diff -r a434d60e525d -r 242353360e37 plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Tue Feb 19 08:32:57 2008 -0500 +++ b/plugins/SpecialUserFuncs.php Wed Feb 20 14:38:39 2008 -0500 @@ -150,7 +150,7 @@ if ( isset($_GET['act']) && $_GET['act'] == 'getkey' ) { - header('Content-type: application/json'); + header('Content-type: text/javascript'); $username = ( $session->user_logged_in ) ? $session->username : false; $response = Array( 'username' => $username, @@ -168,6 +168,23 @@ unset($x, $y); } + // 1.1.3: generate diffie hellman key + global $dh_supported, $_math; + + $response['dh_supported'] = $dh_supported; + if ( $dh_supported ) + { + $dh_key_priv = dh_gen_private(); + $dh_key_pub = dh_gen_public($dh_key_priv); + $dh_key_priv = $_math->str($dh_key_priv); + $dh_key_pub = $_math->str($dh_key_pub); + $response['dh_public_key'] = $dh_key_pub; + // store the keys in the DB + $q = $db->sql_query('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );"); + if ( !$q ) + $db->die_json(); + } + $response = enano_json_encode($response); echo $response; return null; @@ -365,6 +382,29 @@ global $db, $session, $paths, $template, $plugins; // Common objects global $__login_status; global $lang; + if ( $paths->getParam(0) === 'action.json' ) + { + if ( !isset($_POST['r']) ) + die('No request.'); + + $request = $_POST['r']; + try + { + $request = enano_json_decode($request); + } + catch ( Exception $e ) + { + die(enano_json_encode(array( + 'mode' => 'error', + 'error' => 'ERR_JSON_PARSE_FAILED' + ))); + } + + echo enano_json_encode($session->process_login_request($request)); + + $db->close(); + exit; + } if ( isset($_GET['act']) && $_GET['act'] == 'ajaxlogin' ) { $plugins->attachHook('login_password_reset', 'SpecialLogin_SendResponse_PasswordReset($row[\'user_id\'], $row[\'temp_password\']);'); @@ -372,7 +412,65 @@ $captcha_hash = ( isset($data['captcha_hash']) ) ? $data['captcha_hash'] : false; $captcha_code = ( isset($data['captcha_code']) ) ? $data['captcha_code'] : false; $level = ( isset($data['level']) ) ? intval($data['level']) : USER_LEVEL_MEMBER; - $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $data['crypt_key'], $data['challenge'], $level, $captcha_hash, $captcha_code); + + // 1.1.3: Diffie Hellman + global $dh_supported; + global $_math; + if ( $data['diffiehellman'] && isset($data['publickey_client']) && isset($data['publickey_server']) && isset($data['crypt_key_check']) ) + { + if ( !$dh_supported ) + { + die('Special:Login: Illegal request for Diffie Hellman exchange'); + } + // retrieve our public key + if ( !preg_match('/^[0-9]+$/', $data['publickey_server']) ) + { + die('Special:Login: Illegal request for Diffie Hellman exchange'); + } + $pubkey_server =& $data['publickey_server']; + + // retrieve our private key + $q = $db->sql_query('SELECT private_key, key_id FROM ' . table_prefix . "diffiehellman WHERE public_key = '$pubkey_server';"); + if ( !$q ) + $db->die_json(); + + if ( $db->numrows() < 1 ) + { + die('Special:Login: Couldn\'t lookup Diffie Hellman key: ' . $pubkey_server); + } + list($privkey_server, $key_id) = $db->fetchrow_num(); + $db->free_result(); + + // get shared secret + $dh_secret = dh_gen_shared_secret($privkey_server, $data['publickey_client']); + $dh_secret = $_math->str($dh_secret); + $secret_check = sha1($dh_secret); + if ( $secret_check !== $data['crypt_key_check'] ) + { + die(enano_json_encode(array( + 'mode' => 'error', + 'error' => 'Diffie Hellman redundancy check failed, couldn\'t rebuild the AES key.', + 'debug' => array( + 'server private key' => $privkey_server, + 'client public key' => $data['publickey_client'], + 'expected sha1' => $data['crypt_key_check'], + 'actual sha1' => $secret_check + ) + ))); + } + // we have the secret, now get the sha256 hash + $crypt_key = substr(sha256($dh_secret), 0, ( AES_BITS / 4 )); + } + else if ( !$data['diffiehellman'] && isset($data['crypt_key']) && isset($data['crypt_data']) ) + { + $crypt_key = $data['crypt_key']; + } + else + { + die('Special:Login: Illegal request'); + } + + $result = $session->login_with_crypto($data['username'], $data['crypt_data'], $crypt_key, $data['challenge'], $level, $captcha_hash, $captcha_code, !$dh_supported); if ( $result['success'] ) { @@ -468,8 +566,17 @@ $l = $session->logout(); if ( $l == 'success' ) { - - redirect(makeUrl(getConfig('main_page'), false, true), $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 4); + $url = makeUrl(getConfig('main_page'), false, true); + if ( $pi = $paths->getAllParams() ) + { + list($pid, $ns) = RenderMan::strToPageID($pi); + $perms = $session->fetch_page_acl($pid, $ns); + if ( $perms->get_permissions('read') ) + { + $url = makeUrl($pi, false, true); + } + } + redirect($url, $lang->get('user_logout_success_title'), $lang->get('user_logout_success_body'), 4); } $template->header(); echo '