AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Default get_ip to REMOTE_ADDR, option to set it to

This commit is contained in:
Marcus Hill 2022-03-20 07:51:42 +00:00
parent e391027a46
commit e09ea58bd4
1 changed files with 262 additions and 265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

527
functions.php
View File

@ -2,40 +2,40 @@
function keygen() function keygen()
{ {
$chars = "abcdefghijklmnopqrstuvwxyz"; $chars = "abcdefghijklmnopqrstuvwxyz";
$chars .= "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $chars .= "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$chars .= "0123456789"; $chars .= "0123456789";
while (1) { while (1) {
$key = ''; $key = '';
srand((double) microtime() * 1000000); srand((double) microtime() * 1000000);
for ($i = 0; $i < 16; $i++) { for ($i = 0; $i < 16; $i++) {
$key .= substr($chars, (rand() % (strlen($chars))), 1); $key .= substr($chars, (rand() % (strlen($chars))), 1);
}
break;
} }
return $key; break;
}
return $key;
} }
function key32gen() function key32gen()
{ {
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$chars .= "234567"; $chars .= "234567";
while (1) { while (1) {
$key = ''; $key = '';
srand((double) microtime() * 1000000); srand((double) microtime() * 1000000);
for ($i = 0; $i < 32; $i++) { for ($i = 0; $i < 32; $i++) {
$key .= substr($chars, (rand() % (strlen($chars))), 1); $key .= substr($chars, (rand() % (strlen($chars))), 1);
}
break;
} }
return $key; break;
}
return $key;
} }
function initials($str) { function initials($str) {
$ret = ''; $ret = '';
foreach (explode(' ', $str) as $word) foreach (explode(' ', $str) as $word)
$ret .= strtoupper($word[0]); $ret .= strtoupper($word[0]);
return $ret; return $ret;
} }
function removeDirectory($path) { function removeDirectory($path) {
@ -48,226 +48,223 @@ function removeDirectory($path) {
} }
function get_user_agent() { function get_user_agent() {
return $_SERVER['HTTP_USER_AGENT']; return $_SERVER['HTTP_USER_AGENT'];
} }
function get_ip() { function get_ip() {
$mainIp = ''; if(defined("CONST_GET_IP_METHOD")){
if (getenv('HTTP_CLIENT_IP')) if(CONST_GET_IP_METHOD == "HTTP_X_FORWARDED_FOR"){
$mainIp = getenv('HTTP_CLIENT_IP'); $ip = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED_FOR')) }
$mainIp = getenv('HTTP_X_FORWARDED_FOR'); else{
else if(getenv('HTTP_X_FORWARDED')) $ip = getenv('REMOTE_ADDR');
$mainIp = getenv('HTTP_X_FORWARDED'); }
else if(getenv('HTTP_FORWARDED_FOR')) }
$mainIp = getenv('HTTP_FORWARDED_FOR'); else{
else if(getenv('HTTP_FORWARDED')) $ip = getenv('REMOTE_ADDR');
$mainIp = getenv('HTTP_FORWARDED'); }
else if(getenv('REMOTE_ADDR'))
$mainIp = getenv('REMOTE_ADDR'); return $ip;
else
$mainIp = 'UNKNOWN';
return $mainIp;
} }
function get_web_browser() { function get_web_browser() {
$user_agent = get_user_agent(); $user_agent = get_user_agent();
$browser = "Unknown Browser"; $browser = "Unknown Browser";
$browser_array = array( $browser_array = array(
'/msie/i' => 'Internet Explorer', '/msie/i' => 'Internet Explorer',
'/Trident/i' => 'Internet Explorer', '/Trident/i' => 'Internet Explorer',
'/firefox/i' => 'Firefox', '/firefox/i' => 'Firefox',
'/safari/i' => 'Safari', '/safari/i' => 'Safari',
'/chrome/i' => 'Chrome', '/chrome/i' => 'Chrome',
'/edge/i' => 'Edge', '/edge/i' => 'Edge',
'/opera/i' => 'Opera', '/opera/i' => 'Opera',
'/netscape/i' => 'Netscape', '/netscape/i' => 'Netscape',
'/maxthon/i' => 'Maxthon', '/maxthon/i' => 'Maxthon',
'/konqueror/i' => 'Konqueror', '/konqueror/i' => 'Konqueror',
'/ubrowser/i' => 'UC Browser', '/ubrowser/i' => 'UC Browser',
); );
foreach ($browser_array as $regex => $value) { foreach ($browser_array as $regex => $value) {
