!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\dmz\phpMyAdmin\libraries\plugins\auth\   drwxrwxrwx
Free 4.09 GB of 39.52 GB (10.36%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     AuthenticationCookie.class.php (27.91 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * Cookie Authentication plugin for phpMyAdmin
 *
 * @package    PhpMyAdmin-Authentication
 * @subpackage Cookie
 */
if (! defined('PHPMYADMIN')) {
    exit;
}

/* Get the authentication interface */
require_once 'libraries/plugins/AuthenticationPlugin.class.php';

/**
 * Remember where to redirect the user
 * in case of an expired session.
 */
if (! empty($_REQUEST['target'])) {
    
$GLOBALS['target'] = $_REQUEST['target'];
} else if (
PMA_getenv('SCRIPT_NAME')) {
    
$GLOBALS['target'] = basename(PMA_getenv('SCRIPT_NAME'));
}

/**
 * Swekey authentication functions.
 */
require './libraries/plugins/auth/swekey/swekey.auth.lib.php';

/**
 * Handles the cookie authentication method
 *
 * @package PhpMyAdmin-Authentication
 */
class AuthenticationCookie extends AuthenticationPlugin
{
    
/**
     * IV for Blowfish.
     */
    
private $_blowfish_iv null;

    
/**
     * Displays authentication form
     *
     * this function MUST exit/quit the application
     *
     * @global string $conn_error the last connection error
     *
     * @return boolean|void
     */
    
public function auth()
    {
        global 
$conn_error;

        
$response PMA_Response::getInstance();
        if (
$response->isAjax()) {
            
$response->isSuccess(false);

            
$response->addJSON(
                
'redirect_flag',
                
'1'
            
);
            if (
defined('TESTSUITE')) {
                return 
true;
            } else {
                exit;
            }
        }

        
/* Perform logout to custom URL */
        
if (! empty($_REQUEST['old_usr'])
            && ! empty(
$GLOBALS['cfg']['Server']['LogoutURL'])
        ) {
            
PMA_sendHeaderLocation($GLOBALS['cfg']['Server']['LogoutURL']);
            if (
defined('TESTSUITE')) {
                return 
true;
            } else {
                exit;
            }
        }

        
// No recall if blowfish secret is not configured as it would produce
        // garbage
        
if ($GLOBALS['cfg']['LoginCookieRecall']
            && ! empty(
$GLOBALS['cfg']['blowfish_secret'])
        ) {
            
$default_user   $GLOBALS['PHP_AUTH_USER'];
            
$default_server $GLOBALS['pma_auth_server'];
            
$autocomplete   '';
        } else {
            
$default_user   '';
            
$default_server '';
            
// skip the IE autocomplete feature.
            
$autocomplete   ' autocomplete="off"';
        }

        
$response->getFooter()->setMinimal();
        
$header $response->getHeader();
        
$header->setBodyId('loginform');
        
$header->setTitle('phpMyAdmin');
        
$header->disableMenu();
        
$header->disableWarnings();

        if (
file_exists(CUSTOM_HEADER_FILE)) {
            include 
CUSTOM_HEADER_FILE;
        }
        echo 
'
    <div class="container">
    <a href="'
;
        echo 
PMA_linkURL('http://www.phpmyadmin.net/');
        echo 
'" target="_blank" class="logo">';
        
$logo_image $GLOBALS['pmaThemeImage'] . 'logo_right.png';
        if (@
file_exists($logo_image)) {
            echo 
'<img src="' $logo_image
                
'" id="imLogo" name="imLogo" alt="phpMyAdmin" border="0" />';
        } else {
            echo 
'<img name="imLogo" id="imLogo" src="'
                
$GLOBALS['pmaThemeImage'] . 'pma_logo.png' '" '
                
'border="0" width="88" height="31" alt="phpMyAdmin" />';
        }
        echo 
'</a>
       <h1>'
;
        echo 
sprintf(
            
__('Welcome to %s'),
            
'<bdo dir="ltr" lang="en">phpMyAdmin</bdo>'
        
