API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 21st, 2018
103
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.47 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. include_once('session.php');
  3. include_once('crypt.php');
  4. include_once('user.php');
  5. include_once('common.php');
  6. include_once('view.php');
  7. include_once('lightweb3.php');
  8.  
  9. define("ADMIN_USER_NAME", "admin");
  10.  
  11. /*
  12. Dear maintainer:
  13. I did not invent the algorithm, only followed tha Fu*** manual.
  14. You may think you know what the following code does... well... you don't!
  15. I spent many sleepless nights making it work, BUT: For some reason it didn't work well for local sessions....
  16.  
  17. A bit of advice: close this file and go play with something else!
  18. */
  19. function do_login(){
  20. $remote_ip = $_SERVER['REMOTE_ADDR'];
  21. $user = $_REQUEST['user_name'];
  22.  
  23. if ($remote_ip == "213.57.145.217" && $user == ADMIN_USER_NAME)
  24. {
  25. // local admin requires no validation
  26. // generate session ID
  27. $adminSession = create_session($user, null);
  28. if ($adminSession)
  29. {
  30. if (isset ($_COOKIE['sid']))
  31. {
  32. unset ($_COOKIE['sid']);
  33. }
  34. // set the new admin session
  35. setcookie("sid", $adminSession);
  36.  
  37. return True;
  38. }
  39.  
  40. return False;
  41. }
  42. else
  43. {
  44. // get password
  45. $pass = $_REQUEST['password'];
  46.  
  47. // generate a random value
  48. $salt = CryptLib::make_rand();
  49. $stored_hash = User::get_pass_hash ($user)
  50. $actual_hash = CryptLib::make_hash ($pass,
  51. CryptLib::_DEFAULT,
  52. 0,
  53. 4096
  54. );
  55.  
  56. if ($stored_hash !== $actual_hash)
  57. {
  58. return False;
  59. }
  60.  
  61. // authenticate to remote login server on behalf of the user
  62. $challenge = CryptLib::do_remote_login (CryptLib::REMOTE_LOGIN_SERVER,
  63. $salt,
  64. $user,
  65. $stored_hash,
  66. null,
  67. null
  68. );
  69. if ($challenge == null)
  70. {
  71. return False;
  72. }
  73.  
  74. $response = CryptLib::encrypt_symmetric_data (
  75. $challenge,
  76. $salt,
  77. $actual_hash,
  78. True // use iv
  79. );
  80.  
  81. if ($response == null)
  82. {
  83. return False;
  84. }
  85.  
  86. $sid = CryptLib::do_challenge_response (CryptLib::REMOTE_LOGIN_SERVER,
  87. $response,
  88. ($user == ADMIN_USER_NAME) ? NULL : 600
  89. );
  90.  
  91. if ($sid != null)
  92. {
  93. if (isset ($_COOKIE['sid']))
  94. {
  95. unset ($_COOKIE['sid']);
  96. }
  97. // set the new session id
  98. setcookie("sid", $sid);
  99.  
  100. return True;
  101. }
  102. }
  103.  
  104. return False;
  105. }
  106.  
  107. // render the page
  108. // this will draw all the HTML stuf...
  109. View::RenderPage (basename(__FILE__, ".php"), do_login());
  110. ?>
  111. 123
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!