if (preg_match($regex, $user_agent)) { if (preg_match($regex, $user_agent)) {
$browser = $value; $browser = $value;
}
} }
return $browser; }
return $browser;
} }
function get_os() { function get_os() {
$user_agent = get_user_agent(); $user_agent = get_user_agent();
$os_platform = "Unknown OS"; $os_platform = "Unknown OS";
$os_array = array( $os_array = array(
'/windows nt 10/i' => 'Windows 10', '/windows nt 10/i' => 'Windows 10',
'/windows nt 6.3/i' => 'Windows 8.1', '/windows nt 6.3/i' => 'Windows 8.1',
'/windows nt 6.2/i' => 'Windows 8', '/windows nt 6.2/i' => 'Windows 8',
'/windows nt 6.1/i' => 'Windows 7', '/windows nt 6.1/i' => 'Windows 7',
'/windows nt 6.0/i' => 'Windows Vista', '/windows nt 6.0/i' => 'Windows Vista',
'/windows nt 5.2/i' => 'Windows Server 2003/XP x64', '/windows nt 5.2/i' => 'Windows Server 2003/XP x64',
'/windows nt 5.1/i' => 'Windows XP', '/windows nt 5.1/i' => 'Windows XP',
'/windows xp/i' => 'Windows XP', '/windows xp/i' => 'Windows XP',
'/macintosh|mac os x/i' => 'MacOS', '/macintosh|mac os x/i' => 'MacOS',
'/linux/i' => 'Linux', '/linux/i' => 'Linux',
'/ubuntu/i' => 'Ubuntu', '/ubuntu/i' => 'Ubuntu',
'/iphone/i' => 'iPhone', '/iphone/i' => 'iPhone',
'/ipod/i' => 'iPod', '/ipod/i' => 'iPod',
'/ipad/i' => 'iPad', '/ipad/i' => 'iPad',
'/android/i' => 'Android', '/android/i' => 'Android',
'/blackberry/i' => 'BlackBerry', '/blackberry/i' => 'BlackBerry',
'/webos/i' => 'Mobile' '/webos/i' => 'Mobile'
); );
foreach ($os_array as $regex => $value) { foreach ($os_array as $regex => $value) {
if (preg_match($regex, $user_agent)) { if (preg_match($regex, $user_agent)) {
$os_platform = $value; $os_platform = $value;
} }
} }
return $os_platform; return $os_platform;
} }
function get_device(){ function get_device(){
$tablet_browser = 0; $tablet_browser = 0;
$mobile_browser = 0; $mobile_browser = 0;
if (preg_match('/(tablet|ipad|playbook)|(android(?!.*(mobi|opera mini)))/i', strtolower($_SERVER['HTTP_USER_AGENT']))) { if (preg_match('/(tablet|ipad|playbook)|(android(?!.*(mobi|opera mini)))/i', strtolower($_SERVER['HTTP_USER_AGENT']))) {
$tablet_browser++; $tablet_browser++;
}
if (preg_match('/(up.browser|up.link|mmp|symbian|smartphone|midp|wap|phone|android|iemobile)/i', strtolower($_SERVER['HTTP_USER_AGENT']))) {
$mobile_browser++;
}
if ((strpos(strtolower($_SERVER['HTTP_ACCEPT']),'application/vnd.wap.xhtml+xml') > 0) or ((isset($_SERVER['HTTP_X_WAP_PROFILE']) or isset($_SERVER['HTTP_PROFILE'])))) {
$mobile_browser++;
}
$mobile_ua = strtolower(substr(get_user_agent(), 0, 4));
$mobile_agents = array(
'w3c ','acs-','alav','alca','amoi','audi','avan','benq','bird','blac',
'blaz','brew','cell','cldc','cmd-','dang','doco','eric','hipt','inno',
'ipaq','java','jigs','kddi','keji','leno','lg-c','lg-d','lg-g','lge-',
'maui','maxo','midp','mits','mmef','mobi','mot-','moto','mwbp','nec-',
'newt','noki','palm','pana','pant','phil','play','port','prox',
'qwap','sage','sams','sany','sch-','sec-','send','seri','sgh-','shar',
'sie-','siem','smal','smar','sony','sph-','symb','t-mo','teli','tim-',
'tosh','tsm-','upg1','upsi','vk-v','voda','wap-','wapa','wapi','wapp',
'wapr','webc','winw','winw','xda ','xda-');
if (in_array($mobile_ua,$mobile_agents)) {
$mobile_browser++;
}
if (strpos(strtolower(get_user_agent()),'opera mini') > 0) {
$mobile_browser++;
//Check for tablets on opera mini alternative headers
$stock_ua = strtolower(isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])?$_SERVER['HTTP_X_OPERAMINI_PHONE_UA']:(isset($_SERVER['HTTP_DEVICE_STOCK_UA'])?$_SERVER['HTTP_DEVICE_STOCK_UA']:''));
if (preg_match('/(tablet|ipad|playbook)|(android(?!.*mobile))/i', $stock_ua)) {
$tablet_browser++;
} }
