AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #571 from wrongecho/mail-format-fix 

Revert PHP Mailer back to isHTML true
This commit is contained in:
Johnny 2023-01-23 15:49:13 -05:00 committed by GitHub
parent 2ab601fa59 10f12b17f6
commit b60b501cef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 351 additions and 350 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

701
functions.php
View File

@ -13,229 +13,229 @@ use PHPMailer\PHPMailer\Exception;
function keygen() function keygen()
{ {
$chars = "abcdefghijklmnopqrstuvwxyz"; $chars = "abcdefghijklmnopqrstuvwxyz";
$chars .= "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $chars .= "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$chars .= "0123456789"; $chars .= "0123456789";
while (1) { while (1) {
$key = ''; $key = '';
srand((double) microtime() * 1000000); srand((double) microtime() * 1000000);
for ($i = 0; $i < 16; $i++) { for ($i = 0; $i < 16; $i++) {
$key .= substr($chars, (rand() % (strlen($chars))), 1); $key .= substr($chars, (rand() % (strlen($chars))), 1);
}
break;
} }
break; return $key;
}
return $key;
} }
function key32gen() function key32gen()
{ {
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$chars .= "234567"; $chars .= "234567";
while (1) { while (1) {
$key = ''; $key = '';
srand((double) microtime() * 1000000); srand((double) microtime() * 1000000);
for ($i = 0; $i < 32; $i++) { for ($i = 0; $i < 32; $i++) {
$key .= substr($chars, (rand() % (strlen($chars))), 1); $key .= substr($chars, (rand() % (strlen($chars))), 1);
}
break;
} }
break; return $key;
}
return $key;
} }
function initials($str) { function initials($str) {
if (!empty($str)) { if (!empty($str)) {
$ret = ''; $ret = '';
foreach (explode(' ', $str) as $word) foreach (explode(' ', $str) as $word)
$ret .= strtoupper($word[0]); $ret .= strtoupper($word[0]);
return $ret; return $ret;
} }
} }
function removeDirectory($path) { function removeDirectory($path) {
if (!file_exists($path)) { if (!file_exists($path)) {
return; return;
} }
$files = glob($path . '/*'); $files = glob($path . '/*');
foreach ($files as $file) { foreach ($files as $file) {
is_dir($file) ? removeDirectory($file) : unlink($file); is_dir($file) ? removeDirectory($file) : unlink($file);
} }
rmdir($path); rmdir($path);
} }
function get_user_agent() { function get_user_agent() {
return $_SERVER['HTTP_USER_AGENT']; return $_SERVER['HTTP_USER_AGENT'];
} }
function get_ip() { function get_ip() {
if (defined("CONST_GET_IP_METHOD")) { if (defined("CONST_GET_IP_METHOD")) {
if (CONST_GET_IP_METHOD == "HTTP_X_FORWARDED_FOR") { if (CONST_GET_IP_METHOD == "HTTP_X_FORWARDED_FOR") {
$ip = getenv('HTTP_X_FORWARDED_FOR'); $ip = getenv('HTTP_X_FORWARDED_FOR');
} }
else{
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"] ?? $_SERVER['REMOTE_ADDR'];
}
}
else{ else{
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"] ?? $_SERVER['REMOTE_ADDR'];
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"] ?? $_SERVER['REMOTE_ADDR'];
} }
}
else{
$ip = $_SERVER["HTTP_CF_CONNECTING_IP"] ?? $_SERVER['REMOTE_ADDR'];
}
return $ip; return $ip;
} }
function get_web_browser($user_browser) { function get_web_browser($user_browser) {
$browser = "Unknown Browser"; $browser = "Unknown Browser";
$browser_array = array( $browser_array = array(
'/msie/i' => "<i class='fab fa-fw fa-internet-explorer text-secondary'></i> Internet Explorer", '/msie/i' => "<i class='fab fa-fw fa-internet-explorer text-secondary'></i> Internet Explorer",
'/firefox/i' => "<i class='fab fa-fw fa-firefox text-secondary'></i> Firefox", '/firefox/i' => "<i class='fab fa-fw fa-firefox text-secondary'></i> Firefox",
