Use salt to encrypt the website check password #297
This commit is contained in:
parent
4d480fe2c3
commit
24d7fee63e
|
@ -624,18 +624,20 @@ function psm_no_cache() {
|
||||||
/**
|
/**
|
||||||
* Encrypts the password for storage in the database
|
* Encrypts the password for storage in the database
|
||||||
*
|
*
|
||||||
|
* @param string $key
|
||||||
* @param string $password
|
* @param string $password
|
||||||
* @return string
|
* @return string
|
||||||
* @author Pavel Laupe Dvorak <pavel@pavel-dvorak.cz>
|
* @author Pavel Laupe Dvorak <pavel@pavel-dvorak.cz>
|
||||||
*/
|
*/
|
||||||
function psm_password_encrypt($password)
|
function psm_password_encrypt($key, $password)
|
||||||
{
|
{
|
||||||
if(empty($password))
|
if(empty($password))
|
||||||
return '';
|
return '';
|
||||||
|
|
||||||
$key = psm_get_conf('password_encrypt_key');
|
if (empty($key))
|
||||||
|
throw new \InvalidArgumentException('invalid_encryption_key');
|
||||||
|
|
||||||
$iv = mcrypt_create_iv(
|
$iv = mcrypt_create_iv(
|
||||||
mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),
|
mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),
|
||||||
MCRYPT_DEV_URANDOM
|
MCRYPT_DEV_URANDOM
|
||||||
);
|
);
|
||||||
|
@ -657,17 +659,19 @@ function psm_password_encrypt($password)
|
||||||
/**
|
/**
|
||||||
* Decrypts password stored in the database for future use
|
* Decrypts password stored in the database for future use
|
||||||
*
|
*
|
||||||
|
* @param string $key
|
||||||
* @param string $encryptedString
|
* @param string $encryptedString
|
||||||
* @return string
|
* @return string
|
||||||
* @author Pavel Laupe Dvorak <pavel@pavel-dvorak.cz>
|
* @author Pavel Laupe Dvorak <pavel@pavel-dvorak.cz>
|
||||||
*/
|
*/
|
||||||
function psm_password_decrypt($encryptedString)
|
function psm_password_decrypt($key, $encryptedString)
|
||||||
{
|
{
|
||||||
if(empty($encryptedString))
|
if(empty($encryptedString))
|
||||||
return '';
|
return '';
|
||||||
|
|
||||||
$key = psm_get_conf('password_encrypt_key');
|
if (empty($key))
|
||||||
|
throw new \InvalidArgumentException('invalid_encryption_key');
|
||||||
|
|
||||||
$data = base64_decode($encryptedString);
|
$data = base64_decode($encryptedString);
|
||||||
$iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
|
$iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
|
||||||
|
|
||||||
|
|
|
@ -126,7 +126,7 @@ $sm_lang = array(
|
||||||
'website_username' => 'Uživatelské jméno',
|
'website_username' => 'Uživatelské jméno',
|
||||||
'website_username_description' => 'Uživatelské jméno pro přístup na stránku. (Pouze Apache autorizace je podporovaná.)',
|
'website_username_description' => 'Uživatelské jméno pro přístup na stránku. (Pouze Apache autorizace je podporovaná.)',
|
||||||
'website_password' => 'Heslo',
|
'website_password' => 'Heslo',
|
||||||
'website_password_description' => 'Heslo pro přístup na stránku. Heslo je v databázi šifrované a NENÍ uloženo v čistém textu.',
|
'website_password_description' => 'Heslo pro přístup na stránku. Heslo je v databázi šifrované.',
|
||||||
'fieldset_monitoring' => 'Monitoring',
|
'fieldset_monitoring' => 'Monitoring',
|
||||||
'fieldset_permissions' => 'Oprávnění',
|
'fieldset_permissions' => 'Oprávnění',
|
||||||
'port' => 'Port',
|
'port' => 'Port',
|
||||||
|
|
|
@ -229,33 +229,28 @@ class ServerController extends AbstractServerController {
|
||||||
* Executes the saving of one of the servers
|
* Executes the saving of one of the servers
|
||||||
*/
|
*/
|
||||||
protected function executeSave() {
|
protected function executeSave() {
|
||||||
if(empty($_POST)) {
|
if (empty($_POST)) {
|
||||||
// dont process anything if no data has been posted
|
// dont process anything if no data has been posted
|
||||||
return $this->executeIndex();
|
return $this->executeIndex();
|
||||||
}
|
}
|
||||||
|
|
||||||
$encrypted_password = '';
|
