diff options
| author | Cassio de Campos <cassiopc@gmail.com> | 2017-10-30 19:43:47 +0000 |
|---|---|---|
| committer | Cassio de Campos <cassiopc@gmail.com> | 2017-10-30 19:43:47 +0000 |
| commit | 68d24d0e7d2ebc0b554ff8f230c7d89d66a8d21a (patch) | |
| tree | 95689b21f77bfcce41d5206a6d8866ee2a723ced | |
| parent | 267d272607065486bf653abd2af7f5f3b2a5f54a (diff) | |
| download | boca-68d24d0e7d2ebc0b554ff8f230c7d89d66a8d21a.tar.gz boca-68d24d0e7d2ebc0b554ff8f230c7d89d66a8d21a.zip | |
force encryption
| -rw-r--r-- | src/fextdata.php | 23 | ||||
| -rw-r--r-- | src/site/getsite.php | 12 |
2 files changed, 19 insertions, 16 deletions
diff --git a/src/fextdata.php b/src/fextdata.php index b38be3c..319ed8d 100644 --- a/src/fextdata.php +++ b/src/fextdata.php @@ -82,6 +82,8 @@ function scoretransfer($putname, $localsite, $timeo=20) { // LOGError("url=" .$siteurl . "index.php?getsessionid=1"); $opts = array(); $opts['http']['timeout'] = $timeo; + $opts['ssl'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); + $opts['https'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); $context = stream_context_create($opts); if(($sess = @file_get_contents($siteurl . "index.php?getsessionid=1", 0, $context))===false) { LOGError("scoretransfer: timeout at get session id for $siteurl"); @@ -105,6 +107,8 @@ function scoretransfer($putname, $localsite, $timeo=20) { $opts['http']['header'] .= "Proxy-Authorization: Basic " . $bocaproxypass . "\r\n"; $opts['http']['header'] .= "Connection: close\r\n"; $opts['http']['timeout'] = $timeo; + $opts['ssl'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); + $opts['https'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); $context = stream_context_create($opts); try { $ok = @file_get_contents($siteurl . "index.php?name=${user}&password=${res}&action=transfer", 0, $context); @@ -176,6 +180,8 @@ function scoretransfer($putname, $localsite, $timeo=20) { $opts['http']['header'] .= "Proxy-Authorization: Basic " . $bocaproxypass . "\r\n"; $opts['http']['header'] .= "Connection: close\r\n"; $opts['http']['timeout'] = $timeo; + $opts['ssl'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); + $opts['https'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); $context = stream_context_create($opts); try { $s = @file_get_contents($siteurl . "site/putfile.php", 0, $context); @@ -212,6 +218,8 @@ function scoretransfer($putname, $localsite, $timeo=20) { if($bocaproxypass != "") $opts['http']['header'] .= "Proxy-Authorization: Basic " . $bocaproxypass . "\r\n"; $opts['http']['timeout'] = $timeo; + $opts['ssl'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); + $opts['https'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); $context = stream_context_create($opts); try { $s = @file_get_contents($siteurl . "site/putfilesuper.php", 0, $context); @@ -295,6 +303,8 @@ function getMainXML($contest,$timeo=20,$upd=false) { // LOGError("url=" .$siteurl . "index.php?getsessionid=1"); $opts = array(); $opts['http']['timeout'] = $timeo; + $opts['ssl'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); + $opts['https'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); $context = stream_context_create($opts); $logstr .= "Connecting to ". $siteurl . " (updatetime=" . $updatetime . ")\n"; try { @@ -322,6 +332,8 @@ function getMainXML($contest,$timeo=20,$upd=false) { $opts['http']['header'] .= "Proxy-Authorization: Basic " . $bocaproxypass . "\r\n"; $opts['http']['header'] .= "Connection: close\r\n"; $opts['http']['timeout'] = $timeo; + $opts['ssl'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); + $opts['https'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); $context = stream_context_create($opts); $logstr .