'/safari/i' => "<i class='fab fa-fw fa-safari text-secondary'></i> Safari", '/safari/i' => "<i class='fab fa-fw fa-safari text-secondary'></i> Safari",
'/chrome/i' => "<i class='fab fa-fw fa-chrome text-secondary'></i> Chrome", '/chrome/i' => "<i class='fab fa-fw fa-chrome text-secondary'></i> Chrome",
'/edge/i' => "<i class='fab fa-fw fa-edge text-secondary'></i> Edge", '/edge/i' => "<i class='fab fa-fw fa-edge text-secondary'></i> Edge",
'/opera/i' => "<i class='fab fa-fw fa-opera text-secondary'></i> Opera" '/opera/i' => "<i class='fab fa-fw fa-opera text-secondary'></i> Opera"
); );
foreach ($browser_array as $regex => $value) { foreach ($browser_array as $regex => $value) {
if (preg_match($regex, $user_browser)) { if (preg_match($regex, $user_browser)) {
$browser = $value; $browser = $value;
}
} }
} return $browser;
return $browser;
} }
function get_os($user_os) { function get_os($user_os) {
$os_platform = "Unknown OS"; $os_platform = "Unknown OS";
$os_array = array( $os_array = array(
'/windows nt 10/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows 10", '/windows nt 10/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows 10",
'/windows nt 6.3/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows 8.1", '/windows nt 6.3/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows 8.1",
'/windows nt 6.2/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows 8", '/windows nt 6.2/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows 8",
'/windows nt 6.1/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows 7", '/windows nt 6.1/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows 7",
'/windows nt 6.0/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows Vista", '/windows nt 6.0/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows Vista",
'/windows nt 5.2/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows Server 2003/XP x64", '/windows nt 5.2/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows Server 2003/XP x64",
'/windows nt 5.1/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows XP", '/windows nt 5.1/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows XP",
'/windows xp/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows XP", '/windows xp/i' => "<i class='fab fa-fw fa-windows text-secondary'></i> Windows XP",
'/macintosh|mac os x/i' => "<i class='fab fa-fw fa-apple text-secondary'></i> MacOS", '/macintosh|mac os x/i' => "<i class='fab fa-fw fa-apple text-secondary'></i> MacOS",
'/linux/i' => "<i class='fab fa-fw fa-linux text-secondary'></i> Linux", '/linux/i' => "<i class='fab fa-fw fa-linux text-secondary'></i> Linux",
'/ubuntu/i' => "<i class='fab fa-fw fa-ubuntu text-secondary'></i> Ubuntu", '/ubuntu/i' => "<i class='fab fa-fw fa-ubuntu text-secondary'></i> Ubuntu",
'/iphone/i' => "<i class='fab fa-fw fa-apple text-secondary'></i> iPhone", '/iphone/i' => "<i class='fab fa-fw fa-apple text-secondary'></i> iPhone",
'/ipod/i' => "<i class='fab fa-fw fa-apple text-secondary'></i> iPod", '/ipod/i' => "<i class='fab fa-fw fa-apple text-secondary'></i> iPod",
'/ipad/i' => "<i class='fab fa-fw fa-apple text-secondary'></i> iPad", '/ipad/i' => "<i class='fab fa-fw fa-apple text-secondary'></i> iPad",
'/android/i' => "<i class='fab fa-fw fa-android text-secondary'></i> Android" '/android/i' => "<i class='fab fa-fw fa-android text-secondary'></i> Android"
); );
foreach ($os_array as $regex => $value) { foreach ($os_array as $regex => $value) {
if (preg_match($regex, $user_os)) { if (preg_match($regex, $user_os)) {
$os_platform = $value; $os_platform = $value;
}
} }
} return $os_platform;
return $os_platform;
} }
function get_device() { function get_device() {
