GetConfFilePath('admin', 'key');
$mykeys = null;
if (file_exists($keyfile)) {
$str = file_get_contents($keyfile);
if ($str != '') {
$mykeys = unserialize($str);
}
}
if ($mykeys == null) {
$jCryption = new jCryption();
$keys = $jCryption->generateKeypair($keyLength);
$e_hex = $jCryption->dec2string($keys['e'],16);
$n_hex = $jCryption->dec2string($keys['n'],16);
$mykeys = array( 'e_hex' => $e_hex, 'n_hex' => $n_hex, 'd_int' => $keys['d'], 'n_int' => $keys['n']);
$serialized_str = serialize($mykeys);
file_put_contents($keyfile, $serialized_str);
chmod($keyfile, 0600);
}
$_SESSION['d_int'] = $mykeys['d_int'];
$_SESSION['n_int'] = $mykeys['n_int'];
echo '{"e":"'.$mykeys['e_hex'].'","n":"'.$mykeys['n_hex'].'","maxdigits":"'.intval($keyLength*2/16+3).'"}';
exit;
}
$timedout = DUtil::grab_input('get','timedout','int');
$logoff = DUtil::grab_input('get','logoff','int');
$msg = "";
if($timedout > 0 || $logoff == 1) {
$client->clear();
if($timedout == 1) {
$msg = 'Your session has timed out.';
} elseif ($timedout == 2) {
$msg = 'Your credential has changed, please login in again.';
} else {
$msg = 'You have logged off.';
}
}
else if($client->isValid()) {
header('location:/index.php');
exit();
}
$userid = null;
$pass = null;
if ( isset($_POST['jCryption']) && isset($_SESSION['d_int']) && isset($_SESSION['n_int'])) {
$jCryption = new jCryption();
$var = $jCryption->decrypt($_POST['jCryption'], $_SESSION['d_int'], $_SESSION['n_int']);
unset($_SESSION['d_int']);
unset($_SESSION['n_int']);
parse_str($var,$result);
$userid = $result['userid'];
$pass = $result['pass'];
}
else if ($is_https && isset($_POST['userid'])) {
$userid = DUtil::grab_input('POST','userid');
$pass = DUtil::grab_input('POST','pass');
}
if ($userid != null) {
if ( $client->authenticate($userid, $pass) === TRUE ) {
$temp=gettimeofday();
$start=(int)$temp['usec'];
$secretKey0 = mt_rand(). $start . mt_rand();
$secretKey1 = mt_rand(). mt_rand() . $start;
$client->setSecret(array($secretKey0, $secretKey1));
$client->store(PMA_blowfish_encrypt($userid, $secretKey0), PMA_blowfish_encrypt($pass, $secretKey1));
header('location:/index.php');
exit();
}
else {
$msg = 'Invalid credentials.';
}
}
echo GUI::header();
if (!$is_https) {
?>