function SSO_DecryptDBData($data) { $data2 = explode(":", $data); if (count($data2) == 3) { $mode = $data2[0] == "aes256" ? "aes256" : "blowfish"; $dual = (int) $data2[1] === 2; $data = $data2[2]; } else { $mode = "blowfish"; $dual = false; } $data = @base64_decode($data); if ($data !== false) { $key = pack("H*", SSO_BASE_RAND_SEED4); $options = array("mode" => "CBC", "iv" => pack("H*", SSO_BASE_RAND_SEED3)); if ($dual) { $options["key2"] = pack("H*", SSO_BASE_RAND_SEED5); $options["iv2"] = pack("H*", SSO_BASE_RAND_SEED6); } if ($mode == "aes256") { $data = ExtendedAES::ExtractDataPacket($data, $key, $options); } else { $data = Blowfish::ExtractDataPacket($data, $key, $options); } } if ($data !== false) { $data = @unserialize($data); } return $data; }
$info = explode(":", $sso_apikey_info["key"]); if (count($info) < 3) { return array("success" => false, "error" => SSO_Translate("Invalid secret key.")); } $sso_apikey_info["keyinfo"]["mode"] = $info[0]; $sso_apikey_info["keyinfo"]["key"] = pack("H*", $info[1]); $sso_apikey_info["keyinfo"]["opts"]["iv"] = pack("H*", $info[2]); if (count($info) >= 5) { $sso_apikey_info["keyinfo"]["opts"]["key2"] = pack("H*", $info[3]); $sso_apikey_info["keyinfo"]["opts"]["iv2"] = pack("H*", $info[4]); } unset($info); } $sso_apikey_info["keyinfo"]["opts"]["prefix"] = pack("H*", $sso_rng->GenerateToken()); if ($sso_apikey_info["keyinfo"]["mode"] === "aes256") { $sso_data = ExtendedAES::ExtractDataPacket($sso_data, $sso_apikey_info["keyinfo"]["key"], $sso_apikey_info["keyinfo"]["opts"]); } else { $sso_data = Blowfish::ExtractDataPacket($sso_data, $sso_apikey_info["keyinfo"]["key"], $sso_apikey_info["keyinfo"]["opts"]); } if ($sso_data === false) { SSO_EndpointError("Unable to decrypt data packet."); } $sso_data = @json_decode($sso_data, true); if ($sso_data === false) { SSO_EndpointError("Unable to extract data packet."); } $sso_encrypted = true; // Check the data packet against submitted data. if (!isset($sso_data["ts"]) || !isset($sso_data["apikey"]) || $_REQUEST["apikey"] !== $sso_data["apikey"] || !isset($sso_data["action"]) || $_REQUEST["action"] !== $sso_data["action"] || !isset($sso_data["ver"]) || $_REQUEST["ver"] !== $sso_data["ver"]) { SSO_EndpointError("Bad data packet. Please use an official SSO client."); }