$tablet_browser = 0; $tablet_browser = 0;
$mobile_browser = 0; $mobile_browser = 0;
if (preg_match('/(tablet|ipad|playbook)|(android(?!.*(mobi|opera mini)))/i', strtolower($_SERVER['HTTP_USER_AGENT']))) { if (preg_match('/(tablet|ipad|playbook)|(android(?!.*(mobi|opera mini)))/i', strtolower($_SERVER['HTTP_USER_AGENT']))) {
$tablet_browser++; $tablet_browser++;
} }
if (preg_match('/(up.browser|up.link|mmp|symbian|smartphone|midp|wap|phone|android|iemobile)/i', strtolower($_SERVER['HTTP_USER_AGENT']))) { if (preg_match('/(up.browser|up.link|mmp|symbian|smartphone|midp|wap|phone|android|iemobile)/i', strtolower($_SERVER['HTTP_USER_AGENT']))) {
$mobile_browser++; $mobile_browser++;
} }
if ((strpos(strtolower($_SERVER['HTTP_ACCEPT']),'application/vnd.wap.xhtml+xml') > 0) || ((isset($_SERVER['HTTP_X_WAP_PROFILE']) || isset($_SERVER['HTTP_PROFILE'])))) { if ((strpos(strtolower($_SERVER['HTTP_ACCEPT']),'application/vnd.wap.xhtml+xml') > 0) || ((isset($_SERVER['HTTP_X_WAP_PROFILE']) || isset($_SERVER['HTTP_PROFILE'])))) {
$mobile_browser++; $mobile_browser++;
} }
$mobile_ua = strtolower(substr(get_user_agent(), 0, 4)); $mobile_ua = strtolower(substr(get_user_agent(), 0, 4));
$mobile_agents = array( $mobile_agents = array(
'w3c ','acs-','alav','alca','amoi','audi','avan','benq','bird','blac', 'w3c ','acs-','alav','alca','amoi','audi','avan','benq','bird','blac',
'blaz','brew','cell','cldc','cmd-','dang','doco','eric','hipt','inno', 'blaz','brew','cell','cldc','cmd-','dang','doco','eric','hipt','inno',
'ipaq','java','jigs','kddi','keji','leno','lg-c','lg-d','lg-g','lge-', 'ipaq','java','jigs','kddi','keji','leno','lg-c','lg-d','lg-g','lge-',
'maui','maxo','midp','mits','mmef','mobi','mot-','moto','mwbp','nec-', 'maui','maxo','midp','mits','mmef','mobi','mot-','moto','mwbp','nec-',
'newt','noki','palm','pana','pant','phil','play','port','prox', 'newt','noki','palm','pana','pant','phil','play','port','prox',
'qwap','sage','sams','sany','sch-','sec-','send','seri','sgh-','shar', 'qwap','sage','sams','sany','sch-','sec-','send','seri','sgh-','shar',
'sie-','siem','smal','smar','sony','sph-','symb','t-mo','teli','tim-', 'sie-','siem','smal','smar','sony','sph-','symb','t-mo','teli','tim-',
'tosh','tsm-','upg1','upsi','vk-v','voda','wap-','wapa','wapi','wapp', 'tosh','tsm-','upg1','upsi','vk-v','voda','wap-','wapa','wapi','wapp',
'wapr','webc','winw','winw','xda ','xda-'); 'wapr','webc','winw','winw','xda ','xda-');
if (in_array($mobile_ua,$mobile_agents)) { if (in_array($mobile_ua,$mobile_agents)) {
$mobile_browser++; $mobile_browser++;
} }
if (strpos(strtolower(get_user_agent()),'opera mini') > 0) { if (strpos(strtolower(get_user_agent()),'opera mini') > 0) {
$mobile_browser++; $mobile_browser++;
//Check for tablets on Opera Mini alternative headers //Check for tablets on Opera Mini alternative headers
$stock_ua = strtolower(isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])?$_SERVER['HTTP_X_OPERAMINI_PHONE_UA']:(isset($_SERVER['HTTP_DEVICE_STOCK_UA'])?$_SERVER['HTTP_DEVICE_STOCK_UA']:'')); $stock_ua = strtolower(isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])?$_SERVER['HTTP_X_OPERAMINI_PHONE_UA']:(isset($_SERVER['HTTP_DEVICE_STOCK_UA'])?$_SERVER['HTTP_DEVICE_STOCK_UA']:''));
if (preg_match('/(tablet|ipad|playbook)|(android(?!.*mobile))/i', $stock_ua)) { if (preg_match('/(tablet|ipad|playbook)|(android(?!.*mobile))/i', $stock_ua)) {
$tablet_browser++; $tablet_browser++;
}
}
if ($tablet_browser > 0) {
//do something for tablet devices
return 'Tablet';
}
else if ($mobile_browser > 0) {
//do something for mobile devices
return 'Mobile';
}
else {
//do something for everything else
return 'Computer';
} }
}
if ($tablet_browser > 0) {