);
        echo 
"</h1>";

        
// Show error message
        
if (! empty($conn_error)) {
            
PMA_Message::rawError($conn_error)->display();
        } elseif (isset(
$_GET['session_expired'])
            && 
intval($_GET['session_expired']) == 1
        
) {
            
PMA_Message::rawError(
                
__('Your session has expired. Please log in again.')
            )->
display();
        }

        echo 
"<noscript>\n";
        
PMA_message::error(
            
__("Javascript must be enabled past this point!")
        )->
display();
        echo 
"</noscript>\n";

        echo 
"<div class='hide js-show'>";
        
// Displays the languages form
        
if (empty($GLOBALS['cfg']['Lang'])) {
            include_once 
'./libraries/display_select_lang.lib.php';
            
// use fieldset, don't show doc link
            
echo PMA_getLanguageSelectorHtml(truefalse);
        }
        echo 
'</div>
    <br />
    <!-- Login form -->
    <form method="post" action="index.php" name="login_form"' 
$autocomplete .
            
' class="disableAjax login hide js-show">
        <fieldset>
        <legend>'
;
        echo 
__('Log in');
        echo 
PMA_Util::showDocu('index');
        echo 
'</legend>';
        if (
$GLOBALS['cfg']['AllowArbitraryServer']) {
            echo 
'
            <div class="item">
                <label for="input_servername" title="'
;
            echo 
__(
                
'You can enter hostname/IP address and port separated by space.'
            
);
            echo 
'">';
            echo 
__('Server:');
            echo 
'</label>
                <input type="text" name="pma_servername" id="input_servername"'
;
            echo 
' value="';
            echo 
htmlspecialchars($default_server);
            echo 
'" size="24" class="textfield" title="';
            echo 
__(
                
'You can enter hostname/IP address and port separated by space.'
            
); echo '" />
            </div>'
;
        }
            echo 
'<div class="item">
                <label for="input_username">' 
__('Username:') . '</label>
                <input type="text" name="pma_username" id="input_username" '
                
'value="' htmlspecialchars($default_user) . '" size="24"'
                
' class="textfield"/>
            </div>
            <div class="item">
                <label for="input_password">' 
__('Password:') . '</label>
                <input type="password" name="pma_password" id="input_password"'
                
' value="" size="24" class="textfield" />
            </div>'
;
        if (
count($GLOBALS['cfg']['Servers']) > 1) {
            echo 
'<div class="item">
                <label for="select_server">' 
__('Server Choice:') . '</label>
                <select name="server" id="select_server"'
;
            if (
$GLOBALS['cfg']['AllowArbitraryServer']) {
                echo 
' onchange="document.forms[\'login_form\'].'
                    
'elements[\'pma_servername\'].value = \'\'" ';
            }
            echo 
'>';

            include_once 
'./libraries/select_server.lib.php';
            echo 
PMA_selectServer(falsefalse);

            echo 
'</select></div>';
        } else {
            echo 
'    <input type="hidden" name="server" value="'
                
$GLOBALS['server'] . '" />';
        } 
// end if (server choice)

        // We already have one correct captcha.
        
$skip false;
        if (  isset(
$_SESSION['last_valid_captcha'])
            && 
$_SESSION['last_valid_captcha']
        ) {
            
$skip true;
        }

        
// Add captcha input field if reCaptcha is enabled
        
if (  !empty($GLOBALS['cfg']['CaptchaLoginPrivateKey'])
            && !empty(
$GLOBALS['cfg']['CaptchaLoginPublicKey'])
            && !
$skip
        
) {
            
// If enabled show captcha to the user on the login screen.
            
echo '<script type="text/javascript">
                    var RecaptchaOptions = {
                        theme : "white"
                    };
                 </script>
                 <script type="text/javascript"
                    src="https://www.google.com/recaptcha/api/challenge?'
                    
