--- a/install/includes/payload.php Tue Apr 06 10:46:25 2010 -0400
+++ b/install/includes/payload.php Tue Apr 06 15:54:45 2010 -0400
@@ -31,27 +31,32 @@
function stg_password_decode()
{
global $db;
+ global $dh_public, $dh_private, $aes_fallback;
static $pass = false;
if ( $pass )
return $pass;
- if ( !isset($_POST['crypt_data']) && !empty($_POST['password']) && $_POST['password'] === $_POST['password_confirm'] )
+ if ( empty($_POST['crypt_data']) && !empty($_POST['password']) && $_POST['password'] === $_POST['password_confirm'] )
$pass = $_POST['password'];
- $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
- // retrieve encryption key
- $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name=\'install_aes_key\';');
- if ( !$q )
- $db->_die();
- if ( $db->numrows() < 1 )
+ require_once(ENANO_ROOT . '/includes/rijndael.php');
+ require_once(ENANO_ROOT . '/includes/sessions.php');
+
+ try
+ {
+ $keys = array(
+ 'public' => $dh_public,
+ 'private' => $dh_private,
+ 'aes' => $aes_fallback
+ );
+ $pass = sessionManager::get_aes_post('password', $keys);
+ }
+ catch ( Exception $e )
+ {
+ echo "<p>Exception details:</p><pre>$e</pre>";
return false;
- list($aes_key) = $db->fetchrow_num();
- $aes_key = hexdecode($aes_key);
-
- $pass = $aes->decrypt($_POST['crypt_data'], $aes_key, ENC_HEX);
- if ( !$pass )
- return false;
+ }
return $pass; // Will be true if the password isn't crapped
}