if (preg_match('/(up.browser|up.link|mmp|symbian|smartphone|midp|wap|phone|android|iemobile)/i', strtolower($_SERVER['HTTP_USER_AGENT']))) { }
$mobile_browser++; if ($tablet_browser > 0) {
} //do something for tablet devices
if ((strpos(strtolower($_SERVER['HTTP_ACCEPT']),'application/vnd.wap.xhtml+xml') > 0) or ((isset($_SERVER['HTTP_X_WAP_PROFILE']) or isset($_SERVER['HTTP_PROFILE'])))) { return 'Tablet';
$mobile_browser++; }
} else if ($mobile_browser > 0) {
$mobile_ua = strtolower(substr(get_user_agent(), 0, 4)); //do something for mobile devices
$mobile_agents = array( return 'Mobile';
'w3c ','acs-','alav','alca','amoi','audi','avan','benq','bird','blac', }
'blaz','brew','cell','cldc','cmd-','dang','doco','eric','hipt','inno', else {
'ipaq','java','jigs','kddi','keji','leno','lg-c','lg-d','lg-g','lge-', //do something for everything else
'maui','maxo','midp','mits','mmef','mobi','mot-','moto','mwbp','nec-', return 'Computer';
'newt','noki','palm','pana','pant','phil','play','port','prox', }
'qwap','sage','sams','sany','sch-','sec-','send','seri','sgh-','shar',
'sie-','siem','smal','smar','sony','sph-','symb','t-mo','teli','tim-',
'tosh','tsm-','upg1','upsi','vk-v','voda','wap-','wapa','wapi','wapp',
'wapr','webc','winw','winw','xda ','xda-');
if (in_array($mobile_ua,$mobile_agents)) {
$mobile_browser++;
}
if (strpos(strtolower(get_user_agent()),'opera mini') > 0) {
$mobile_browser++;
//Check for tablets on opera mini alternative headers
$stock_ua = strtolower(isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA'])?$_SERVER['HTTP_X_OPERAMINI_PHONE_UA']:(isset($_SERVER['HTTP_DEVICE_STOCK_UA'])?$_SERVER['HTTP_DEVICE_STOCK_UA']:''));
if (preg_match('/(tablet|ipad|playbook)|(android(?!.*mobile))/i', $stock_ua)) {
$tablet_browser++;
}
}
if ($tablet_browser > 0) {
//do something for tablet devices
return 'Tablet';
}
else if ($mobile_browser > 0) {
//do something for mobile devices
return 'Mobile';
}
else {
//do something for everything else
return 'Computer';
}
} }
function truncate($text, $chars) { function truncate($text, $chars) {
if (strlen($text) <= $chars) { if (strlen($text) <= $chars) {
return $text;
}
$text = $text." ";
$text = substr($text,0,$chars);
$text = substr($text,0,strrpos($text,' '));
$text = $text."...";
return $text; return $text;
}
$text = $text." ";
$text = substr($text,0,$chars);
$text = substr($text,0,strrpos($text,' '));
$text = $text."...";
return $text;
} }
function get_otp($secret_seed) { function get_otp($secret_seed) {
//TOTP seed (String representation) //TOTP seed (String representation)
$otp = ''; $otp = '';
//number of seconds of otp period //number of seconds of otp period
$time_window = 30; $time_window = 30;
//time formating to epoch //time formating to epoch
$exact_time = microtime(true); $exact_time = microtime(true);
$rounded_time = floor($exact_time/$time_window); $rounded_time = floor($exact_time/$time_window);
//binary represetation of time without padding //binary represetation of time without padding
$packed_time = pack("N", $rounded_time); $packed_time = pack("N", $rounded_time);
//binary representation of time with padding //binary representation of time with padding
$padded_packed_time = str_pad($packed_time,8, chr(0), STR_PAD_LEFT); $padded_packed_time = str_pad($packed_time,8, chr(0), STR_PAD_LEFT);
//binary representation of seed //binary representation of seed
$packed_secret_seed = pack("H*", $secret_seed); $packed_secret_seed = pack("H*", $secret_seed);
//HMAC SHA1 hash (time + seed) //HMAC SHA1 hash (time + seed)
$hash = hash_hmac ('sha1', $padded_packed_time, $packed_secret_seed, true); $hash = hash_hmac ('sha1', $padded_packed_time, $packed_secret_seed, true);
$offset = ord($hash[19]) & 0xf; $offset = ord($hash[19]) & 0xf;
