AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-01 19:34:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add initial user specific encryption of site master key

Browse Source
This commit is contained in:
Marcus Hill
2022-01-10 21:47:51 +00:00
parent 13d83f6e3b
commit a56d701a8a
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
setup.php
View File

@@ -399,7 +399,13 @@ if(isset($_POST['add_user'])){
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email']))); $email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['email'])));
$password = password_hash($_POST['password'], PASSWORD_DEFAULT); $password = password_hash($_POST['password'], PASSWORD_DEFAULT);
mysqli_query($mysqli,"INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_created_at = NOW()"); //Generate master encryption key
$site_encryption_master_key = keygen();
//Generate user specific key
$user_specific_encryption_ciphertext = setupFirstUserSpecificKey($_POST['password'], $site_encryption_master_key);
mysqli_query($mysqli,"INSERT INTO users SET user_name = '$name', user_email = '$email', user_password = '$password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext', user_created_at = NOW()");
$user_id = mysqli_insert_id($mysqli); $user_id = mysqli_insert_id($mysqli);
@@ -480,7 +486,6 @@ if(isset($_POST['add_company_settings'])){
$company_id = mysqli_insert_id($mysqli); $company_id = mysqli_insert_id($mysqli);
$config_base_url = $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']); $config_base_url = $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']);
$config_api_key = keygen(); $config_api_key = keygen();
$config_aes_key = keygen();
mkdir_missing("uploads/clients/$company_id"); mkdir_missing("uploads/clients/$company_id");
file_put_contents("uploads/clients/$company_id/index.php", ""); file_put_contents("uploads/clients/$company_id/index.php", "");
@@ -536,7 +541,7 @@ if(isset($_POST['add_company_settings'])){
//Set User Company Permissions //Set User Company Permissions
mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO user_companies SET user_id = $user_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_recurring_prefix = 'REC-', config_recurring_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_aes_key = '$config_aes_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_send_invoice_reminders = 1, config_enable_cron = 0, config_ticket_next_number = 1, config_base_url = '$config_base_url'"); mysqli_query($mysqli,"INSERT INTO settings SET company_id = $company_id, config_invoice_prefix = 'INV-', config_invoice_next_number = 1, config_recurring_prefix = 'REC-', config_recurring_next_number = 1, config_invoice_overdue_reminders = '1,3,7', config_quote_prefix = 'QUO-', config_quote_next_number = 1, config_api_key = '$config_api_key', config_recurring_auto_send_invoice = 1, config_default_net_terms = 7, config_send_invoice_reminders = 1, config_enable_cron = 0, config_ticket_next_number = 1, config_base_url = '$config_base_url'");
//Create Some Data //Create Some Data