Enano CMS (1.1.x): comparison install/includes/payload.php

equal deleted inserted replaced

-:e88534039a8d
+:2b6cdff92b09
 }
 function stg_password_decode()
 {
 	global $db;
+	global $dh_public, $dh_private, $aes_fallback;
 	static $pass = false;
 	if ( $pass )
 		return $pass;
-	if ( !isset($_POST['crypt_data']) && !empty($_POST['password']) && $_POST['password'] === $_POST['password_confirm'] )
+	if ( empty($_POST['crypt_data']) && !empty($_POST['password']) && $_POST['password'] === $_POST['password_confirm'] )
 		$pass = $_POST['password'];
-	$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
+	require_once(ENANO_ROOT . '/includes/rijndael.php');
-	// retrieve encryption key
+	require_once(ENANO_ROOT . '/includes/sessions.php');
-	$q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name=\'install_aes_key\';');
-	if ( !$q )
+	try
-		$db->_die();
+	{
-	if ( $db->numrows() < 1 )
+		$keys = array(
-		return false;
+				'public' => $dh_public,
-	list($aes_key) = $db->fetchrow_num();
+				'private' => $dh_private,
-	$aes_key = hexdecode($aes_key);
+				'aes' => $aes_fallback
+			);
-	$pass = $aes->decrypt($_POST['crypt_data'], $aes_key, ENC_HEX);
+		$pass = sessionManager::get_aes_post('password', $keys);
-	if ( !$pass )
+	}
-		return false;
+	catch ( Exception $e )
+	{
+		echo "<p>Exception details:</p><pre>$e</pre>";
+		return false;
+	}
 	return $pass; // Will be true if the password isn't crapped
 }
 function stg_make_private_key()