AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removed Legacy AES Password conversion and old AES key from database

Browse Source
This commit is contained in:
johnnyq
2022-02-05 16:41:21 -05:00
parent c8600033f5
commit 5dd576fe20
5 changed files with 5 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
settings-update.php
View File

@@ -61,61 +61,4 @@ $git_log = shell_exec("git log master..origin/master --pretty=format:'<tr><td>%h
</div>
</div>
<!-- Updater to upgrade to new encryption -->
<div class="card card-dark">
<div class="card-header">
<h3 class="card-title"><i class="fa fa-fw fa-wrench"></i> Update AES Key</h3>
</div>
<div class="card-body">
<center>
<div class="col-8">
<div class="alert alert-danger" role="alert">
<strong>You only need to continue with this action if you are upgrading/migrating to the new (post Jan 2022) encryption setup.</strong>
<ul>
<li>Please take a backup of your current AES config key (for each company), and your 'logins' database table</li>
<li>Please ensure you have access to ALL companies registered under this instance, if using multiple companies. Only one user should perform the entire migration.</li>
<li>This activity will invalidate all existing user passwords. You must set them again using THIS user account.</li>
</ul>
</div>
</div>
<?php
//Get current settings
include_once('get_settings.php');
echo "Current Company ID: $session_company_id <br>";
echo "Current User ID: $session_user_id <br>";
if ($config_aes_key) {
echo "Current (legacy) AES key: $config_aes_key <br><br>";
echo "<b>Below are the decrypted credentials for five login entries, please confirm they show and are correct before continuing. <br>Do NOT continue if no entries are shown or if the decrypted passwords are incorrect.</b><br>";
$sql = mysqli_query($mysqli,"SELECT *, AES_DECRYPT(login_password, '$config_aes_key') AS login_password FROM logins WHERE (company_id = '$session_company_id' AND login_password IS NOT NULL) LIMIT 5");
foreach ($sql as $row){
echo $row['login_username'] . ":" . $row['login_password'];
echo "<br>";
}
echo "<br>";
?>
<form method="POST" action="post.php">
<div class="form-group">
<div class="input-group col-3">
<input type="password" class="form-control" placeholder="Account Password" name="password" value="" required="">
</div>
<br>
<p>Warning: This action is irreversible. Do NOT proceed without a backup.</p>
<button type="submit" class="btn btn-danger" name="encryption_update">Update encryption scheme for this company</button>
</div>
</form>
<?php
}
else {
echo "Config AES key is not set for this company.<br>";
echo "Please ensure upgrade is required. If you are sure you need to update, ensure the AES key is set correctly for this company.";
}
?>
</center>
</div>
</div>
<?php include("footer.php");