//do something for tablet devices
return 'Tablet';
}
else if ($mobile_browser > 0) {
//do something for mobile devices
return 'Mobile';
}
else {
//do something for everything else
return 'Computer';
}
} }
function truncate($text, $chars) { function truncate($text, $chars) {
if (strlen($text) <= $chars) { if (strlen($text) <= $chars) {
return $text; return $text;
} }
$text = $text." "; $text = $text." ";
$text = substr($text,0,$chars); $text = substr($text,0,$chars);
$text = substr($text,0,strrpos($text,' ')); $text = substr($text,0,strrpos($text,' '));
return $text."..."; return $text."...";
} }
function formatPhoneNumber($phoneNumber) { function formatPhoneNumber($phoneNumber) {
$phoneNumber = preg_replace('/[^0-9]/','',$phoneNumber); $phoneNumber = preg_replace('/[^0-9]/','',$phoneNumber);
if (strlen($phoneNumber) > 10) { if (strlen($phoneNumber) > 10) {
$countryCode = substr($phoneNumber, 0, strlen($phoneNumber)-10); $countryCode = substr($phoneNumber, 0, strlen($phoneNumber)-10);
$areaCode = substr($phoneNumber, -10, 3); $areaCode = substr($phoneNumber, -10, 3);
$nextThree = substr($phoneNumber, -7, 3); $nextThree = substr($phoneNumber, -7, 3);
$lastFour = substr($phoneNumber, -4, 4); $lastFour = substr($phoneNumber, -4, 4);
$phoneNumber = '+'.$countryCode.' ('.$areaCode.') '.$nextThree.'-'.$lastFour; $phoneNumber = '+'.$countryCode.' ('.$areaCode.') '.$nextThree.'-'.$lastFour;
} }
else if (strlen($phoneNumber) == 10) { else if (strlen($phoneNumber) == 10) {
$areaCode = substr($phoneNumber, 0, 3); $areaCode = substr($phoneNumber, 0, 3);
$nextThree = substr($phoneNumber, 3, 3); $nextThree = substr($phoneNumber, 3, 3);
$lastFour = substr($phoneNumber, 6, 4); $lastFour = substr($phoneNumber, 6, 4);
$phoneNumber = '('.$areaCode.') '.$nextThree.'-'.$lastFour; $phoneNumber = '('.$areaCode.') '.$nextThree.'-'.$lastFour;
} }
else if (strlen($phoneNumber) == 7) { else if (strlen($phoneNumber) == 7) {
$nextThree = substr($phoneNumber, 0, 3); $nextThree = substr($phoneNumber, 0, 3);
$lastFour = substr($phoneNumber, 3, 4); $lastFour = substr($phoneNumber, 3, 4);
$phoneNumber = $nextThree.'-'.$lastFour; $phoneNumber = $nextThree.'-'.$lastFour;
} }
return $phoneNumber; return $phoneNumber;
} }
function mkdir_missing($dir) { function mkdir_missing($dir) {
if (!is_dir($dir)) { if (!is_dir($dir)) {
mkdir($dir); mkdir($dir);
} }
} }
// Called during initial setup // Called during initial setup
// Encrypts the master key with the user's password // Encrypts the master key with the user's password
function setupFirstUserSpecificKey($user_password, $site_encryption_master_key) { function setupFirstUserSpecificKey($user_password, $site_encryption_master_key) {
$iv = bin2hex(random_bytes(8)); $iv = bin2hex(random_bytes(8));
$salt = bin2hex(random_bytes(8)); $salt = bin2hex(random_bytes(8));
//Generate 128-bit (16 byte/char) kdhash of the users password //Generate 128-bit (16 byte/char) kdhash of the users password
$user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16); $user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16);
//Encrypt the master key with the users kdf'd hash and the IV //Encrypt the master key with the users kdf'd hash and the IV
$ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_password_kdhash, 0, $iv); $ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_password_kdhash, 0, $iv);
return $salt . $iv . $ciphertext; return $salt . $iv . $ciphertext;
} }
/* /*
@ -244,40 +244,40 @@ function setupFirstUserSpecificKey($user_password, $site_encryption_master_key)
* Password Changes: Will use the current info in the session. * Password Changes: Will use the current info in the session.
