Made separate methods in sessionManager for static and non-static generate_aes_form(), because PHP (erroneously) always calls that method statically.
--- a/includes/sessions.php Tue Apr 06 15:55:21 2010 -0400
+++ b/includes/sessions.php Sat Apr 17 03:33:14 2010 -0400
@@ -3705,18 +3705,9 @@
* @return string
*/
- static function generate_aes_form(&$dh_store = array())
+ function generate_aes_form(&$dh_store = array())
{
- $is_static = !( isset($this) && get_class($this) === __CLASS__ );
- if ( $is_static )
- {
- $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
- $aes_key = $aes->gen_readymade_key();
- }
- else
- {
- $aes_key = self::rijndael_genkey();
- }
+ $aes_key = self::rijndael_genkey();
$dh_store = array('aes' => $aes_key, 'public' => '', 'private' => '');
$return = '<input type="hidden" name="use_crypt" value="no" />';
@@ -3735,9 +3726,50 @@
$dh_key_priv = $_math->str($dh_key_priv);
$dh_key_pub = $_math->str($dh_key_pub);
// store the keys in the DB
- // this is doing a static call check to avoid using $this in a static call
- if ( !defined('IN_ENANO_INSTALL') && isset($this) && get_class($this) === __CLASS__ )
- $this->sql('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );");
+ $this->sql('INSERT INTO ' . table_prefix . "diffiehellman( public_key, private_key ) VALUES ( '$dh_key_pub', '$dh_key_priv' );");
+ // also give the key to the calling function
+ $dh_store['public'] = $dh_key_pub;
+ $dh_store['private'] = $dh_key_priv;
+
+ $return .= "<input type=\"hidden\" name=\"dh_supported\" value=\"true\" />
+ <input type=\"hidden\" name=\"dh_public_key\" value=\"$dh_key_pub\" />
+ <input type=\"hidden\" name=\"dh_client_public_key\" value=\"\" />";
+ }
+ else
+ {
+ $return .= "<input type=\"hidden\" name=\"dh_supported\" value=\"false\" />";
+ }
+ return $return;
+ }
+
+ /**
+ * Static version of generate_aes_form().
+ * @see sessionManager::generate_aes_form()
+ * @param reference
+ * @return string
+ */
+
+ static function generate_aes_form_static(&$dh_store = array())
+ {
+ $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
+ $aes_key = $aes->gen_readymade_key();
+ $dh_store = array('aes' => $aes_key, 'public' => '', 'private' => '');
+
+ $return = '<input type="hidden" name="use_crypt" value="no" />';
+ $return .= '<input type="hidden" name="crypt_key" value="' . $aes_key . '" />';
+ $return .= '<input type="hidden" name="crypt_data" value="" />';
+ $return .= '<input type="hidden" name="challenge_data" value="' . self::dss_rand() . '" />';
+
+ require_once(ENANO_ROOT . '/includes/math.php');
+ require_once(ENANO_ROOT . '/includes/diffiehellman.php');
+
+ global $dh_supported, $_math;
+ if ( $dh_supported )
+ {
+ $dh_key_priv = dh_gen_private();
+ $dh_key_pub = dh_gen_public($dh_key_priv);
+ $dh_key_priv = $_math->str($dh_key_priv);
+ $dh_key_pub = $_math->str($dh_key_pub);
// also give the key to the calling function
$dh_store['public'] = $dh_key_pub;
$dh_store['private'] = $dh_key_priv;
--- a/install/includes/stages/login.php Tue Apr 06 15:55:21 2010 -0400
+++ b/install/includes/stages/login.php Sat Apr 17 03:33:14 2010 -0400
@@ -26,7 +26,7 @@
$ui->show_header();
// generate the HTML for the form, and store the public and private key in the temporary config
-$aes_form = sessionManager::generate_aes_form($dh_keys);
+$aes_form = sessionManager::generate_aes_form_static($dh_keys);
$fp = @fopen(ENANO_ROOT . '/config.new.php', 'a+');
if ( !$fp )
die('Couldn\'t open the config for writing');
--- a/plugins/SpecialUserPrefs.php Tue Apr 06 15:55:21 2010 -0400
+++ b/plugins/SpecialUserPrefs.php Sat Apr 17 03:33:14 2010 -0400
@@ -374,7 +374,9 @@
<div style="text-align: right;"><input type="submit" name="submit" value="' . $lang->get('etc_save_changes') . '" tabindex="5" /></div>';
if ( !$session->password_change_disabled )
+ {
echo $session->generate_aes_form();
+ }
echo '</form>';