$encrypted_password = '';
|
||||||
|
|
||||||
if(!empty($_POST['website_password']))
|
if ( !empty( $_POST['website_password'] )) {
|
||||||
{
|
|
||||||
$new_password = psm_POST('website_password');
|
$new_password = psm_POST('website_password');
|
||||||
if($this->server_id > 0)
|
|
||||||
{
|
|
||||||
$edit_server = $this->getServers($this->server_id);
|
|
||||||
$hash = sha1($edit_server['website_password']);
|
|
||||||
|
|
||||||
if($new_password == $hash)
|
if ($this->server_id > 0) {
|
||||||
{
|
$edit_server = $this->getServers($this->server_id);
|
||||||
|
$hash = sha1($edit_server['website_password']);
|
||||||
|
|
||||||
|
if ($new_password == $hash) {
|
||||||
$encrypted_password = $edit_server['website_password'];
|
$encrypted_password = $edit_server['website_password'];
|
||||||
|
} else {
|
||||||
|
$encrypted_password = psm_password_encrypt($this->server_id . psm_get_conf('password_encrypt_key'), $new_password);
|
||||||
}
|
}
|
||||||
else
|
} else {
|
||||||
{
|
// We need the server id to encrypt the password. Encryption will be done after the server is added
|
||||||
$encrypted_password = psm_password_encrypt( $new_password);
|
$encrypted_password = '';
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
$encrypted_password = psm_password_encrypt($new_password);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -264,7 +259,7 @@ class ServerController extends AbstractServerController {
|
||||||
'ip' => trim(strip_tags(psm_POST('ip', ''))),
|
'ip' => trim(strip_tags(psm_POST('ip', ''))),
|
||||||
'timeout' => (isset($_POST['timeout']) && intval($_POST['timeout']) > 0) ? intval($_POST['timeout']) : null,
|
'timeout' => (isset($_POST['timeout']) && intval($_POST['timeout']) > 0) ? intval($_POST['timeout']) : null,
|
||||||
'website_username' => psm_POST('website_username', null),
|
'website_username' => psm_POST('website_username', null),
|
||||||
'website_password' => $encrypted_password,
|
'website_password' => $encrypted_password,
|
||||||
'port' => intval(psm_POST('port', 0)),
|
'port' => intval(psm_POST('port', 0)),
|
||||||
'type' => psm_POST('type', ''),
|
'type' => psm_POST('type', ''),
|
||||||
'pattern' => psm_POST('pattern', ''),
|
'pattern' => psm_POST('pattern', ''),
|
||||||
|
@ -308,6 +303,23 @@ class ServerController extends AbstractServerController {
|
||||||
// add
|
// add
|
||||||
$clean['status'] = 'on';
|
$clean['status'] = 'on';
|
||||||
$this->server_id = $this->db->save(PSM_DB_PREFIX.'servers', $clean);
|
$this->server_id = $this->db->save(PSM_DB_PREFIX.'servers', $clean);
|
||||||
|
|
||||||
|
// server has been added, re-encrypt
|
||||||
|
if (!empty($_POST['website_password'])) {
|
||||||
|
$cleanWebsitePassword = array(
|
||||||
|
'website_password' => psm_password_encrypt(
|
||||||
|
$this->server_id . psm_get_conf('password_encrypt_key'),
|
||||||
|
psm_POST('website_password')
|
||||||
|
),
|
||||||
|
);
|
||||||
|
|
||||||
|
$this->db->save(
|
||||||
|
PSM_DB_PREFIX . 'servers',
|
||||||
|
$cleanWebsitePassword,
|
||||||
|
array('server_id' => $this->server_id)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
$this->addMessage(psm_get_lang('servers', 'inserted'), 'success');
|
$this->addMessage(psm_get_lang('servers', 'inserted'), 'success');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -180,7 +180,7 @@ class StatusUpdater {
|
||||||
$this->server['timeout'],
|
$this->server['timeout'],
|
||||||
true,
|
true,
|
||||||
$this->server['website_username'],
|
$this->server['website_username'],
|
||||||
psm_password_decrypt($this->server['website_password'])
|
psm_password_decrypt($this->server['server_id'] . psm_get_conf('password_encrypt_key'), $this->server['website_password'])
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->rtime = (microtime(true) - $starttime);
|
$this->rtime = (microtime(true) - $starttime);
|
||||||
|
|
Loading…
Reference in New Issue