function login($email, $password)
{
global $sid, $master_key, $rsa_priv_key;
$password_aes = prepare_key(str_to_a32($password));
$uh = stringhash(strtolower($email), $password_aes);
$res = api_req(array('a' => 'us', 'user' => $email, 'uh' => $uh));
$enc_master_key = base64_to_a32($res->k);
$master_key = decrypt_key($enc_master_key, $password_aes);
if (!empty($res->csid)) {
$enc_rsa_priv_key = base64_to_a32($res->privk);
$rsa_priv_key = decrypt_key($enc_rsa_priv_key, $master_key);
$privk = a32_to_str($rsa_priv_key);
$rsa_priv_key = array(0, 0, 0, 0);
for ($i = 0; $i < 4; $i++) {
$l = (ord($privk[0]) * 256 + ord($privk[1]) + 7) / 8 + 2;
$rsa_priv_key[$i] = mpi2bc(substr($privk, 0, $l));
$privk = substr($privk, $l);
}
$enc_sid = mpi2bc(base64urldecode($res->csid));
$sid = rsa_decrypt($enc_sid, $rsa_priv_key[0], $rsa_priv_key[1], $rsa_priv_key[2]);
$sid = base64urlencode(substr(strrev($sid), 0, 43));
}
}
function SavedLogin($user, $pass)
{
global $T8, $cookie, $secretkey;
if (!defined('DOWNLOAD_DIR')) {
global $options;
if (substr($options['download_dir'], -1) != '/') {
$options['download_dir'] .= '/';
}
define('DOWNLOAD_DIR', substr($options['download_dir'], 0, 6) == 'ftp://' ? '' : $options['download_dir']);
}
$user = strtolower($user);
$filename = DOWNLOAD_DIR . basename('mega_ul.php');
if (!file_exists($filename) || filesize($filename) <= 6) {
return Login($user, $pass);
}
$file = file($filename);
$savedcookies = unserialize($file[1]);
unset($file);
$hash = hash('crc32b', $user . ':' . $pass);
if (is_array($savedcookies) && array_key_exists($hash, $savedcookies)) {
$_secretkey = $secretkey;
$secretkey = hash('crc32b', $pass) . sha1($user . ':' . $pass) . hash('crc32b', $user);
// A 56 char key should be safer. :D
$cookie = decrypt(urldecode($savedcookies[$hash]['enc'])) == 'OK' ? IWillNameItLater($savedcookies[$hash]['cookie']) : '';
$secretkey = $_secretkey;
if (is_array($cookie) && count($cookie) < 1 || empty($cookie)) {
return Login($user, $pass);
}
$T8['sid'] = $cookie['sid'];
$T8['user_handle'] = $cookie['user_handle'];
$T8['master_key'] = base64_to_a32($cookie['master_key']);
$T8['root_id'] = $cookie['root_id'];
$rsa_priv_key = explode('/T8\\', $cookie['rsa_priv_key']);
$test = apiReq(array('a' => 'uq'));
// I'm using the 'User quota details' request for validating the session id.
if (is_numeric($test[0]) && $test[0] < 0) {
if ($test[0] == -15) {
// Session code expired... We need to get a newer one.
if (!extension_loaded('bcmath')) {
html_error('This plugin needs BCMath extension for login.');
}
$T8['sid'] = false;
// Do not send old sid or it will get '-15' error.
$res = apiReq(array('a' => 'us', 'user' => $user, 'uh' => $T8['user_handle']));
if (is_numeric($res[0])) {
check_errors($res[0], 'Cannot re-login');
}
$T8['sid'] = rsa_decrypt(mpi2bc(base64url_decode($res[0]['csid'])), $rsa_priv_key[0], $rsa_priv_key[1], $rsa_priv_key[2]);
$T8['sid'] = base64url_encode(substr(strrev($T8['sid']), 0, 43));
t8ArrToCookieArr();
SaveCookies($user, $pass);
// Update cookies file with new SID.
$cookie = '';
return;
}
check_errors($test[0], 'Cannot validate saved-login');
}
SaveCookies($user, $pass);
// Update last used time.
$cookie = '';
return;
}
return Login($user, $pass);
}
