Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: Encryption of password in file

Browse Source
This commit is contained in:
Laurent Destailleur
2008-08-13 13:39:30 +00:00
parent 295781bdb1
commit d0891e2850
5 changed files with 44 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
htdocs/admin/security.php
View File

@@ -18,11 +18,11 @@
*/
/**
\file htdocs/admin/security.php
\ingroup setup
\brief Page de configuration du module s<>curit<69>
\version $Id$
*/
* \file htdocs/admin/security.php
* \ingroup setup
* \brief Page de configuration du module s<>curit<69>
* \version $Id$
*/
require("./pre.inc.php");
require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
@@ -95,7 +95,8 @@ if ($_GET["action"] == 'activate_encryptdbpassconf')
$result = encodedecode_dbpassconf(1);
if ($result > 0)
{
dolibarr_set_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED", "1");
// database value not required
//dolibarr_set_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED", "1");
Header("Location: security.php");
exit;
}
@@ -109,7 +110,8 @@ else if ($_GET["action"] == 'disable_encryptdbpassconf')
$result = encodedecode_dbpassconf(0);
if ($result > 0)
{
dolibarr_del_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED");
// database value not required
//dolibarr_del_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED");
Header("Location: security.php");
exit;
}
@@ -311,25 +313,30 @@ $var=!$var;
print "<tr ".$bc[$var].">";
print '<td colspan="3">'.$langs->trans("MainDbPasswordFileConfEncrypted").'</td>';
print '<td align="center" width="60">';
if($conf->global->MAIN_DATABASE_PWD_CONFIG_ENCRYPTED == 1)
if (! empty($dolibarr_main_db_encrypted_pass))
{
print img_tick();
}
print '</td>';
if ($conf->global->MAIN_DATABASE_PWD_CONFIG_ENCRYPTED == 0)
print '<td align="center" width="100">';
if (empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass))
{
print '<td align="center" width="100">';
print '<a href="security.php?action=activate_encryptdbpassconf">'.$langs->trans("Activate").'</a>';
print "</td>";
print img_warning($langs->trans("WarningPassIsEmpty"));
}
if($conf->global->MAIN_DATABASE_PWD_CONFIG_ENCRYPTED == 1)
else
{
print '<td align="center" width="100">';
print '<a href="security.php?action=disable_encryptdbpassconf">'.$langs->trans("Disable").'</a>';
print "</td>";
if (empty($dolibarr_main_db_encrypted_pass))
{
print '<a href="security.php?action=activate_encryptdbpassconf">'.$langs->trans("Activate").'</a>';
}
if (! empty($dolibarr_main_db_encrypted_pass))
{
print '<a href="security.php?action=disable_encryptdbpassconf">'.$langs->trans("Disable").'</a>';
}
}
print "</td>";
print "</td>";
print '</tr>';

4
htdocs/install/etape5.php
View File

@@ -87,12 +87,12 @@ pHeader($langs->trans("SetupEnd"),"etape5");
if ($_POST["action"] == "set" || $_POST["action"] == "upgrade")
{
require_once(DOL_DOCUMENT_ROOT ."/lib/functions.lib.php");
print '<table cellspacing="0" cellpadding="2" width="100%">';
$error=0;
// on d<>code le mot de passe de la base si besoin
require_once(DOL_DOCUMENT_ROOT ."/lib/functions.lib.php");
// decode database pass if needed
if (! empty($dolibarr_main_db_encrypted_pass))
{
require_once(DOL_DOCUMENT_ROOT ."/lib/security.lib.php");

2
htdocs/install/upgrade2.php
View File

@@ -74,7 +74,7 @@ if (isset($_POST['action']) && $_POST['action'] == 'upgrade')
print '<table cellspacing="0" cellpadding="1" border="0" width="100%">';
// on decode le mot de passe de la base si besoin
// decode database pass if needed
if (! empty($dolibarr_main_db_encrypted_pass))
{
require_once($dolibarr_main_document_root."/lib/security.lib.php");

8
htdocs/lib/admin.lib.php
View File

@@ -294,13 +294,13 @@ function dolibarr_get_const($db, $name)
/**
\brief Insertion d'une constante dans la base de données.
\brief Insertion d'une constante dans la base de donnees.
\sa dolibarr_del_const, dolibarr_get_const
\param db Handler d'accés base
\param db Handler d'acces base
\param name Nom de la constante
\param value Valeur de la constante
\param type Type de constante (chaine par défaut)
\param visible La constante est elle visible (0 par défaut)
\param type Type de constante (chaine par defaut)
\param visible La constante est elle visible (0 par defaut)
\param note Explication de la constante
\return int -1 if KO, 1 if OK
*/

22
htdocs/lib/security.lib.php
View File

@@ -53,11 +53,13 @@ function makesalt($type=CRYPT_SALT_LENGTH)
}
/**
\brief Encode\decode database password in config file
\param level Encode level : 0 no enconding, 1 encoding
*/
* \brief Encode\decode database password in config file
* \param level Encode level : 0 no enconding, 1 encoding
* \return int <0 if KO, >0 if OK
*/
function encodedecode_dbpassconf($level=0)
{
dolibarr_syslog("security.lib::encodedecode_dbpassconf level=".$level, LOG_DEBUG);
$config = '';
if ($fp = fopen(DOL_DOCUMENT_ROOT.'/conf/conf.php','r'))
@@ -95,19 +97,21 @@ function encodedecode_dbpassconf($level=0)
}
else
{
dolibarr_syslog("security.lib::encodedecode_dbpassconf Failed to open conf.php file for writing", LOG_WARNING);
return -1;
}
}
else
{
dolibarr_syslog("security.lib::encodedecode_dbpassconf Failed to read conf.php", LOG_ERR);
return -2;
}
}
/**
\brief Encode une chaine de caract<63>re
\param chain chaine de caract<63>res a encoder
\return string_coded chaine de caract<63>res encod<6F>e
* \brief Encode une chaine de caract<63>re
* \param chaine chaine de caract<63>res a encoder
* \return string_coded chaine de caract<63>res encod<6F>e
*/
function dol_encode($chain)
{
@@ -121,9 +125,9 @@ function dol_encode($chain)
}
/**
\brief Decode une chaine de caract<63>re
\param chain chaine de caract<63>res a decoder
\return string_coded chaine de caract<63>res decod<6F>e
* \brief Decode une chaine de caract<63>re
* \param chain chaine de caract<63>res a decoder
* \return string_coded chaine de caract<63>res decod<6F>e
*/
function dol_decode($chain)
{