'k=' $GLOBALS['cfg']['CaptchaLoginPublicKey'] . '&amp;'
                    
'hl=' $GLOBALS['lang'] . '">
                 </script>
                 <noscript>
                    <iframe src="https://www.google.com/recaptcha/api/noscript?k='
                
$GLOBALS['cfg']['CaptchaLoginPublicKey'] . '"
                        height="300" width="500" frameborder="0"></iframe><br>
                    <textarea name="recaptcha_challenge_field" rows="3" cols="40">
                    </textarea>
                    <input type="hidden" name="recaptcha_response_field"
                        value="manual_challenge">
                 </noscript>
                 <script type="text/javascript">
                    $("#recaptcha_reload_btn").addClass("disableAjax");
                    $("#recaptcha_switch_audio_btn").addClass("disableAjax");
                    $("#recaptcha_switch_img_btn").addClass("disableAjax");
                    $("#recaptcha_whatsthis_btn").addClass("disableAjax");
                    $("#recaptcha_audio_play_again").live("mouseover", function() {
                        $(this).addClass("disableAjax");
                    });
                 </script>'
;
        }

        echo 
'</fieldset>
        <fieldset class="tblFooters">
            <input value="' 
__('Go') . '" type="submit" id="input_go" />';
        
$_form_params = array();
        if (! empty(
$GLOBALS['target'])) {
            
$_form_params['target'] = $GLOBALS['target'];
        }
        if (! empty(
$GLOBALS['db'])) {
            
$_form_params['db'] = $GLOBALS['db'];
        }
        if (! empty(
$GLOBALS['table'])) {
            
$_form_params['table'] = $GLOBALS['table'];
        }
        
// do not generate a "server" hidden field as we want the "server"
        // drop-down to have priority
        
echo PMA_URL_getHiddenInputs($_form_params''0'server');
        echo 
'</fieldset>
    </form>'
;

        
// BEGIN Swekey Integration
        
Swekey_login('input_username''input_go');
        
// END Swekey Integration

        
if ($GLOBALS['error_handler']->hasDisplayErrors()) {
            echo 
'<div>';
            
$GLOBALS['error_handler']->dispErrors();
            echo 
'</div>';
        }
        echo 
'</div>';
        if (
file_exists(CUSTOM_FOOTER_FILE)) {
            include 
CUSTOM_FOOTER_FILE;
        }
        if (! 
defined('TESTSUITE')) {
            exit;
        } else {
            return 
true;
        }
    }

    
/**
     * Gets advanced authentication settings
     *
     * this function DOES NOT check authentication - it just checks/provides
     * authentication credentials required to connect to the MySQL server
     * usually with $GLOBALS['dbi']->connect()
     *
     * it returns false if something is missing - which usually leads to
     * auth() which displays login form
     *
     * it returns true if all seems ok which usually leads to auth_set_user()
     *
     * it directly switches to authFails() if user inactivity timout is reached
     *
     * @todo    AllowArbitraryServer on does not imply that the user wants an
     *          arbitrary server, or? so we should also check if this is filled
     *          and not only if allowed
     *
     * @return boolean   whether we get authentication settings or not
     */
    
public function authCheck()
    {
        global 
$conn_error;

        
// Initialization
        /**
         * @global $GLOBALS['pma_auth_server'] the user provided server to
         * connect to
         */
        
$GLOBALS['pma_auth_server'] = '';

        
$GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = '';
        
$GLOBALS['from_cookie'] = false;

        
// BEGIN Swekey Integration
        
if (! Swekey_Auth_check()) {
            return 
false;
        }
        
// END Swekey Integration

        
if (defined('PMA_CLEAR_COOKIES')) {
            foreach (
$GLOBALS['cfg']['Servers'] as $key => $val) {
                
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' $key);
                
$GLOBALS['PMA_Config']->removeCookie('pmaServer-' $key);
                
$GLOBALS['PMA_Config']->removeCookie('pmaUser-' $key);
            }
            return 
false;
        }

        
// We already have one correct captcha.
        