*/ */
function encryptUserSpecificKey($user_password) { function encryptUserSpecificKey($user_password) {
$iv = bin2hex(random_bytes(8)); $iv = bin2hex(random_bytes(8));
$salt = bin2hex(random_bytes(8)); $salt = bin2hex(random_bytes(8));
// Get the session info. // Get the session info.
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext']; $user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
$user_encryption_session_iv = $_SESSION['user_encryption_session_iv']; $user_encryption_session_iv = $_SESSION['user_encryption_session_iv'];
$user_encryption_session_key = $_COOKIE['user_encryption_session_key']; $user_encryption_session_key = $_COOKIE['user_encryption_session_key'];
// Decrypt the session key to get the master key // Decrypt the session key to get the master key
$site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv); $site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
// Generate 128-bit (16 byte/char) kdhash of the users (new) password // Generate 128-bit (16 byte/char) kdhash of the users (new) password
$user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16); $user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16);
// Encrypt the master key with the users kdf'd hash and the IV // Encrypt the master key with the users kdf'd hash and the IV
$ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_password_kdhash, 0, $iv); $ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_password_kdhash, 0, $iv);
return $salt . $iv . $ciphertext; return $salt . $iv . $ciphertext;
} }
// Given a ciphertext (incl. IV) and the user's password, returns the site master key // Given a ciphertext (incl. IV) and the user's password, returns the site master key
// Ran at login, to facilitate generateUserSessionKey // Ran at login, to facilitate generateUserSessionKey
function decryptUserSpecificKey($user_encryption_ciphertext, $user_password) { function decryptUserSpecificKey($user_encryption_ciphertext, $user_password) {
//Get the IV, salt and ciphertext //Get the IV, salt and ciphertext
$salt = substr($user_encryption_ciphertext, 0, 16); $salt = substr($user_encryption_ciphertext, 0, 16);
$iv = substr($user_encryption_ciphertext, 16, 16); $iv = substr($user_encryption_ciphertext, 16, 16);
$ciphertext = substr($user_encryption_ciphertext, 32); $ciphertext = substr($user_encryption_ciphertext, 32);
//Generate 128-bit (16 byte/char) kdhash of the users password //Generate 128-bit (16 byte/char) kdhash of the users password
$user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16); $user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16);
//Use this hash to get the original/master key //Use this hash to get the original/master key
return openssl_decrypt($ciphertext, 'aes-128-cbc', $user_password_kdhash, 0, $iv); return openssl_decrypt($ciphertext, 'aes-128-cbc', $user_password_kdhash, 0, $iv);
} }
/* /*
@ -289,174 +289,174 @@ Generates what is probably best described as a session key (ephemeral-ish)
*/ */
function generateUserSessionKey($site_encryption_master_key) { function generateUserSessionKey($site_encryption_master_key) {
// Generate both of these using bin2hex(random_bytes(8)) // Generate both of these using bin2hex(random_bytes(8))
$user_encryption_session_key = bin2hex(random_bytes(8)); $user_encryption_session_key = bin2hex(random_bytes(8));
$user_encryption_session_iv = bin2hex(random_bytes(8)); $user_encryption_session_iv = bin2hex(random_bytes(8));
$user_encryption_session_ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv); $user_encryption_session_ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
// Store ciphertext in the user's session // Store ciphertext in the user's session
$_SESSION['user_encryption_session_ciphertext'] = $user_encryption_session_ciphertext; $_SESSION['user_encryption_session_ciphertext'] = $user_encryption_session_ciphertext;
$_SESSION['user_encryption_session_iv'] = $user_encryption_session_iv; $_SESSION['user_encryption_session_iv'] = $user_encryption_session_iv;
// Give the user "their" key as a cookie // Give the user "their" key as a cookie
include('config.php'); include('config.php');
if ($config_https_only) { if ($config_https_only) {
setcookie("user_encryption_session_key", "$user_encryption_session_key", ['path' => '/','secure' => true,'httponly' => true,'samesite' => 'None']); setcookie("user_encryption_session_key", "$user_encryption_session_key", ['path' => '/','secure' => true,'httponly' => true,'samesite' => 'None']);
} else{ } else{
setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/"); setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/");
$_SESSION['alert_message'] = "Unencrypted connection flag set: Using non-secure cookies."; $_SESSION['alert_message'] = "Unencrypted connection flag set: Using non-secure cookies.";
} }
} }
// Decrypts an encrypted password (website/asset login), returns it as a string // Decrypts an encrypted password (website/asset login), returns it as a string
function decryptLoginEntry($login_password_ciphertext) { function decryptLoginEntry($login_password_ciphertext) {
// Split the login into IV and Ciphertext // Split the login into IV and Ciphertext
$login_iv = substr($login_password_ciphertext, 0, 16); $login_iv = substr($login_password_ciphertext, 0, 16);
$login_ciphertext = $salt = substr($login_password_ciphertext, 16); $login_ciphertext = $salt = substr($login_password_ciphertext, 16);
// Get the user session info. // Get the user session info.
