From e186493a2bd8fef5fc0c7ad47edefbabddb6f0ab Mon Sep 17 00:00:00 2001 From: cassiopc Date: Thu, 23 Aug 2018 16:25:32 +0200 Subject: improvements of scripts and fixes about urls --- src/getcode.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'src/getcode.php') diff --git a/src/getcode.php b/src/getcode.php index 407a00b..677aeeb 100644 --- a/src/getcode.php +++ b/src/getcode.php @@ -25,7 +25,13 @@ srand(make_seed()); function myhash($k) { return hash('sha256',$k); } -$iv = "1234567812345678"; +if(!function_exists('openssl_cipher_iv_length')) { + MSGError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); + LogError("Encryption error -- php openssl not installed -- contact an admin (" . getFunctionName() .")"); + return ""; +} +$clen = openssl_cipher_iv_length('aes-256-cbc'); +$iv = substr(myhash(openssl_random_pseudo_bytes($clen)),0,$clen); if(isset($_GET["name"]) && $_GET["name"] != "" ) { $name = $_GET["name"]; @@ -46,7 +52,7 @@ if(isset($_GET["name"]) && $_GET["name"] != "" ) { "chmod 600 /root/submissions/code\n"; if(($str = @file_get_contents("/var/www/boca/src/private/run-past.code")) !== false) $txt .= $str; - echo openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,16), 1, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0 + echo $iv . ":\n" . openssl_encrypt($txt, "aes-256-cbc", substr($secret[1],0,32), OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING, $iv); //OPENSSL_RAW_DATA, $iv); //php 5.4.0 @file_put_contents("/var/www/boca/src/private/run-past.log", $name . "|" . $cc . "|" . date(DATE_RFC2822) . "\n", LOCK_EX | FILE_APPEND); exit; } -- cgit v1.2.3