Use salt to encrypt the website check password #297
This commit is contained in:
Pavel Dvořák
Samuel Denis-D'Ortun
parent
4d480fe2c3
commit
24d7fee63e
|
|
@ -624,18 +624,20 @@ function psm_no_cache() {
|
|||
/**
|
||||
* Encrypts the password for storage in the database
|
||||
*
|
||||
* @param string $key
|
||||
* @param string $password
|
||||
* @return string
|
||||
* @author Pavel Laupe Dvorak <pavel@pavel-dvorak.cz>
|
||||
*/
|
||||
function psm_password_encrypt($password)
|
||||
function psm_password_encrypt($key, $password)
|
||||
{
|
||||
if(empty($password))
|
||||
return '';
|
||||
if(empty($password))
|
||||
return '';
|
||||
|
||||
$key = psm_get_conf('password_encrypt_key');
|
||||
if (empty($key))
|
||||
throw new \InvalidArgumentException('invalid_encryption_key');
|
||||
|
||||
$iv = mcrypt_create_iv(
|
||||
$iv = mcrypt_create_iv(
|
||||
mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),
|
||||
MCRYPT_DEV_URANDOM
|
||||
);
|
||||
|
|
@ -657,17 +659,19 @@ function psm_password_encrypt($password)
|
|||
/**
|
||||
* Decrypts password stored in the database for future use
|
||||
*
|
||||
* @param string $key
|
||||
* @param string $encryptedString
|
||||
* @return string
|
||||
* @author Pavel Laupe Dvorak <pavel@pavel-dvorak.cz>
|
||||
*/
|
||||
function psm_password_decrypt($encryptedString)
|
||||
function psm_password_decrypt($key, $encryptedString)
|
||||
{
|
||||
if(empty($encryptedString))
|
||||
return '';
|
||||
|
||||
$key = psm_get_conf('password_encrypt_key');
|
||||
|
||||
if (empty($key))
|
||||
throw new \InvalidArgumentException('invalid_encryption_key');
|
||||
|
||||
$data = base64_decode($encryptedString);
|
||||
$iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
|
||||
|
||||
|
|
|
|||
|
|
@ -126,7 +126,7 @@ $sm_lang = array(
|
|||
'website_username' => 'Uživatelské jméno',
|
||||
'website_username_description' => 'Uživatelské jméno pro přístup na stránku. (Pouze Apache autorizace je podporovaná.)',
|
||||
'website_password' => 'Heslo',
|
||||
'website_password_description' => 'Heslo pro přístup na stránku. Heslo je v databázi šifrované a NENÍ uloženo v čistém textu.',
|
||||
'website_password_description' => 'Heslo pro přístup na stránku. Heslo je v databázi šifrované.',
|
||||
'fieldset_monitoring' => 'Monitoring',
|
||||
'fieldset_permissions' => 'Oprávnění',
|
||||
'port' => 'Port',
|
||||
|
|
|
|||
|
|
@ -229,33 +229,28 @@ class ServerController extends AbstractServerController {
|
|||
* Executes the saving of one of the servers
|
||||
*/
|
||||
protected function executeSave() {
|
||||
if(empty($_POST)) {
|
||||
if (empty($_POST)) {
|
||||
// dont process anything if no data has been posted
|
||||
return $this->executeIndex();
|
||||
}
|
||||
|
||||
$encrypted_password = '';
|
||||
|
||||
if(!empty($_POST['website_password']))
|
||||
{
|
||||
if ( !empty( $_POST['website_password'] )) {
|
||||
$new_password = psm_POST('website_password');
|
||||
if($this->server_id > 0)
|
||||
{
|
||||
$edit_server = $this->getServers($this->server_id);
|
||||
$hash = sha1($edit_server['website_password']);
|
||||
|
||||
if($new_password == $hash)
|
||||
{
|
||||
if ($this->server_id > 0) {
|
||||
$edit_server = $this->getServers($this->server_id);
|
||||
$hash = sha1($edit_server['website_password']);
|
||||
|
||||
if ($new_password == $hash) {
|
||||
$encrypted_password = $edit_server['website_password'];
|
||||
} else {
|
||||
$encrypted_password = psm_password_encrypt($this->server_id . psm_get_conf('password_encrypt_key'), $new_password);
|
||||
}
|
||||
else
|
||||
{
|
||||
$encrypted_password = psm_password_encrypt( $new_password);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$encrypted_password = psm_password_encrypt($new_password);
|
||||
} else {
|
||||
// We need the server id to encrypt the password. Encryption will be done after the server is added
|
||||
$encrypted_password = '';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -264,7 +259,7 @@ class ServerController extends AbstractServerController {
|
|||
'ip' => trim(strip_tags(psm_POST('ip', ''))),
|
||||
'timeout' => (isset($_POST['timeout']) && intval($_POST['timeout']) > 0) ? intval($_POST['timeout']) : null,
|
||||
'website_username' => psm_POST('website_username', null),
|
||||
'website_password' => $encrypted_password,
|
||||
'website_password' => $encrypted_password,
|
||||
'port' => intval(psm_POST('port', 0)),
|
||||
'type' => psm_POST('type', ''),
|
||||
'pattern' => psm_POST('pattern', ''),
|
||||
|
|
@ -308,6 +303,23 @@ class ServerController extends AbstractServerController {
|
|||
// add
|
||||
$clean['status'] = 'on';
|
||||
$this->server_id = $this->db->save(PSM_DB_PREFIX.'servers', $clean);
|
||||
|
||||
// server has been added, re-encrypt
|
||||
if (!empty($_POST['website_password'])) {
|
||||
$cleanWebsitePassword = array(
|
||||
'website_password' => psm_password_encrypt(
|
||||
$this->server_id . psm_get_conf('password_encrypt_key'),
|
||||
psm_POST('website_password')
|
||||
),
|
||||
);
|
||||
|
||||
$this->db->save(
|
||||
PSM_DB_PREFIX . 'servers',
|
||||
$cleanWebsitePassword,
|
||||
array('server_id' => $this->server_id)
|
||||
);
|
||||
}
|
||||
|
||||
$this->addMessage(psm_get_lang('servers', 'inserted'), 'success');
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -180,7 +180,7 @@ class StatusUpdater {
|
|||
$this->server['timeout'],
|
||||
true,
|
||||
$this->server['website_username'],
|
||||
psm_password_decrypt($this->server['website_password'])
|
||||
psm_password_decrypt($this->server['server_id'] . psm_get_conf('password_encrypt_key'), $this->server['website_password'])
|
||||
);
|
||||
|
||||
$this->rtime = (microtime(true) - $starttime);
|
||||
|
|
|
|||
Loading…
Reference in New Issue