mirror of https://github.com/itflow-org/itflow
206 lines
7.3 KiB
PHP
206 lines
7.3 KiB
PHP
<?php
|
|
|
|
/*
|
|
* ITFlow - GET/POST request handler for DB / master key backup
|
|
*/
|
|
|
|
defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
|
|
|
|
require_once "includes/app_version.php";
|
|
|
|
if (!function_exists('zipFolder')) {
|
|
function zipFolder($folderPath, $zipFilePath) {
|
|
$zip = new ZipArchive();
|
|
if ($zip->open($zipFilePath, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== TRUE) {
|
|
error_log("Failed to open zip file: $zipFilePath");
|
|
http_response_code(500);
|
|
exit("Internal Server Error: Cannot open zip archive.");
|
|
}
|
|
|
|
$folderPath = realpath($folderPath);
|
|
if (!$folderPath) {
|
|
error_log("Invalid folder path: $folderPath");
|
|
http_response_code(500);
|
|
exit("Internal Server Error: Invalid folder path.");
|
|
}
|
|
|
|
$files = new RecursiveIteratorIterator(
|
|
new RecursiveDirectoryIterator($folderPath),
|
|
RecursiveIteratorIterator::LEAVES_ONLY
|
|
);
|
|
|
|
foreach ($files as $file) {
|
|
if (!$file->isDir()) {
|
|
$filePath = $file->getRealPath();
|
|
$relativePath = substr($filePath, strlen($folderPath) + 1);
|
|
$zip->addFile($filePath, $relativePath);
|
|
}
|
|
}
|
|
|
|
$zip->close();
|
|
}
|
|
}
|
|
|
|
if (isset($_GET['download_backup'])) {
|
|
validateCSRFToken($_GET['csrf_token']);
|
|
global $mysqli;
|
|
|
|
$session_name = $_SESSION['username'] ?? 'unknown';
|
|
$timestamp = date('YmdHis');
|
|
$baseName = "itflow_$timestamp";
|
|
|
|
// Use temp files
|
|
$sqlFile = tempnam(sys_get_temp_dir(), $baseName . "_sql_");
|
|
$uploadsZip = tempnam(sys_get_temp_dir(), $baseName . "_uploads_");
|
|
$versionFile = tempnam(sys_get_temp_dir(), $baseName . "_version_");
|
|
$finalZip = tempnam(sys_get_temp_dir(), $baseName . "_backup_");
|
|
|
|
// === 1. Generate SQL Dump ===
|
|
$sqlContent = "-- UTF-8 + Foreign Key Safe Dump\n";
|
|
$sqlContent .= "SET NAMES 'utf8mb4';\n";
|
|
$sqlContent .= "SET foreign_key_checks = 0;\n\n";
|
|
|
|
$tables = [];
|
|
$res = $mysqli->query("SHOW TABLES");
|
|
if (!$res) {
|
|
error_log("MySQL Error: " . $mysqli->error);
|
|
exit("Error retrieving tables.");
|
|
}
|
|
|
|
while ($row = $res->fetch_row()) {
|
|
$tables[] = $row[0];
|
|
}
|
|
|
|
foreach ($tables as $table) {
|
|
$createRes = $mysqli->query("SHOW CREATE TABLE `$table`");
|
|
if (!$createRes) {
|
|
error_log("MySQL Error: " . $mysqli->error);
|
|
continue;
|
|
}
|
|
|
|
$createRow = $createRes->fetch_assoc();
|
|
$createSQL = array_values($createRow)[1];
|
|
|
|
$sqlContent .= "\n-- ----------------------------\n";
|
|
$sqlContent .= "-- Table structure for `$table`\n";
|
|
$sqlContent .= "-- ----------------------------\n";
|
|
$sqlContent .= "DROP TABLE IF EXISTS `$table`;\n";
|
|
$sqlContent .= $createSQL . ";\n\n";
|
|
|
|
$dataRes = $mysqli->query("SELECT * FROM `$table`");
|
|
if ($dataRes && $dataRes->num_rows > 0) {
|
|
$sqlContent .= "-- Dumping data for table `$table`\n";
|
|
while ($row = $dataRes->fetch_assoc()) {
|
|
$columns = array_map(fn($col) => '`' . $mysqli->real_escape_string($col) . '`', array_keys($row));
|
|
$values = array_map(function ($val) use ($mysqli) {
|
|
return is_null($val) ? "NULL" : "'" . $mysqli->real_escape_string($val) . "'";
|
|
}, array_values($row));
|
|
$sqlContent .= "INSERT INTO `$table` (" . implode(", ", $columns) . ") VALUES (" . implode(", ", $values) . ");\n";
|
|
}
|
|
$sqlContent .= "\n";
|
|
}
|
|
}
|
|
|
|
$sqlContent .= "SET foreign_key_checks = 1;\n";
|
|
file_put_contents($sqlFile, $sqlContent);
|
|
|
|
// === 2. Zip uploads folder ===
|
|
zipFolder("uploads", $uploadsZip);
|