$skip false;
        if (  isset(
$_SESSION['last_valid_captcha'])
            && 
$_SESSION['last_valid_captcha']
        ) {
            
$skip true;
        }

        
// Verify Captcha if it is required.
        
if (  !empty($GLOBALS['cfg']['CaptchaLoginPrivateKey'])
            && !empty(
$GLOBALS['cfg']['CaptchaLoginPublicKey'])
            && !
$skip
        
) {
            if (  !empty(
$_POST["recaptcha_challenge_field"])
                && !empty(
$_POST["recaptcha_response_field"])
            ) {
                include_once 
'libraries/plugins/auth/recaptchalib.php';

                
// Use private key to verify captcha status.
                
$resp recaptcha_check_answer(
                    
$GLOBALS['cfg']['CaptchaLoginPrivateKey'],
                    
$_SERVER["REMOTE_ADDR"],
                    
$_POST["recaptcha_challenge_field"],
                    
$_POST["recaptcha_response_field"]
                );

                
// Check if the captcha entered is valid, if not stop the login.
                
if ( !$resp->is_valid ) {
                    
$conn_error __('Entered captcha is wrong, try again!');
                    
$_SESSION['last_valid_captcha'] = false;
                    return 
false;
                } else {
                    
$_SESSION['last_valid_captcha'] = true;
                }
            } elseif (! empty(
$_POST["recaptcha_challenge_field"])
                && empty(
$_POST["recaptcha_response_field"])
            ) {
                
$conn_error __('Please enter correct captcha!');
                return 
false;
            } else {
                if (! isset(
$_SESSION['last_valid_captcha'])
                    || ! 
$_SESSION['last_valid_captcha']
                ) {
                    return 
false;
                }
            }
        }

        if (! empty(
$_REQUEST['old_usr'])) {
            
// The user wants to be logged out
            // -> delete his choices that were stored in session

            // according to the PHP manual we should do this before the destroy:
            //$_SESSION = array();

            
if (! defined('TESTSUITE')) {
                
session_destroy();
                
// $_SESSION array is not immediately emptied
                
$_SESSION['last_valid_captcha'] = false;
            }
            
// -> delete password cookie(s)
            
if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
                foreach (
$GLOBALS['cfg']['Servers'] as $key => $val) {
                    
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' $key);
                    if (isset(
$_COOKIE['pmaPass-' $key])) {
                        unset(
$_COOKIE['pmaPass-' $key]);
                    }
                }
            } else {
                
$GLOBALS['PMA_Config']->removeCookie(
                    
'pmaPass-' $GLOBALS['server']
                );
                if (isset(
$_COOKIE['pmaPass-' $GLOBALS['server']])) {
                    unset(
$_COOKIE['pmaPass-' $GLOBALS['server']]);
                }
            }
        }

        if (! empty(
$_REQUEST['pma_username'])) {
            
// The user just logged in
            
$GLOBALS['PHP_AUTH_USER'] = $_REQUEST['pma_username'];
            
$GLOBALS['PHP_AUTH_PW']   = empty($_REQUEST['pma_password'])
                ? 
''
                
$_REQUEST['pma_password'];
            if (
$GLOBALS['cfg']['AllowArbitraryServer']
                && isset(
$_REQUEST['pma_servername'])
            ) {
                
$GLOBALS['pma_auth_server'] = $_REQUEST['pma_servername'];
            }
            return 
true;
        }

        
// At the end, try to set the $GLOBALS['PHP_AUTH_USER']
        // and $GLOBALS['PHP_AUTH_PW'] variables from cookies

        // servername
        
if ($GLOBALS['cfg']['AllowArbitraryServer']
            && ! empty(
$_COOKIE['pmaServer-' $GLOBALS['server']])
        ) {
            
$GLOBALS['pma_auth_server']
                = 
$_COOKIE['pmaServer-' $GLOBALS['server']];
        }

        
// check cookies
        
if (empty($_COOKIE['pmaUser-' $GLOBALS['server']])
            || empty(
$_COOKIE['pma_mcrypt_iv'])
        ) {
            return 
false;
        }

