18 |
18 |
19 // AES functions required |
19 // AES functions required |
20 require_once( ENANO_ROOT . '/includes/rijndael.php' ); |
20 require_once( ENANO_ROOT . '/includes/rijndael.php' ); |
21 require_once( ENANO_ROOT . '/includes/constants.php' ); |
21 require_once( ENANO_ROOT . '/includes/constants.php' ); |
22 require_once( ENANO_ROOT . '/includes/dbal.php' ); |
22 require_once( ENANO_ROOT . '/includes/dbal.php' ); |
23 |
23 require_once( ENANO_ROOT . '/includes/sessions.php' ); |
24 // Write our temporary password key to the database |
|
25 require( ENANO_ROOT . '/config.new.php' ); |
|
26 if ( !defined('ENANO_INSTALL_HAVE_CONFIG') ) |
|
27 { |
|
28 die('Config file is corrupt'); |
|
29 } |
|
30 $db = new $dbdriver(); |
|
31 $result = $db->connect(); |
|
32 if ( !$result ) |
|
33 die('DB privileges were revoked'); |
|
34 |
|
35 // Is the key in the database? |
|
36 $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name = \'install_aes_key\';'); |
|
37 if ( !$q ) |
|
38 $db->_die(); |
|
39 if ( $db->numrows() > 0 ) |
|
40 { |
|
41 list($install_aes_key) = $db->fetchrow_num(); |
|
42 } |
|
43 else |
|
44 { |
|
45 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
|
46 $install_aes_key = $aes->gen_readymade_key(); |
|
47 |
|
48 if ( ! $db->sql_query('INSERT INTO ' . table_prefix . 'config ( config_name, config_value ) VALUES ( \'install_aes_key\', \'' . $install_aes_key .'\' ); ') ) |
|
49 $db->_die(); |
|
50 } |
|
51 $db->free_result($q); |
|
52 |
24 |
53 $ui->add_header('<script type="text/javascript" src="includes/js/formutils.js"></script>'); |
25 $ui->add_header('<script type="text/javascript" src="includes/js/formutils.js"></script>'); |
54 $ui->show_header(); |
26 $ui->show_header(); |
|
27 |
|
28 // generate the HTML for the form, and store the public and private key in the temporary config |
|
29 $aes_form = sessionManager::generate_aes_form($dh_keys); |
|
30 $fp = @fopen(ENANO_ROOT . '/config.new.php', 'a+'); |
|
31 if ( !$fp ) |
|
32 die('Couldn\'t open the config for writing'); |
|
33 fwrite($fp, " |
|
34 // DiffieHellman parameters |
|
35 \$dh_public = '{$dh_keys['public']}'; |
|
36 \$dh_private = '{$dh_keys['private']}'; |
|
37 \$aes_fallback = '{$dh_keys['aes']}'; |
|
38 "); |
|
39 fclose($fp); |
55 |
40 |
56 // FIXME: l10n |
41 // FIXME: l10n |
57 ?> |
42 ?> |
58 <h3><?php echo $lang->get('login_welcome_title'); ?></h3> |
43 <h3><?php echo $lang->get('login_welcome_title'); ?></h3> |
59 <?php echo $lang->get('login_welcome_body'); ?> |
44 <?php echo $lang->get('login_welcome_body'); ?> |
113 return false; |
98 return false; |
114 } |
99 } |
115 |
100 |
116 function submit_encrypt() |
101 function submit_encrypt() |
117 { |
102 { |
118 var frm = document.forms [ 'install_login' ]; |
103 return runEncryption(); |
119 var password = frm.password.value; |
|
120 var pass_conf = frm.password_confirm.value; |
|
121 var crypt_key = frm.crypt_key.value; |
|
122 |
|
123 if ( password != pass_conf ) |
|
124 return false; |
|
125 |
|
126 if ( !aes_self_test() ) |
|
127 // Return true to prevent form from failing |
|
128 return true; |
|
129 |
|
130 if ( frm.crypt_key.KeyBak ) |
|
131 { |
|
132 crypt_key = frm.crypt_key.KeyBak; |
|
133 } |
|
134 frm.crypt_key.KeyBak = crypt_key; |
|
135 |
|
136 password = stringToByteArray(password); |
|
137 crypt_key = hexToByteArray(crypt_key); |
|
138 |
|
139 var crypt_data = rijndaelEncrypt(password, crypt_key, 'ECB'); |
|
140 |
|
141 if ( !crypt_data ) |
|
142 { |
|
143 alert($lang.get('login_err_rijndael_failed')); |
|
144 return false; |
|
145 } |
|
146 |
|
147 crypt_data = byteArrayToHex(crypt_data); |
|
148 |
|
149 frm.password.value = ''; |
|
150 frm.password_confirm.value = ''; |
|
151 frm.crypt_key.value = ''; |
|
152 frm.crypt_data.value = crypt_data; |
|
153 |
|
154 return true; |
|
155 } |
104 } |
156 |
105 |
157 addOnloadHook(function() |
106 addOnloadHook(function() |
158 { |
107 { |
159 load_component('crypto'); |
108 load_component('crypto'); |
166 |
115 |
167 <form action="install.php?stage=confirm" method="post" name="install_login" onsubmit="return ( verify_submit() && submit_encrypt() );"><?php |
116 <form action="install.php?stage=confirm" method="post" name="install_login" onsubmit="return ( verify_submit() && submit_encrypt() );"><?php |
168 foreach ( $_POST as $key => &$value ) |
117 foreach ( $_POST as $key => &$value ) |
169 { |
118 { |
170 if ( !preg_match('/^[a-z0-9_]+$/', $key) ) |
119 if ( !preg_match('/^[a-z0-9_]+$/', $key) ) |
171 die('You idiot hacker...'); |
120 die('...really?'); |
172 if ( $key == '_cont' ) |
121 if ( $key == '_cont' ) |
173 continue; |
122 continue; |
174 $value_clean = str_replace(array('\\', '"', '<', '>'), array('\\\\', '\\"', '<', '>'), $value); |
123 $value_clean = str_replace(array('\\', '"', '<', '>'), array('\\\\', '\\"', '<', '>'), $value); |
175 echo "\n <input type=\"hidden\" name=\"$key\" value=\"$value_clean\" />"; |
124 echo "\n <input type=\"hidden\" name=\"$key\" value=\"$value_clean\" />"; |
176 } |
125 } |
177 |
126 |
178 $https = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ); |
127 $https = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ); |
179 $scriptpath_full = 'http' . ( $https ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST'] . scriptPath . '/'; |
128 $scriptpath_full = 'http' . ( $https ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST'] . scriptPath . '/'; |
180 ?> |
129 ?> |
181 |
|
182 <input type="hidden" name="crypt_key" value="<?php echo $install_aes_key; ?>" /> |
|
183 <input type="hidden" name="crypt_data" value="" /> |
|
184 |
130 |
185 <table border="0" cellspacing="0" cellpadding="10" style="width: 100%;"> |
131 <table border="0" cellspacing="0" cellpadding="10" style="width: 100%;"> |
186 |
132 |
187 <tr> |
133 <tr> |
188 <td style="width: 50%;"> |
134 <td style="width: 50%;"> |