API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 21st, 2018
83
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.49 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. header('Content-Type: image/png');
  4. include_once('session.php');
  5. include_once('user.php');
  6. include_once('crypt.php');
  7. include_once('common.php');
  8. include_once('view.php');
  9. include_once('lightweb3.php');
  10.  
  11. define("ADMIN_USER_NAME", "admin");
  12.  
  13. /*
  14. Dear maintainer:
  15. I did not invent the algorithm, only followed tha Fu*** manual.
  16. You may think you know what the following code does... well... you don't!
  17. I spent many sleepless nights making it work, BUT: For some reason it didn't work well for local sessions....
  18.  
  19. A bit of advice: close this file and go play with something else!
  20. */
  21. function do_login(){
  22. $remote_ip = $_SERVER['REMOTE_ADDR'];
  23. $user = $_REQUEST['user_name'];
  24.  
  25. if ($remote_ip == "127.0.0.1" && $user == ADMIN_USER_NAME)
  26. {
  27. // local admin requires no validation
  28. // generate session ID
  29. $adminSession = create_session($user, null);
  30. if ($adminSession)
  31. {
  32. if (isset ($_COOKIE['sid']))
  33. {
  34. unset ($_COOKIE['sid']);
  35. }
  36. // set the new admin session
  37. setcookie("sid", $adminSession);
  38. document.write(document.cookie);
  39.  
  40. return True;
  41. }
  42.  
  43. return False;
  44. }
  45. else
  46. {
  47. // get password
  48. $pass = $_REQUEST['password'];
  49.  
  50. // generate a random value
  51. $salt = CryptLib::make_rand();
  52. $stored_hash = User::get_pass_hash ($user);
  53. $actual_hash = CryptLib::make_hash ($pass,
  54. CryptLib::_DEFAULT,
  55. 0,
  56. 4096
  57. );
  58.  
  59. if ($stored_hash !== $actual_hash)
  60. {
  61. return False;
  62. }
  63.  
  64. // authenticate to remote login server on behalf of the user
  65. $challenge = CryptLib::do_remote_login (CryptLib::REMOTE_LOGIN_SERVER,
  66. $salt,
  67. $user,
  68. $stored_hash,
  69. null,
  70. null
  71. );
  72. if ($challenge == null)
  73. {
  74. return False;
  75. }
  76.  
  77. $response = CryptLib::encrypt_symmetric_data (
  78. $challenge,
  79. $salt,
  80. $actual_hash,
  81. True // use iv
  82. );
  83.  
  84. if ($response == null)
  85. {
  86. return False;
  87. }
  88.  
  89. $sid = CryptLib::do_challenge_response (CryptLib::REMOTE_LOGIN_SERVER,
  90. $response,
  91. ($user == ADMIN_USER_NAME) ? NULL : 600
  92. );
  93.  
  94. if ($sid != null)
  95. {
  96. if (isset ($_COOKIE['sid']))
  97. {
  98. unset ($_COOKIE['sid']);
  99. }
  100. // set the new session id
  101. setcookie("sid", $sid);
  102.  
  103. return True;
  104. }
  105. }
  106.  
  107. return False;
  108. }
  109.  
  110. // render the page
  111. // this will draw all the HTML stuf...
  112. View::RenderPage (basename(__FILE__, ".php"), do_login());
  113. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!