$otp = ( $otp = (
((ord($hash[$offset+0]) & 0x7f) << 24 ) | ((ord($hash[$offset+0]) & 0x7f) << 24 ) |
((ord($hash[$offset+1]) & 0xff) << 16 ) | ((ord($hash[$offset+1]) & 0xff) << 16 ) |
((ord($hash[$offset+2]) & 0xff) << 8 ) | ((ord($hash[$offset+2]) & 0xff) << 8 ) |
(ord($hash[$offset+3]) & 0xff) (ord($hash[$offset+3]) & 0xff)
) % pow(10, 6); ) % pow(10, 6);
//adding pad to otp, in order to assure a "6" digits //adding pad to otp, in order to assure a "6" digits
$otp = str_pad($otp, 6, "0", STR_PAD_LEFT); $otp = str_pad($otp, 6, "0", STR_PAD_LEFT);
return $otp; return $otp;
} }
function formatPhoneNumber($phoneNumber) { function formatPhoneNumber($phoneNumber) {
$phoneNumber = preg_replace('/[^0-9]/','',$phoneNumber); $phoneNumber = preg_replace('/[^0-9]/','',$phoneNumber);
if(strlen($phoneNumber) > 10) { if(strlen($phoneNumber) > 10) {
$countryCode = substr($phoneNumber, 0, strlen($phoneNumber)-10); $countryCode = substr($phoneNumber, 0, strlen($phoneNumber)-10);
$areaCode = substr($phoneNumber, -10, 3); $areaCode = substr($phoneNumber, -10, 3);
$nextThree = substr($phoneNumber, -7, 3); $nextThree = substr($phoneNumber, -7, 3);
$lastFour = substr($phoneNumber, -4, 4); $lastFour = substr($phoneNumber, -4, 4);
$phoneNumber = '+'.$countryCode.' ('.$areaCode.') '.$nextThree.'-'.$lastFour; $phoneNumber = '+'.$countryCode.' ('.$areaCode.') '.$nextThree.'-'.$lastFour;
} }
else if(strlen($phoneNumber) == 10) { else if(strlen($phoneNumber) == 10) {
$areaCode = substr($phoneNumber, 0, 3); $areaCode = substr($phoneNumber, 0, 3);
$nextThree = substr($phoneNumber, 3, 3); $nextThree = substr($phoneNumber, 3, 3);
$lastFour = substr($phoneNumber, 6, 4); $lastFour = substr($phoneNumber, 6, 4);
$phoneNumber = '('.$areaCode.') '.$nextThree.'-'.$lastFour; $phoneNumber = '('.$areaCode.') '.$nextThree.'-'.$lastFour;
} }
else if(strlen($phoneNumber) == 7) { else if(strlen($phoneNumber) == 7) {
$nextThree = substr($phoneNumber, 0, 3); $nextThree = substr($phoneNumber, 0, 3);
$lastFour = substr($phoneNumber, 3, 4); $lastFour = substr($phoneNumber, 3, 4);
$phoneNumber = $nextThree.'-'.$lastFour; $phoneNumber = $nextThree.'-'.$lastFour;
} }
return $phoneNumber; return $phoneNumber;
} }
function mkdir_missing($dir) { function mkdir_missing($dir) {
if (!is_dir($dir)) { if (!is_dir($dir)) {
mkdir($dir); mkdir($dir);
} }
} }
//Called during initial setup //Called during initial setup
//Encrypts the master key with the user's password //Encrypts the master key with the user's password
function setupFirstUserSpecificKey($user_password, $site_encryption_master_key){ function setupFirstUserSpecificKey($user_password, $site_encryption_master_key){
$iv = keygen(); $iv = keygen();
$salt = keygen(); $salt = keygen();
//Generate 128-bit (16 byte/char) kdhash of the users password //Generate 128-bit (16 byte/char) kdhash of the users password
$user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16); $user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16);
//Encrypt the master key with the users kdf'd hash and the IV //Encrypt the master key with the users kdf'd hash and the IV
$ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_password_kdhash, 0, $iv); $ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_password_kdhash, 0, $iv);
$user_encryption_ciphertext = $salt . $iv . $ciphertext; $user_encryption_ciphertext = $salt . $iv . $ciphertext;
return $user_encryption_ciphertext; return $user_encryption_ciphertext;
} }
/* /*
@ -276,43 +273,43 @@ New Users: Requires the admin setting up their account have the their own Specif
Password Changes: Will use the current info in the session. Password Changes: Will use the current info in the session.
