Merge branch 'develc' of ssh://github.com/cassiopc/boca into develc

1 files changed, 8 insertions, 2 deletions

diff --git a/src/getcode.php b/src/getcode.php
index 407a00b..677aeeb 100644
--- a/src/getcode.php
+++ b/src/getcode.php
@@ -25,7 +25,13 @@ srand(make_seed());
 function myhash($k) {
 	return hash('sha256',$k);
 }
-$iv = "1234567812345678";
+if(!function_exists('openssl_cipher_iv_length')) {
+  MSGError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")");
+  LogError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")");
+  return "";
+}
+$clen = openssl_cipher_iv_length('aes-256-cbc');
+$iv = substr(myhash(openssl_random_pseudo_bytes($clen)),0,$clen);
 
 if(isset($_GET["name"]) && $_GET["name"] != "" ) {
   $name = $_GET["name"];
@@ -46,7 +52,7 @@ if(isset($_GET["name"]) && $_GET["name"] != "" ) {
         "chmod 600 /root/submissions/code\n";
 
       if(($str = @file_get_contents("/var/www/boca/src/private/run-past.code")) !== false) $txt .= $str;
-      echo openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,16), 1, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0
+      echo $iv . ":\n" . openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,32), OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0
       @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND);
       exit;
     }