        
$GLOBALS['PHP_AUTH_USER'] = $this->blowfishDecrypt(
            
$_COOKIE['pmaUser-' $GLOBALS['server']],
            
$this->_getBlowfishSecret()
        );

        
// user was never logged in since session start
        
if (empty($_SESSION['last_access_time'])) {
            return 
false;
        }

        
// User inactive too long
        
$last_access_time time() - $GLOBALS['cfg']['LoginCookieValidity'];
        if (
$_SESSION['last_access_time'] < $last_access_time
        
) {
            
PMA_Util::cacheUnset('is_create_db_priv'null);
            
PMA_Util::cacheUnset('is_process_priv'null);
            
PMA_Util::cacheUnset('is_reload_priv'null);
            
PMA_Util::cacheUnset('db_to_create'null);
            
PMA_Util::cacheUnset('dbs_where_create_table_allowed'null);
            
$GLOBALS['no_activity'] = true;
            
$this->authFails();
            if (! 
defined('TESTSUITE')) {
                exit;
            } else {
                return 
false;
            }
        }

        
// check password cookie
        
if (empty($_COOKIE['pmaPass-' $GLOBALS['server']])) {
            return 
false;
        }

        
$GLOBALS['PHP_AUTH_PW'] = $this->blowfishDecrypt(
            
$_COOKIE['pmaPass-' $GLOBALS['server']],
            
$this->_getBlowfishSecret()
        );

        if (
$GLOBALS['PHP_AUTH_PW'] == "\xff(blank)") {
            
$GLOBALS['PHP_AUTH_PW'] = '';
        }

        
$GLOBALS['from_cookie'] = true;

        return 
true;
    }

    
/**
     * Set the user and password after last checkings if required
     *
     * @return boolean always true
     */
    
public function authSetUser()
    {
        global 
$cfg;

        
// Ensures valid authentication mode, 'only_db', bookmark database and
        // table names and relation table name are used
        
if ($cfg['Server']['user'] != $GLOBALS['PHP_AUTH_USER']) {
            foreach (
$cfg['Servers'] as $idx => $current) {
                if (
$current['host'] == $cfg['Server']['host']
                    && 
$current['port'] == $cfg['Server']['port']
                    && 
$current['socket'] == $cfg['Server']['socket']
                    && 
$current['ssl'] == $cfg['Server']['ssl']
                    && 
$current['connect_type'] == $cfg['Server']['connect_type']
                    && 
$current['user'] == $GLOBALS['PHP_AUTH_USER']
                ) {
                    
$GLOBALS['server'] = $idx;
                    
$cfg['Server']     = $current;
                    break;
                }
            } 
// end foreach
        
// end if

        
if ($GLOBALS['cfg']['AllowArbitraryServer']
            && ! empty(
$GLOBALS['pma_auth_server'])
        ) {
            
/* Allow to specify 'host port' */
            
$parts explode(' '$GLOBALS['pma_auth_server']);
            if (
count($parts) == 2) {
                
$tmp_host $parts[0];
                
$tmp_port $parts[1];
            } else {
                
$tmp_host $GLOBALS['pma_auth_server'];
                
$tmp_port '';
            }
            if (
$cfg['Server']['host'] != $GLOBALS['pma_auth_server']) {
                
$cfg['Server']['host'] = $tmp_host;
                if (! empty(
$tmp_port)) {
                    
$cfg['Server']['port'] = $tmp_port;
                }
            }
            unset(
$tmp_host$tmp_port$parts);
        }
        
$cfg['Server']['user']     = $GLOBALS['PHP_AUTH_USER'];
        
$cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW'];

        
// Avoid showing the password in phpinfo()'s output
        
unset($GLOBALS['PHP_AUTH_PW']);
        unset(
$_SERVER['PHP_AUTH_PW']);

        
$_SESSION['last_access_time'] = time();

        
$this->createBlowfishIV();

        
// Name and password cookies need to be refreshed each time
        // Duration = one month for username
        