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext']; $user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
$user_encryption_session_iv = $_SESSION['user_encryption_session_iv']; $user_encryption_session_iv = $_SESSION['user_encryption_session_iv'];
$user_encryption_session_key = $_COOKIE['user_encryption_session_key']; $user_encryption_session_key = $_COOKIE['user_encryption_session_key'];
// Decrypt the session key to get the master key // Decrypt the session key to get the master key
$site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv); $site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
// Decrypt the login password using the master key // Decrypt the login password using the master key
return openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv); return openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv);
} }
// Encrypts a website/asset login password // Encrypts a website/asset login password
function encryptLoginEntry($login_password_cleartext) { function encryptLoginEntry($login_password_cleartext) {
$iv = bin2hex(random_bytes(8)); $iv = bin2hex(random_bytes(8));
// Get the user session info. // Get the user session info.
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext']; $user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
$user_encryption_session_iv = $_SESSION['user_encryption_session_iv']; $user_encryption_session_iv = $_SESSION['user_encryption_session_iv'];
$user_encryption_session_key = $_COOKIE['user_encryption_session_key']; $user_encryption_session_key = $_COOKIE['user_encryption_session_key'];
//Decrypt the session key to get the master key //Decrypt the session key to get the master key
$site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv); $site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
//Encrypt the website/asset login using the master key //Encrypt the website/asset login using the master key
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv); $ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv);
return $iv . $ciphertext; return $iv . $ciphertext;
} }
// Get domain expiration date // Get domain expiration date
function getDomainExpirationDate($name) { function getDomainExpirationDate($name) {
// Only run if we think the domain is valid // Only run if we think the domain is valid
if (!filter_var($name, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) { if (!filter_var($name, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
return '0000-00-00';
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://lookup.itflow.org:8080/$name");
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$response = json_decode(curl_exec($ch),1);
if ($response) {
if (is_array($response['expiration_date'])) {
$expiry = new DateTime($response['expiration_date'][1]);
}
else{
$expiry = new DateTime($response['expiration_date']);
}
return $expiry->format('Y-m-d');
}
// Default return
return '0000-00-00'; return '0000-00-00';
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://lookup.itflow.org:8080/$name");
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$response = json_decode(curl_exec($ch),1);
if ($response) {
if (is_array($response['expiration_date'])) {
$expiry = new DateTime($response['expiration_date'][1]);
}
else{
$expiry = new DateTime($response['expiration_date']);
}
return $expiry->format('Y-m-d');
}
// Default return
return '0000-00-00';
} }
// Get domain general info (whois + NS/A/MX records) // Get domain general info (whois + NS/A/MX records)
function getDomainRecords($name) { function getDomainRecords($name) {
$records = array(); $records = array();
// Only run if we think the domain is valid
if (!filter_var($name, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
$records['a'] = '';
$records['ns'] = '';
$records['mx'] = '';
$records['whois'] = '';
return $records;
}
$domain = escapeshellarg($name);
$records['a'] = substr(trim(strip_tags(shell_exec("dig +short $domain"))), 0, 254);
$records['ns'] = substr(trim(strip_tags(shell_exec("dig +short NS $domain"))), 0, 254);
$records['mx'] = substr(trim(strip_tags(shell_exec("dig +short MX $domain"))), 0, 254);
$records['txt'] = substr(trim(strip_tags(shell_exec("dig +short TXT $domain"))), 0, 254);
