3 require_once('phpseclib/AES.php');
5 define('SEED_LENGTH', 2);
7 function base64_url_encode($input) {
8 return strtr(base64_encode($input), '+', '_');
11 function base64_url_decode($input) {
12 return base64_decode(strtr($input, '_', '+'));
15 function aes_encrypt($pass, $plaintext)
17 $aes = new Crypt_AES(CRYPT_AES_MODE_CTR
);
21 while (strlen($pass) < $size) {
27 return $aes->encrypt($plaintext);
30 function aes_decrypt($pass, $cipher)
32 $aes = new Crypt_AES(CRYPT_AES_MODE_CTR
);
36 while (strlen($pass) < $size) {
42 return $aes->decrypt($cipher);
47 $perkyStr = implode('!',$U['perky']);
48 $seed = str_pad('', SEED_LENGTH
, 'x');
49 $plain = "$seed!${U['login']}!${U['karma']}!${U['penize']}!${U['jidlo']}!${U['skore']}!$perkyStr";
50 while (strlen($plain) %
3 != 0) { // pad to base64 block
53 $sha = sha1(PASSWORD
. $plain, true);
54 for ($i = 0; $i < SEED_LENGTH
; $i++
) {
55 $plain{$i} = $sha{$i};
57 echo " XXX $plain XXX";
59 $token = aes_encrypt(PASSWORD
, $plain);
60 $token_b64 = base64_url_encode($token);
64 function decodeToken($token)
67 $token_raw = base64_url_decode($token);
68 $token_dec = aes_decrypt(PASSWORD
, $token_raw);
69 $sep = $token_dec{SEED_LENGTH
};
71 $token_check = $token_dec;
72 for ($i = 0; $i < SEED_LENGTH
; $i++
) {
73 $token_check{$i} = 'x';
75 header('X-Token: '.$token_check );
76 $sha = sha1(PASSWORD
. $token_check, true);
78 if (substr($token_dec,0,SEED_LENGTH
) != substr($sha,0,SEED_LENGTH
)) {
80 header('X-Error: sha1fail');
81 readfile('img/no.png');
84 header('X-Token: ' . $token_check);
86 $token_list = explode($sep, trim($token_check));
87 array_shift($token_list); // = xx
88 $U['login'] = array_shift($token_list);
89 $U['karma'] = array_shift($token_list);
90 $U['penize'] = array_shift($token_list);
91 $U['jidlo'] = array_shift($token_list);
92 $U['skore'] = array_shift($token_list);
94 $U['perky'] = $token_list;