$GLOBALS['PMA_Config']->setCookie(
            
'pmaUser-' $GLOBALS['server'],
            
$this->blowfishEncrypt(
                
$cfg['Server']['user'],
                
$this->_getBlowfishSecret()
            )
        );

        
// Duration = as configured
        
$GLOBALS['PMA_Config']->setCookie(
            
'pmaPass-' $GLOBALS['server'],
            
$this->blowfishEncrypt(
                ! empty(
$cfg['Server']['password'])
                ? 
$cfg['Server']['password'] : "\xff(blank)",
                
$this->_getBlowfishSecret()
            ),
            
null,
            
$GLOBALS['cfg']['LoginCookieStore']
        );

        
// Set server cookies if required (once per session) and, in this case,
        // force reload to ensure the client accepts cookies
        
if (! $GLOBALS['from_cookie']) {
            if (
$GLOBALS['cfg']['AllowArbitraryServer']) {
                if (! empty(
$GLOBALS['pma_auth_server'])) {
                    
// Duration = one month for servername
                    
$GLOBALS['PMA_Config']->setCookie(
                        
'pmaServer-' $GLOBALS['server'],
                        
$cfg['Server']['host']
                    );
                } else {
                    
// Delete servername cookie
                    
$GLOBALS['PMA_Config']->removeCookie(
                        
'pmaServer-' $GLOBALS['server']
                    );
                }
            }

            
// URL where to go:
            
$redirect_url $cfg['PmaAbsoluteUri'] . 'index.php';

            
// any parameters to pass?
            
$url_params = array();
            if (
strlen($GLOBALS['db'])) {
                
$url_params['db'] = $GLOBALS['db'];
            }
            if (
strlen($GLOBALS['table'])) {
                
$url_params['table'] = $GLOBALS['table'];
            }
            
// any target to pass?
            
if (! empty($GLOBALS['target'])
                && 
$GLOBALS['target'] != 'index.php'
            
) {
                
$url_params['target'] = $GLOBALS['target'];
            }

            
/**
             * Clear user cache.
             */
            
PMA_Util::clearUserCache();

            
PMA_Response::getInstance()->disable();

            
PMA_sendHeaderLocation(
                
$redirect_url PMA_URL_getCommon($url_params'&'),
                
true
            
);
            if (! 
defined('TESTSUITE')) {
                exit;
            } else {
                return 
false;
            }
        } 
// end if

        
return true;

    }

    
/**
     * User is not allowed to login to MySQL -> authentication failed
     *
     * prepares error message and switches to auth() which display the error
     * and the login form
     *
     * this function MUST exit/quit the application,
     * currently doen by call to auth()
     *
     * @return void
     */
    
public function authFails()
    {
        global 
$conn_error;

        
// Deletes password cookie and displays the login form
        
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' $GLOBALS['server']);

        if (! empty(
$GLOBALS['login_without_password_is_forbidden'])) {
            
$conn_error __(
                
'Login without a password is forbidden by configuration'
                
' (see AllowNoPassword)'
            
);
        } elseif (! empty(
$GLOBALS['allowDeny_forbidden'])) {
            
$conn_error __('Access denied!');
        } elseif (! empty(
$GLOBALS['no_activity'])) {
            
$conn_error sprintf(
                
__('No activity within %s seconds; please log in again.'),
                
$GLOBALS['cfg']['LoginCookieValidity']
            );
        } elseif (
$GLOBALS['dbi']->getError()) {
            
$conn_error '#' $GLOBALS['errno'] . ' '
                
__('Cannot log in to the MySQL server');
        } else {
            
$conn_error __('Cannot log in to the MySQL server');
        }

        
// needed for PHP-CGI (not need for FastCGI or mod-php)
        
header('Cache-Control: no-store, no-cache, must-revalidate');
        
header('Pragma: no-cache');

        
$this->auth();
    }

    
/**
     * Returns blowfish secret or generates one if needed.
     *
     * @return string
     */
    
private function _getBlowfishSecret()
    {
        if (empty(
$GLOBALS['cfg']['blowfish_secret'])) {
            if (empty(
$_SESSION['auto_blowfish_secret'])) {
                