$records['whois'] = substr(trim(strip_tags(shell_exec("whois -H $domain | sed 's/ //g' | head -30"))), 0, 254);
// Only run if we think the domain is valid
if (!filter_var($name, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
$records['a'] = '';
$records['ns'] = '';
$records['mx'] = '';
$records['whois'] = '';
return $records; return $records;
}
$domain = escapeshellarg($name);
$records['a'] = substr(trim(strip_tags(shell_exec("dig +short $domain"))), 0, 254);
$records['ns'] = substr(trim(strip_tags(shell_exec("dig +short NS $domain"))), 0, 254);
$records['mx'] = substr(trim(strip_tags(shell_exec("dig +short MX $domain"))), 0, 254);
$records['txt'] = substr(trim(strip_tags(shell_exec("dig +short TXT $domain"))), 0, 254);
$records['whois'] = substr(trim(strip_tags(shell_exec("whois -H $domain | sed 's/ //g' | head -30"))), 0, 254);
return $records;
} }
// Used to automatically attempt to get SSL certificates as part of adding domains // Used to automatically attempt to get SSL certificates as part of adding domains
// The logic for the fetch (sync) button on the client_certificates page is in ajax.php, and allows ports other than 443 // The logic for the fetch (sync) button on the client_certificates page is in ajax.php, and allows ports other than 443
function getSSL($name) { function getSSL($name) {
$certificate = array(); $certificate = array();
$certificate['success'] = FALSE; $certificate['success'] = FALSE;
// Only run if we think the domain is valid // Only run if we think the domain is valid
if (!filter_var($name, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) { if (!filter_var($name, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
$certificate['expire'] = ''; $certificate['expire'] = '';
$certificate['issued_by'] = ''; $certificate['issued_by'] = '';
$certificate['public_key'] = ''; $certificate['public_key'] = '';
return $certificate; return $certificate;
}
// Get SSL/TSL certificate (using verify peer false to allow for self-signed certs) for domain on default port
$socket = "ssl://$name:443";
$get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE, "verify_peer" => FALSE,)));
$read = stream_socket_client($socket, $errno, $errstr, 5, STREAM_CLIENT_CONNECT, $get);
// If the socket connected
if ($read) {
$cert = stream_context_get_params($read);
$cert_public_key_obj = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
openssl_x509_export($cert['options']['ssl']['peer_certificate'], $export);
if ($cert_public_key_obj) {
$certificate['success'] = TRUE;
$certificate['expire'] = date('Y-m-d', $cert_public_key_obj['validTo_time_t']);
$certificate['issued_by'] = strip_tags($cert_public_key_obj['issuer']['O']);
$certificate['public_key'] = $export;
} }
}
return $certificate; // Get SSL/TSL certificate (using verify peer false to allow for self-signed certs) for domain on default port
$socket = "ssl://$name:443";
$get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE, "verify_peer" => FALSE,)));
$read = stream_socket_client($socket, $errno, $errstr, 5, STREAM_CLIENT_CONNECT, $get);
// If the socket connected
if ($read) {
$cert = stream_context_get_params($read);
$cert_public_key_obj = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
openssl_x509_export($cert['options']['ssl']['peer_certificate'], $export);
if ($cert_public_key_obj) {
$certificate['success'] = TRUE;
$certificate['expire'] = date('Y-m-d', $cert_public_key_obj['validTo_time_t']);
$certificate['issued_by'] = strip_tags($cert_public_key_obj['issuer']['O']);
$certificate['public_key'] = $export;
}
}
return $certificate;
} }
function strto_AZaz09($string) { function strto_AZaz09($string) {
$string = ucwords(strtolower($string)); $string = ucwords(strtolower($string));
// Replace spaces with _ // Replace spaces with _
//$string = str_replace(' ', '_', $string); //$string = str_replace(' ', '_', $string);
// Gets rid of non-alphanumerics // Gets rid of non-alphanumerics
return preg_replace('/[^A-Za-z0-9_]/', '', $string); return preg_replace('/[^A-Za-z0-9_]/', '', $string);
} }
// Cross-Site Request Forgery check for sensitive functions // Cross-Site Request Forgery check for sensitive functions
// Validates the CSRF token provided matches the one in the users session // Validates the CSRF token provided matches the one in the users session