*/ */
function encryptUserSpecificKey($user_password){ function encryptUserSpecificKey($user_password){
$iv = keygen(); $iv = keygen();
$salt = keygen(); $salt = keygen();
//Get the session info. //Get the session info.
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext']; $user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
$user_encryption_session_iv = $_SESSION['user_encryption_session_iv']; $user_encryption_session_iv = $_SESSION['user_encryption_session_iv'];
$user_encryption_session_key = $_COOKIE['user_encryption_session_key']; $user_encryption_session_key = $_COOKIE['user_encryption_session_key'];
//Decrypt the session key to get the master key //Decrypt the session key to get the master key
$site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv); $site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
//Generate 128-bit (16 byte/char) kdhash of the users (new) password //Generate 128-bit (16 byte/char) kdhash of the users (new) password
$user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16); $user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16);
//Encrypt the master key with the users kdf'd hash and the IV //Encrypt the master key with the users kdf'd hash and the IV
$ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_password_kdhash, 0, $iv); $ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_password_kdhash, 0, $iv);
$user_encryption_ciphertext = $salt . $iv . $ciphertext; $user_encryption_ciphertext = $salt . $iv . $ciphertext;
return $user_encryption_ciphertext; return $user_encryption_ciphertext;
} }
//Given a ciphertext (incl. IV) and the user's password, returns the site master key //Given a ciphertext (incl. IV) and the user's password, returns the site master key
//Ran at login, to facilitate generateUserSessionKey //Ran at login, to facilitate generateUserSessionKey
function decryptUserSpecificKey($user_encryption_ciphertext, $user_password){ function decryptUserSpecificKey($user_encryption_ciphertext, $user_password){
//Get the IV, salt and ciphertext //Get the IV, salt and ciphertext
$salt = substr($user_encryption_ciphertext, 0, 16); $salt = substr($user_encryption_ciphertext, 0, 16);
$iv = substr($user_encryption_ciphertext, 16, 16); $iv = substr($user_encryption_ciphertext, 16, 16);
$ciphertext = substr($user_encryption_ciphertext, 32); $ciphertext = substr($user_encryption_ciphertext, 32);
//Generate 128-bit (16 byte/char) kdhash of the users password //Generate 128-bit (16 byte/char) kdhash of the users password
$user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16); $user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16);
//Use this hash to get the original/master key //Use this hash to get the original/master key
$site_encryption_master_key = openssl_decrypt($ciphertext, 'aes-128-cbc', $user_password_kdhash, 0, $iv); $site_encryption_master_key = openssl_decrypt($ciphertext, 'aes-128-cbc', $user_password_kdhash, 0, $iv);
return $site_encryption_master_key; return $site_encryption_master_key;
} }
/* /*
@ -324,79 +321,79 @@ Generates what is probably best described as an session key (ephemeral-ish)
*/ */
function generateUserSessionKey($site_encryption_master_key){ function generateUserSessionKey($site_encryption_master_key){
//Generate both of these using keygen() //Generate both of these using keygen()
$user_encryption_session_key = keygen(); $user_encryption_session_key = keygen();
$user_encryption_session_iv = keygen(); $user_encryption_session_iv = keygen();
$user_encryption_session_ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv); $user_encryption_session_ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
//Store ciphertext in the user's session //Store ciphertext in the user's session
$_SESSION['user_encryption_session_ciphertext'] = $user_encryption_session_ciphertext; $_SESSION['user_encryption_session_ciphertext'] = $user_encryption_session_ciphertext;
$_SESSION['user_encryption_session_iv'] = $user_encryption_session_iv; $_SESSION['user_encryption_session_iv'] = $user_encryption_session_iv;
//Give the user "their" key as a cookie //Give the user "their" key as a cookie
//By default, this should be HTTPS but we can change to HTTP for development via the config.php file (note that the extension won't work without HTTPS) //By default, this should be HTTPS but we can change to HTTP for development via the config.php file (note that the extension won't work without HTTPS)
include('config.php'); include('config.php');
if($config_https_only){ if($config_https_only){
//setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/", "", "true", "true", ['samesite' => 'None']); //setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/", "", "true", "true", ['samesite' => 'None']);