// this returns 23 characters
                
$_SESSION['auto_blowfish_secret'] = uniqid(''true);
            }
            return 
$_SESSION['auto_blowfish_secret'];
        } else {
            
// apply md5() to work around too long secrets (returns 32 characters)
            
return md5($GLOBALS['cfg']['blowfish_secret']);
        }
    }

    
/**
     * Encryption using blowfish algorithm (mcrypt)
     * or phpseclib's AES if mcrypt not available
     *
     * @param string $data   original data
     * @param string $secret the secret
     *
     * @return string the encrypted result
     */
    
public function blowfishEncrypt($data$secret)
    {
        if (! 
function_exists('mcrypt_encrypt')) {
            
/**
             * This library uses mcrypt when available, so
             * we could always call it instead of having an
             * if/then/else logic, however the include_once
             * call is costly
             */
            
include_once PHPSECLIB_INC_DIR '/Crypt/AES.php';
            
$cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
            
$cipher->setKey($secret);
            return 
base64_encode($cipher->encrypt($data));
        } else {
            return 
base64_encode(
                
mcrypt_encrypt(
                    
MCRYPT_BLOWFISH,
                    
$secret,
                    
$data,
                    
MCRYPT_MODE_CBC,
                    
$this->_blowfish_iv
                
)
            );
        }
    }

    
/**
     * Decryption using blowfish algorithm (mcrypt)
     * or phpseclib's AES if mcrypt not available
     *
     * @param string $encdata encrypted data
     * @param string $secret  the secret
     *
     * @return string original data
     */
    
public function blowfishDecrypt($encdata$secret)
    {
        if (
is_null($this->_blowfish_iv)) {
            
$this->_blowfish_iv base64_decode($_COOKIE['pma_mcrypt_iv'], true);
        }
        if (! 
function_exists('mcrypt_encrypt')) {
            include_once 
PHPSECLIB_INC_DIR '/Crypt/AES.php';
            
$cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
            
$cipher->setKey($secret);
            return 
$cipher->decrypt(base64_decode($encdata));
        } else {
            
$data base64_decode($encdata);
            
$decrypted mcrypt_decrypt(
                
MCRYPT_BLOWFISH,
                
$secret,
                
$data,
                
MCRYPT_MODE_CBC,
                
$this->_blowfish_iv
            
);
            return 
trim($decrypted);
        }
    }

    
/**
     * Initialization
     * Store the initialization vector because it will be needed for
     * further decryption. I don't think necessary to have one iv
     * per server so I don't put the server number in the cookie name.
     *
     * @return void
     */
    
public function createBlowfishIV()
    {
        if (
function_exists('mcrypt_encrypt')) {
            
$td mcrypt_module_open(MCRYPT_BLOWFISH''MCRYPT_MODE_CBC'');
            if (
$td === false) {
                
PMA_fatalError(__('Failed to use Blowfish from mcrypt!'));
            }
            
$this->_blowfish_iv mcrypt_create_iv(
                
mcrypt_enc_get_iv_size($td),
                
MCRYPT_DEV_URANDOM
            
);
        } else {
            
/*
             * We don't use this value without mcrypt, but let's set it
             * so that we don't have to check conditionally for it.
             */
            
$this->_blowfish_iv 'dummy';
        }
        
$GLOBALS['PMA_Config']->setCookie(
            
'pma_mcrypt_iv',
            
base64_encode($this->_blowfish_iv)
        );
    }

    
/**
     * Sets Blowfis IV to use
     *
     * @param string $vector The IV
     *
     * @return void
     */
    
public function setBlowfishIv($vector)
    {
        
$this->_blowfish_iv $vector;
    }

    
/**
     * This method is called when any PluginManager to which the observer
     * is attached calls PluginManager::notify()
     *
     * @param SplSubject $subject The PluginManager notifying the observer
     *                            of an update.
     *
     * @return void
     */
    
public function update (SplSubject $subject)
    {
    }
}

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--