Added second pass on TLS
Added second pass on TLS

--- a/Install/index.php
+++ b/Install/index.php
@@ -885,9 +885,9 @@
 <link rel="stylesheet" type="text/css" href="../Resources/bootstrap/css/bootstrap.css" />
 <link rel="stylesheet" type="text/css" href="../templates/EstDeus/css/EstDeus.css" />
 <link rel="stylesheet" type="text/css" href="../Resources/jquery.tooltip.css" />
-<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js"></script>
+<script type="text/javascript" src="../Resources/jquery.min.js"></script>
 <script type="text/javascript" src="../Resources/jquery.tooltip.min.js"></script>
-<script type="text/javascript" src="../templates/EstDeus/css/bootstrap/js/bootstrap.js"></script>
+<script type="text/javascript" src="../Resources/bootstrap/js/bootstrap.js"></script>
 
 
 

file:a/README.md -> file:b/README.md
--- a/README.md
+++ b/README.md
@@ -10,11 +10,15 @@
 
 ------------------------------
 
-
-In BETA at the moment, shouldn't be too long until stable. Wouldn't recommend
-using in anger just yet as still have a few kinks to work out and backwards
-compatability isn't being worried about at this early stage!
-
 I'm not an interface designer, so the template is very rough around the edges.
 It's designed to support custom templates though so you can skin and brand as
-you see fit
+you see fit.
+
+Passwords are encrypted with either OpenSSL or MCrypt (depending what you have
+available). The system is intended for use over a https connection, though steps
+have been taken to help reduce the likelihood of credential compromise over a
+http connection. Still it's _STRONGLY_ recommended that connections be made over
+https to ensure that all credentials are protected in transit.
+
+You can view a demo at http://demo.bentasker.co.uk/PHPCredLocker/ including all
+developed plugins.

--- a/Resources/info.php
+++ b/Resources/info.php
@@ -123,16 +123,18 @@
 
       $x = 0;
       $str = '';
+      $str2 = '';
+
       while ($x < 40){
 
       $str .= chr(rand(33,126)) .mt_rand(16,45);
-      
+      $str2 .= chr(rand(33,126)) .mt_rand(16,45);
       $x++;
 
       }
 
 
-      BTMain::setSessVar('AuthKey',rtrim(base64_encode($str),"="));
+      BTMain::setSessVar('AuthKey',rtrim(base64_encode($str),"=") . ":" . rtrim(base64_encode($str2),"="));
       $enabled = 'true';
 
 

--- a/Resources/main.js
+++ b/Resources/main.js
@@ -924,13 +924,14 @@
     
 var a, b,
     enc='',
-    keypos = 0;
+    keypos = 0,
+    k = key.split(":");
 
   for (var i=0; i<str.length;i++) {
 
 
         a = str.charCodeAt(i);
-        b = a ^ key.charCodeAt(keypos) ;    
+        b = (a ^ k[0].charCodeAt(keypos)) ^ k[1].charCodeAt(keypos) ;    
         enc += b.toString()+" ";
 
 	keypos++;
@@ -953,13 +954,13 @@
 var a, b,
     enc='',
     keypos = 0,
-    str = str.split(" ");
-
+    str = str.split(" "),
+    k = key.split(":");
   for (var i=0; i<str.length;i++) {
 
 	if (str[i].length == 0){ continue; }
         a = str[i];
-        b = a ^ key.charCodeAt(keypos) ;    
+        b = (a ^ k[1].charCodeAt(keypos)) ^ k[0].charCodeAt(keypos) ;    
         enc += String.fromCharCode(b);
 
 	keypos++;

file:a/conf.zip (deleted)
 Binary files a/conf.zip and /dev/null differ
--- a/conf/plugins.example.php
+++ /dev/null
@@ -1,21 +1,1 @@
-<?php
-/** Plugins Configuration
-*
-* Copyright (C) 2012 B Tasker
-* Released under GNU GPL V2
-* See LICENSE
-*
-*/ 
-defined('_CREDLOCK') or die;
 
-
-
-
-$plugins->Auth = array();
-$plugins->Logging = array('AffinityLive');
-$plugins->Customers = array();
-$plugins->Creds = array();
-$plugins->Cron = array();
-
-defined("CREDLOCK_PLUGIN__PATH") or define('CREDLOCK_PLUGIN__PATH','plugins/ACDK89345u3Bcd');
-

--- a/conf/plugins.php
+++ b/conf/plugins.php
@@ -14,8 +14,8 @@
 $plugins->Auth = array();
 $plugins->Logging = array('AffinityLive');
 $plugins->Customers = array();
-$plugins->Creds = array('');
-$plugins->CredTypes = array('');
+$plugins->Creds = array();
+$plugins->CredTypes = array();
 $plugins->Cron = array();
 $plugins->Resources = array('ExternalResources');
 

--- a/conf/plugins/AffinityLive/config.php
+++ b/conf/plugins/AffinityLive/config.php
@@ -12,7 +12,7 @@
 $this->active = false;
 
 // Set this to true to stop the plugin sending data to AL (Debug output will be generated instead
-$this->testmode = true;
+$this->testmode = false;
 
 // URL to post logging data to
 $this->url = "https://yourdomain.affinitylive.com/forms/public/issue";

--- a/lib/.version.php
+++ b/lib/.version.php
@@ -13,7 +13,7 @@
 
 
 $versionmaj = "1.0";
-$versionmin = "1";
-$status = "b";
+$versionmin = "";
+$status = "";
 
 ?>

--- a/lib/crypto.php
+++ b/lib/crypto.php
@@ -58,14 +58,15 @@
 $keylength = strlen($key);
 $kpos = 0;
 $en = "";
-
+$k = explode(":",$key);
 $str = explode(" ",$str);
 
 foreach ($str as $string){
 	 if (strlen($string) == 0){ continue; }
         
 	// Convert the character in the key to a charcode and use bitwise XOR
-        $b = $string ^ ord($key[$kpos]);
+        $b = $string ^ ord($k[1][$kpos]);
+	$b = $b ^ ord($k[0][$kpos]);
 	
 	// Convert the result back to the appropriate character
         $en .= chr($b);
@@ -95,6 +96,7 @@
 $strlength = strlen($str);
 $kpos = 0;
 $en = "";
+$k = explode(":",$key);
 
 $i = 0;
 
@@ -104,8 +106,9 @@
         $a = ord($str[$i]);
 
 	// Perform a bitwise XOR
-        $b = $a ^ ord($key[$kpos]) ;    
+        $b = ($a ^ ord($k[0][$kpos])) ^ ord($k[1][$kpos]);    
         
+    
 	// add to the string
 	$en .= $b." ";
 	
@@ -145,12 +148,16 @@
 // Upped from 1024 because commit cae0ac5 increases the likelihood of key repetition
   while ($x <= 256){
 	$key = mt_rand(48,122);
+	$key2 = mt_rand(48,122);
+
 	if (in_array($key,$excludes)){ continue; }
+	if (in_array($key2,$excludes)){ continue; }
 	$str .= chr($key);
+	$str2 .= chr($key2);
 	$x++;
   }
 
-return $str;
+return $str.":".$str2;
 }