function validateCSRFToken($token) { function validateCSRFToken($token) {
if (hash_equals($token, $_SESSION['csrf_token'])) { if (hash_equals($token, $_SESSION['csrf_token'])) {
return true; return true;
} }
else{ else{
$_SESSION['alert_type'] = "warning"; $_SESSION['alert_type'] = "warning";
$_SESSION['alert_message'] = "CSRF token verification failed. Try again, or log out to refresh your token."; $_SESSION['alert_message'] = "CSRF token verification failed. Try again, or log out to refresh your token.";
header("Location: index.php"); header("Location: index.php");
exit(); exit();
} }
} }
/* /*
@ -467,71 +467,72 @@ function validateCSRFToken($token) {
*/ */
function validateAdminRole() { function validateAdminRole() {
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] != 3) { if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] != 3) {
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
exit(); exit();
} }
} }
function validateTechRole() { function validateTechRole() {
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 1) { if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 1) {
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
exit(); exit();
} }
} }
function validateAccountantRole() { function validateAccountantRole() {
if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 2) { if (!isset($_SESSION['user_role']) || $_SESSION['user_role'] == 2) {
$_SESSION['alert_type'] = "danger"; $_SESSION['alert_type'] = "danger";
$_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED; $_SESSION['alert_message'] = WORDING_ROLECHECK_FAILED;
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
exit(); exit();
} }
} }
// Send a single email to a single recipient // Send a single email to a single recipient
function sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port, $from_email, $from_name, $to_email, $to_name, $subject, $body) { function sendSingleEmail($config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port, $from_email, $from_name, $to_email, $to_name, $subject, $body) {
$mail = new PHPMailer(true); $mail = new PHPMailer(true);
try{ try{
// Mail Server Settings // Mail Server Settings
$mail->SMTPDebug = 0; // No Debugging $mail->SMTPDebug = 0; // No Debugging
$mail->isSMTP(); // Set mailer to use SMTP $mail->isSMTP(); // Set mailer to use SMTP
$mail->Host = $config_smtp_host; // Specify SMTP server $mail->Host = $config_smtp_host; // Specify SMTP server
$mail->SMTPAuth = true; // Enable SMTP authentication $mail->SMTPAuth = true; // Enable SMTP authentication
$mail->Username = $config_smtp_username; // SMTP username $mail->Username = $config_smtp_username; // SMTP username
$mail->Password = $config_smtp_password; // SMTP password $mail->Password = $config_smtp_password; // SMTP password
$mail->SMTPSecure = $config_smtp_encryption; // Enable TLS encryption, `ssl` also accepted $mail->SMTPSecure = $config_smtp_encryption; // Enable TLS encryption, `ssl` also accepted
$mail->Port = $config_smtp_port; // TCP port to connect to $mail->Port = $config_smtp_port; // TCP port to connect to
//Recipients //Recipients
$mail->setFrom($from_email, $from_name); $mail->setFrom($from_email, $from_name);
$mail->addAddress("$to_email", "$to_name"); // Add a recipient $mail->addAddress("$to_email", "$to_name"); // Add a recipient
// Content // Content
$mail->Subject = "$subject"; // Subject $mail->isHTML(true); // Set email format to HTML
$mail->Body = "$body"; // Content $mail->Subject = "$subject"; // Subject
$mail->Body = "$body"; // Content
// Attachments - todo // Attachments - todo
//$mail->addAttachment('/var/tmp/file.tar.gz'); // Add attachments //$mail->addAttachment('/var/tmp/file.tar.gz'); // Add attachments
//$mail->addAttachment('/tmp/image.jpg', 'new.jpg'); // Optional name //$mail->addAttachment('/tmp/image.jpg', 'new.jpg'); // Optional name
// Send // Send
$mail->send(); $mail->send();
// Return true if this was successful // Return true if this was successful
return true; return true;
} }
catch(Exception $e) { catch(Exception $e) {
// If we couldn't send the message return the error, so we can log it // If we couldn't send the message return the error, so we can log it
return "Message not sent. Mailer Error: {$mail->ErrorInfo}"; return "Message not sent. Mailer Error: {$mail->ErrorInfo}";
} }
} }