= "Authorizing\n"; try { @@ -343,10 +355,7 @@ function getMainXML($contest,$timeo=20,$upd=false) { $logstr .= $data[1]; $data = $data[0]; // $logstr .= $s; - $gc = globalconf(); - if(!isset($gc['doenc']) || $gc['doenc']) - $data = encryptData($data, myhash(trim($sitedata[2]))); - else $data = base64_encode($data); + $data = encryptData($data, myhash(trim($sitedata[2]))); // $logstr .= "AB: " . now() . "\n" $data_url = http_build_query(array('xml' => $data, 'updatetime' => ($updatetime-30) @@ -366,6 +375,8 @@ function getMainXML($contest,$timeo=20,$upd=false) { $opts['http']['header'] .= "Proxy-Authorization: Basic " . $bocaproxypass . "\r\n"; $opts['http']['header'] .= "Connection: close\r\n"; $opts['http']['timeout'] = $timeo; + $opts['ssl'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); + $opts['https'] = array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true); $context = stream_context_create($opts); $logstr .= "Transferring data to main server\n"; try { @@ -393,9 +404,7 @@ function getMainXML($contest,$timeo=20,$upd=false) { $s = substr($s, strpos($s, $chstr) + strlen($chstr)); $s = substr($s, 0, strpos($s, " -->")); // LOGError("string: " . substr($s,0,50)); - if(!isset($gc['doenc']) || $gc['doenc']) - $s = decryptData($s,myhash(trim($sitedata[2])),'xml from main not ok'); - else $s = base64_decode($s); + $s = decryptData($s,myhash(trim($sitedata[2])),'xml from main not ok'); // $logstr .= "ABBB: " . now() . "\n" if(strtoupper(substr($s,0,5)) != "<XML>") { $logstr .= "Data corrupted\n"; diff --git a/src/site/getsite.php b/src/site/getsite.php index 58406d1..f31f607 100644 --- a/src/site/getsite.php +++ b/src/site/getsite.php @@ -26,7 +26,6 @@ if(($ct = DBContestInfo($_SESSION["usertable"]["contestnumber"])) == null) { exit; } if($ct["contestlocalsite"]==$ct["contestmainsite"]) { - $gc = globalconf(); $fromsite = $_SESSION["usertable"]["usericpcid"]; LOGLevel("Connection received from site=$fromsite",2); // PHPID=".$_COOKIE['PHPSESSID'].",extra=".$_SESSION['usertable']['usersessionextra'].",session=".session_id(),2); if($fromsite != '' && is_numeric($fromsite) && $fromsite > 0) { @@ -34,9 +33,7 @@ if($ct["contestlocalsite"]==$ct["contestmainsite"]) { $u = DBUserInfo($_SESSION["usertable"]["contestnumber"], $_SESSION["usertable"]["usersitenumber"], $_SESSION["usertable"]["usernumber"],null,false); if(isset($_POST['xml'])) { // $fp=fopen('/tmp/aaa',"w"); fwrite($fp,$_POST['xml']); fclose($fp); - if(!isset($gc['doenc']) || $gc['doenc']) - $s = decryptData($_POST['xml'],$u["userpassword"],'xml from local not ok'); - else $s = base64_decode($_POST['xml']); + $s = decryptData($_POST['xml'],$u["userpassword"],'xml from local not ok'); // $fp=fopen('/tmp/aaa1',"w"); fwrite($fp,$s); fclose($fp); if(strtoupper(substr($s,0,5)) != "<XML>") { echo "<!-- <ERROR8> ".session_id() . " -->\n"; @@ -52,11 +49,8 @@ if($ct["contestlocalsite"]==$ct["contestmainsite"]) { } if(isset($_POST['updatetime']) && is_numeric($_POST['updatetime'])) { $xml = generateSiteXML($_SESSION["usertable"]["contestnumber"],$fromsite,$_POST['updatetime'],$ct["contestmainsite"]); - if(!isset($gc['doenc']) || $gc['doenc']) - echo "<!-- " . encryptData($xml[0],$u["userpassword"]) . " -->"; - else - echo "<!-- " . base64_encode($xml[0]) . " -->"; - echo "MAIN\n" . $xml[1]; + echo "<!-- " . encryptData($xml[0],$u["userpassword"]) . " -->"; + // echo "MAIN\n" . $xml[1]; } } else { echo "<!-- <ERROR3> ".session_id() . " -->\n"; |