG instance.
$sso_rng = new CSPRNG();
// Calculate the remote IP address.
$sso_ipaddr = SSO_GetRemoteIP();
$bb_randpage = SSO_BASE_RAND_SEED;
$bb_rootname = "SSO Server Admin";
$bb_usertoken = "";
$sso_site_admin = false;
$sso_user_id = "0";
// Require developers to inject code here.  For example, integration with a specific login system or IP address restrictions.
if (file_exists("admin_hook.php")) {
    require_once "admin_hook.php";
}
if (!is_string($bb_usertoken) || $bb_usertoken === "") {
    echo "Invalid user token.\n";
    exit;
}
Exemplo n.º 5
0
require_once "config.php";
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/str_basics.php";
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/sso_functions.php";
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/blowfish.php";
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/aes.php";
if (!ExtendedAES::IsMcryptAvailable()) {
    require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/phpseclib/AES.php";
}
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/random.php";
Str::ProcessAllInput();
// Don't proceed any further if this is an acciental re-upload of this file to the root path.
if (SSO_STO_ENDPOINT && SSO_ROOT_PATH == str_replace("\\", "/", dirname(__FILE__))) {
    exit;
}
// Initialize the global CSPRNG instance.
$sso_rng = new CSPRNG();
// Timing attack defense.
$sso_skipsleep = false;
// Calculate the remote IP address.
$sso_ipaddr = SSO_GetRemoteIP();
// Start out with plain-text responses until the data packet is decrypted.
$sso_encrypted = false;
function SSO_EndpointOutput($result)
{
    global $sso_encrypted, $sso_apikey_info, $sso_data, $sso_skipsleep;
    if (!$sso_skipsleep) {
        SSO_RandomSleep();
    }
    $result = @json_encode($result);
    if ($sso_encrypted) {
        if ($sso_apikey_info["keyinfo"]["mode"] === "aes256") {
Exemplo n.º 6
0
function BB_CreatePage($bb_dir, $bb_file)
{
    if (defined("DEFAULT_PAGE_LANG") && DEFAULT_PAGE_LANG != "") {
        $bb_pref_lang = DEFAULT_PAGE_LANG;
    } else {
        $clientlangs = BB_ExtractClientLanguages();
        $bb_pref_lang = count($clientlangs) ? $clientlangs[0] : "en";
    }
    BB_RunPluginActionInfo("bb_createpage_pref_lang", $bb_pref_lang);
    $bb_page = array("ver" => 1.0, "redirect" => "", "cachetime" => -1, "easyedit" => true, "sitemap" => false, "sitemappriority" => "normal", "doctype" => "HTML 5", "metarobots" => "", "perms" => array(), "langs" => array($bb_pref_lang => array()), "onelang" => true, "defaultlang" => $bb_pref_lang);
    // Map 'en' to 'en_us'.
    if (strpos($bb_pref_lang, "_")) {
        $bb_page["langs"][substr($bb_pref_lang, 0, strpos($bb_pref_lang, "_"))] = $bb_pref_lang;
    }
    BB_RunPluginActionInfo("bb_createpage_bb_page", $bb_page);
    require_once ROOT_PATH . "/" . SUPPORT_PATH . "/random.php";
    $rng = new CSPRNG(false);
    $bb_langpage = array("title" => "", "metadesc" => "", "widgets" => array("root" => array("_f" => "Root/Page", "_m" => true, "_a" => "root", "_id" => "root", "_ids" => array())), "pagerand" => $rng->GenerateToken());
    BB_RunPluginActionInfo("bb_createpage_bb_langpage", $bb_langpage);
    $bb_langpagerevisions = array("rootrev" => 0, "branches" => array(), "revisions" => array(array("", serialize($bb_langpage), time(), time(), "Initial Page")));
    BB_RunPluginActionInfo("bb_createpage_bb_langpagerevisions", $bb_langpagerevisions);
    $bb_relroot = BB_MakePageDirs($bb_dir);
    $data = "<" . "?php\n";
    $data .= "\tdefine(\"BB_FILE\", 1);\n";
    $data .= "\trequire_once \"" . $bb_file . "_page.php\";\n";
    if ($bb_relroot != "") {
        $data .= "\tchdir(\$bb_relroot);\n";
    }
    $data .= "\trequire_once \"main.php\";\n";
    $data .= "?" . ">";