setcookie("user_encryption_session_key", "$user_encryption_session_key", ['path' => '/','secure' => true,'httponly' => true,'samesite' => 'None']); setcookie("user_encryption_session_key", "$user_encryption_session_key", ['path' => '/','secure' => true,'httponly' => true,'samesite' => 'None']);
} }
else{ else{
setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/"); setcookie("user_encryption_session_key", $user_encryption_session_key, 0, "/");
$_SESSION['alert_message'] = "Unencrypted connection flag set: Using non-secure cookies."; $_SESSION['alert_message'] = "Unencrypted connection flag set: Using non-secure cookies.";
} }
} }
//Decrypts an encrypted password (website/asset login), returns it as a string //Decrypts an encrypted password (website/asset login), returns it as a string
function decryptLoginEntry($login_password_ciphertext){ function decryptLoginEntry($login_password_ciphertext){
//Split the login into IV and Ciphertext //Split the login into IV and Ciphertext
$login_iv = substr($login_password_ciphertext, 0, 16); $login_iv = substr($login_password_ciphertext, 0, 16);
$login_ciphertext = $salt = substr($login_password_ciphertext, 16); $login_ciphertext = $salt = substr($login_password_ciphertext, 16);
//Get the user session info. //Get the user session info.
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext']; $user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
$user_encryption_session_iv = $_SESSION['user_encryption_session_iv']; $user_encryption_session_iv = $_SESSION['user_encryption_session_iv'];
$user_encryption_session_key = $_COOKIE['user_encryption_session_key']; $user_encryption_session_key = $_COOKIE['user_encryption_session_key'];
//Decrypt the session key to get the master key //Decrypt the session key to get the master key
$site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv); $site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
//Decrypt the login password using the master key //Decrypt the login password using the master key
$login_password_cleartext = openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv); $login_password_cleartext = openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv);
return $login_password_cleartext; return $login_password_cleartext;
} }
//Encrypts a website/asset login password //Encrypts a website/asset login password
function encryptLoginEntry($login_password_cleartext){ function encryptLoginEntry($login_password_cleartext){
$iv = keygen(); $iv = keygen();
//Get the user session info. //Get the user session info.
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext']; $user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
$user_encryption_session_iv = $_SESSION['user_encryption_session_iv']; $user_encryption_session_iv = $_SESSION['user_encryption_session_iv'];
$user_encryption_session_key = $_COOKIE['user_encryption_session_key']; $user_encryption_session_key = $_COOKIE['user_encryption_session_key'];
//Decrypt the session key to get the master key //Decrypt the session key to get the master key
$site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv); $site_encryption_master_key = openssl_decrypt($user_encryption_session_ciphertext, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
//Encrypt the website/asset login using the master key //Encrypt the website/asset login using the master key
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv); $ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv);
$login_password_ciphertext = $iv . $ciphertext; $login_password_ciphertext = $iv . $ciphertext;
return $login_password_ciphertext; return $login_password_ciphertext;
} }
//For migrating/upgrading to the new encryption scheme //For migrating/upgrading to the new encryption scheme
//Have to supply the master key as the cookie might not be set properly (generally requires a refresh) //Have to supply the master key as the cookie might not be set properly (generally requires a refresh)
function encryptUpgradeLoginEntry($login_password_cleartext, $site_encryption_master_key){ function encryptUpgradeLoginEntry($login_password_cleartext, $site_encryption_master_key){
$iv = keygen(); $iv = keygen();
//Encrypt the website/asset login using the master key //Encrypt the website/asset login using the master key
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv); $ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv);
$login_password_ciphertext = $iv . $ciphertext; $login_password_ciphertext = $iv . $ciphertext;
return $login_password_ciphertext; return $login_password_ciphertext;
} }
?> ?>