|
|
|
// === 3. Create version.txt ===
|
|
$commitHash = trim(shell_exec('git log -1 --format=%H')) ?: 'N/A';
|
|
$gitBranch = trim(shell_exec('git rev-parse --abbrev-ref HEAD')) ?: 'N/A';
|
|
|
|
$versionContent = "ITFlow Backup Metadata\n";
|
|
$versionContent .= "-----------------------------\n";
|
|
$versionContent .= "Generated: " . date('Y-m-d H:i:s') . "\n";
|
|
$versionContent .= "Backup File: " . basename($finalZip) . "\n";
|
|
$versionContent .= "Generated By: $session_name\n";
|
|
$versionContent .= "Host: " . gethostname() . "\n";
|
|
$versionContent .= "Git Branch: $gitBranch\n";
|
|
$versionContent .= "Git Commit: $commitHash\n";
|
|
$versionContent .= "ITFlow Version: " . (defined('APP_VERSION') ? APP_VERSION : 'Unknown') . "\n";
|
|
$versionContent .= "Database Version: " . (defined('CURRENT_DATABASE_VERSION') ? CURRENT_DATABASE_VERSION : 'Unknown') . "\n";
|
|
|
|
// Generate SHA256 checksum
|
|
$versionContent .= "Checksum (SHA256): \n";
|
|
|
|
file_put_contents($versionFile, $versionContent); // Add metadata first
|
|
|
|
// === 4. Create final archive ===
|
|
$final = new ZipArchive();
|
|
if ($final->open($finalZip, ZipArchive::CREATE | ZipArchive::OVERWRITE) !== TRUE) {
|
|
error_log("Failed to create final zip: $finalZip");
|
|
http_response_code(500);
|
|
exit("Internal Server Error: Unable to create backup archive.");
|
|
}
|
|
|
|
$final->addFile($sqlFile, "db.sql");
|
|
$final->addFile($uploadsZip, "uploads.zip");
|
|
$final->addFile($versionFile, "version.txt");
|
|
$final->close();
|
|
|
|
// Calculate checksum and re-write version.txt with it
|
|
$checksum = hash_file('sha256', $finalZip);
|
|
file_put_contents($versionFile, $versionContent . "$checksum\n");
|
|
|
|
// === 5. Serve final zip ===
|
|
header('Content-Type: application/zip');
|
|
header('Content-Disposition: attachment; filename="' . basename($finalZip) . '"');
|
|
header('Content-Length: ' . filesize($finalZip));
|
|
header('Pragma: public');
|
|
header('Expires: 0');
|
|
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
|
|
header('Content-Transfer-Encoding: binary');
|
|
|
|
flush();
|
|
$fp = fopen($finalZip, 'rb');
|
|
fpassthru($fp);
|
|
fclose($fp);
|
|
|
|
// === 6. Cleanup temp files ===
|
|
unlink($sqlFile);
|
|
unlink($uploadsZip);
|
|
unlink($versionFile);
|
|
unlink($finalZip);
|
|
|
|
logAction("System", "Backup Download", "$session_name downloaded full backup.");
|
|
$_SESSION['alert_message'] = "Full backup downloaded.";
|
|
exit;
|
|
}
|
|
|
|
if (isset($_POST['backup_master_key'])) {
|
|
|
|
validateCSRFToken($_POST['csrf_token']);
|
|
|
|
$password = $_POST['password'];
|
|
|
|
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $session_user_id");
|
|
$row = mysqli_fetch_array($sql);
|
|
|
|
if (password_verify($password, $row['user_password'])) {
|
|
$site_encryption_master_key = decryptUserSpecificKey($row['user_specific_encryption_ciphertext'], $password);
|
|
|
|
// Logging
|
|
logAction("Master Key", "Download", "$session_name retrieved the master encryption key");
|
|
|
|
// App Notify
|
|
appNotify("Master Key", "$session_name retrieved the master encryption key");
|
|
|
|
echo "==============================";
|
|
echo "<br>Master encryption key:<br>";
|
|
echo "<b>$site_encryption_master_key</b>";
|
|
echo "<br>==============================";
|
|
|
|
} else {
|
|
// Log the failure
|
|
logAction("Master Key", "Download", "$session_name attempted to retrieve the master encryption key but failed");
|
|
|
|
$_SESSION['alert_type'] = "error";
|
|
$_SESSION['alert_message'] = "Incorrect password.";
|
|
|
|
header("Location: " . $_SERVER["HTTP_REFERER"]);
|
|
}
|
|
}
|
|
|