2 years ago · 6b1b3547c3
--- a/fn/auth.php
+++ b/fn/auth.php
@@ -63,17 +63,16 @@ function logout() {
 
				 }
			
 
				 
			
 
				 function setupDisplayUsername($display_username) {
			
 
				-	$iv = random_bytes(12);
			
 
				-	$key = random_bytes(64);
			
 
				-	$cyphertext = openssl_encrypt(
			
 
				+	$nonce = random_bytes(24);
			
 
				+	$key = sodium_crypto_aead_xchacha20poly1305_ietf_keygen();
			
 
				+	$cyphertext = sodium_crypto_aead_xchacha20poly1305_ietf_encrypt(
			
 
				 		htmlspecialchars($display_username),
			
 
				-		'chacha20-poly1305',
			
 
				-		$key,
			
 
				-		0,
			
 
				-		$iv
			
 
				+		NULL,
			
 
				+		$nonce,
			
 
				+		$key
			
 
				 	);
			
 
				 
			
 
				-	$_SESSION['display-username-iv'] = $iv;
			
 
				+	$_SESSION['display-username-nonce'] = $nonce;
			
 
				 	setcookie(
			
 
				 		'display-username-decryption-key',
			
 
				 		base64_encode($key),
			
@@ -106,7 +105,7 @@ function rateLimitAccount($requestedTokens) {
 
				 	$tokens = min(86400, $tokens + (time() - $bucketLastUpdate));
			
 
				 
			
 
				 	if ($requestedTokens > $tokens)
			
 
				-		output(453, 'Limite d\'actions par compte atteinte. Réessayez plus tard.');
			
 
				+		output(453, _('Account rate limit reached, try again later.'));
			
 
				 
			
 
				 	$tokens -= $requestedTokens;
			
 
				 
			
@@ -128,7 +127,7 @@ function rateLimitInstance($requestedTokens) {
 
				 	$tokens = min(86400, $tokens + (time() - $bucketLastUpdate));
			
 
				 
			
 
				 	if ($requestedTokens > $tokens)
			
 
				-		output(453, 'Limite d\'actions globale atteinte. Réessayez plus tard.');
			
 
				+		output(453, _('Global rate limit reached, try again later.'));
			
 
				 
			
 
				 	$tokens -= $requestedTokens;
			
 
				 
			
--- a/router.php
+++ b/router.php
@@ -111,13 +111,12 @@ if ($_POST !== []) {
 
				 if (isset($_SESSION['id'])) {
			
 
				 	if (!isset($_COOKIE['display-username-decryption-key']))
			
 
				 		output(403, 'The display username decryption key has not been sent.');
			
 
				-	$decryption_result = openssl_decrypt(
			
 
				+	$decryption_result = htmlspecialchars(sodium_crypto_aead_xchacha20poly1305_ietf_decrypt(
			
 
				 		$_SESSION['display-username-cyphertext'],
			
 
				-		'chacha20-poly1305',
			
 
				-		base64_decode($_COOKIE['display-username-decryption-key']),
			
 
				-		0,
			
 
				-		$_SESSION['display-username-iv']
			
 
				-	);
			
 
				+		NULL,
			
 
				+		$_SESSION['display-username-nonce'],
			
 
				+		base64_decode($_COOKIE['display-username-decryption-key'])
			
 
				+	));
			
 
				 	if ($decryption_result === false)
			
 
				 		output(403, 'Unable to decrypt display username.');
			
 
				 	define('DISPLAY_USERNAME', $decryption_result);