plugins/admin/UserManager.php
changeset 742 551b6a0aa3b4
parent 741 a216e412c439
child 770 62fed244fa1c
equal deleted inserted replaced
741:a216e412c439 742:551b6a0aa3b4
    75         
    75         
    76         $password = false;
    76         $password = false;
    77         if ( $_POST['changing_pw'] == 'yes' )
    77         if ( $_POST['changing_pw'] == 'yes' )
    78         {
    78         {
    79           $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
    79           $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
    80           $key_hex_md5 = $_POST['crypt_key'];
    80           if ( $_POST['dh_supported'] === 'true' )
    81           $key_hex = $session->fetch_public_key($key_hex_md5);
       
    82           if ( $key_hex )
       
    83           {
    81           {
    84             $key_bin = hexdecode($key_hex);
    82             $my_public = $_POST['dh_public'];
    85             $data_hex = $_POST['crypt_data'];
    83             $remote_public = $_POST['dh_mypublic'];
    86             $password = $aes->decrypt($data_hex, $key_bin, ENC_HEX);
    84             
       
    85             // Check the key
       
    86             if ( !preg_match('/^[0-9]+$/', $my_public) || !preg_match('/^[0-9]+$/', $remote_public) )
       
    87             {
       
    88               $errors[] = $lang->get('user_err_dh_key_not_numeric');
       
    89             }
       
    90             else
       
    91             {
       
    92               // We have our own public key - cross reference it with the private key in the database
       
    93               $q = $db->sql_query('SELECT private_key, key_id FROM ' . table_prefix . "diffiehellman WHERE public_key = '$my_public';");
       
    94               if ( !$q )
       
    95                 $db->_die();
       
    96               
       
    97               if ( $db->numrows() < 1 )
       
    98               {
       
    99                 $errors[] = $lang->get('user_err_dh_key_not_found');
       
   100               }
       
   101               else
       
   102               {
       
   103                 list($my_private, $key_id) = $db->fetchrow_num($q);
       
   104                 $db->free_result();
       
   105                 // now that we have this key it can be disposed of
       
   106                 $q = $db->sql_query("DELETE FROM " . table_prefix . "diffiehellman WHERE key_id = $key_id;");
       
   107                 if ( !$q )
       
   108                   $db->_die();
       
   109                 // get the shared secret
       
   110                 $dh_secret = dh_gen_shared_secret($my_private, $remote_public);
       
   111                 global $_math;
       
   112                 $dh_secret = $_math->str($dh_secret);
       
   113                 
       
   114                 // make sure we calculated everything right
       
   115                 $secret_check = sha1($dh_secret);
       
   116                 if ( $secret_check !== $_POST['crypt_key'] )
       
   117                 {
       
   118                   // uh-oh.
       
   119                   $errors[] = $lang->get('user_err_dh_key_not_found');
       
   120                 }
       
   121                 else
       
   122                 {
       
   123                   $aes_key = substr(sha256($dh_secret), 0, ( AES_BITS / 4 ));
       
   124                   $aes_key = hexdecode($aes_key);
       
   125                   $password = $aes->decrypt($_POST['crypt_data'], $aes_key, ENC_HEX);
       
   126                 }
       
   127               }
       
   128             }
       
   129           }
       
   130           else if ( $_POST['dh_supported'] === 'false' )
       
   131           {
       
   132             $key_hex_md5 = $_POST['crypt_key'];
       
   133             $key_hex = $session->fetch_public_key($key_hex_md5);
       
   134             if ( $key_hex )
       
   135             {
       
   136               $key_bin = hexdecode($key_hex);
       
   137               $data_hex = $_POST['crypt_data'];
       
   138               $password = $aes->decrypt($data_hex, $key_bin, ENC_HEX);
       
   139             }
    87           }
   140           }
    88           else
   141           else
    89           {
   142           {
    90             $errors[] = $lang->get('acpum_err_no_aes_key');
   143             $errors[] = $lang->get('acpum_err_no_aes_key');
    91           }
   144           }