    if (BB_WriteFile($bb_dir . "/" . $bb_file . ".php", $data) === false) {
        return false;
    }
    $data = "<" . "?php\n";
    $data .= "\t\$bb_dir = \"" . $bb_dir . "\";\n";
    $data .= "\t\$bb_file = \"" . $bb_file . "\";\n";
    $data .= "\t\$bb_relroot = \"" . $bb_relroot . "\";\n";
    $data .= "\t\$bb_page = " . BB_CreatePHPStorageData($bb_page) . ";\n";
    $data .= "?" . ">";
    if (BB_WriteFile($bb_dir . "/" . $bb_file . "_page.php", $data) === false) {
        return false;
    }
    $data = "<" . "?php\n\t\$bb_langpage = " . BB_CreatePHPStorageData($bb_langpage) . ";\n?" . ">";
    if (BB_WriteFile($bb_dir . "/" . $bb_file . "_" . $bb_pref_lang . "_page.php", $data) === false) {
        return false;
    }
    $data = "<" . "?php\n\t\$bb_langpagerevisions = " . BB_CreatePHPStorageData($bb_langpagerevisions) . ";\n?" . ">";
    if (BB_WriteFile($bb_dir . "/" . $bb_file . "_" . $bb_pref_lang . "_rev.php", $data) === false) {
        return false;
    }
    BB_RunPluginAction("post_bb_createpage");
    return true;
}
Exemplo n.º 7
0
 define("WIDGET_PATH", "widgets");
 define("PLUGIN_PATH", "plugins");
 define("LANG_PATH", "lang");
 define("DEFAULT_LANG", $_REQUEST["default_lang"]);
 define("DEFAULT_PAGE_LANG", $_REQUEST["default_page_lang"]);
 if ($_REQUEST["write_perms"] == "g") {
     $bb_writeperms = 0220;
 } else {
     if ($_REQUEST["write_perms"] == "w") {
         $bb_writeperms = 0222;
     } else {
         $bb_writeperms = 0200;
     }
 }
 try {
     $rng = new CSPRNG(true);
 } catch (Exception $e) {
     InstallError("Unable to initialize CSPRNG.  Insufficient entropy available to this host.");
 }
 $baserand = $rng->GenerateToken();
 if ($baserand === false) {
     InstallError("Unable to generate token with CSPRNG.");
 }
 define("BASE_RAND_SEED", $baserand);
 $baserand = $rng->GenerateToken();
 if ($baserand === false) {
     InstallError("Unable to generate token with CSPRNG.");
 }
 define("BASE_RAND_SEED2", $baserand);
 define("USE_LESS_SAFE_STORAGE", $_REQUEST["use_less_safe_storage"] == "yes");
 // Generate the last widget update file (used for refreshing cached files after a widget is changed).
Exemplo n.º 8
0
    // Wipe all existing sessions.
    DisplayMessage("Resetting all sessions.");
    try {
        $sso_db->Query("TRUNCATE TABLE", array($sso_db_user_sessions));
        $sso_db->Query("TRUNCATE TABLE", array($sso_db_temp_sessions));
    } catch (Exception $e) {
        UpgradeError("Unable to wipe sessions.  " . htmlspecialchars($e->getMessage()));
    }
    $sso_settings[""]["dbversion"] = 2;
    // Save the settings so the database version is saved.
    SSO_SaveSettings();
}
if ($sso_settings[""]["dbversion"] == 2) {
    // Generate random seeds.
    if (!defined("SSO_BASE_RAND_SEED8")) {
        $rng = new CSPRNG(true);
        for ($x = 0; $x < 10; $x++) {
            $seed = $rng->GenerateToken(128);
            if ($seed === false) {
                UpgradeError("Seed generation failed.");
            }
            define("SSO_BASE_RAND_SEED" . ($x + 5), $seed);
        }
        $data = file_get_contents("config.php");
        $data .= "<" . "?php\n";
        $data .= "\tdefine(\"SSO_BASE_RAND_SEED5\", " . var_export(SSO_BASE_RAND_SEED5, true) . ");\n";
        $data .= "\tdefine(\"SSO_BASE_RAND_SEED6\", " . var_export(SSO_BASE_RAND_SEED6, true) . ");\n";
        $data .= "\tdefine(\"SSO_BASE_RAND_SEED7\", " . var_export(SSO_BASE_RAND_SEED7, true) . ");\n";
        $data .= "\tdefine(\"SSO_BASE_RAND_SEED8\", " . var_export(SSO_BASE_RAND_SEED8, true) . ");\n";
        $data .= "\tdefine(\"SSO_BASE_RAND_SEED9\", " . var_export(SSO_BASE_RAND_SEED9, true) . ");\n";
        $data .= "\tdefine(\"SSO_BASE_RAND_SEED10\", " . var_export(SSO_BASE_RAND_SEED10, true) . ");\n";