Added encryption by using the openSSL functionality to encrypt the email passwords in the db
--HG-- branch : quitta-gsoc-2013
This commit is contained in:
parent
5174764f2d
commit
d1c1740741
6 changed files with 101 additions and 23 deletions
|
@ -142,38 +142,49 @@ class Mail_Handler{
|
|||
}
|
||||
// Check mail
|
||||
$sGroups = Support_Group::getGroups();
|
||||
|
||||
//decrypt passwords in the db!
|
||||
$crypter = new MyCrypt($cfg['crypt']);
|
||||
foreach($sGroups as $group){
|
||||
$group->setIMAP_Password($crypter->decrypt($cfg['mail']['default_password']));
|
||||
}
|
||||
|
||||
$defaultGroup = new Support_Group();
|
||||
$defaultGroup->setSGroupId(0);
|
||||
$defaultGroup->setGroupEmail($default_groupemail);
|
||||
$defaultGroup->setIMAP_MailServer($cfg['mail']['default_mailserver']);
|
||||
$defaultGroup->setIMAP_Username($cfg['mail']['default_username']);
|
||||
$defaultGroup->setIMAP_Password($cfg['mail']['default_password']);
|
||||
|
||||
|
||||
//add default group to the list
|
||||
$sGroups[] = $defaultGroup;
|
||||
|
||||
foreach($sGroups as $group){
|
||||
$mbox = imap_open($group->getIMAP_MailServer(), $group->getIMAP_Username(), $group->getIMAP_Password()) or die('Cannot connect to mail server: ' . imap_last_error());
|
||||
$message_count = imap_num_msg($mbox);
|
||||
|
||||
for ($i = 1; $i <= $message_count; ++$i) {
|
||||
|
||||
//return task ID
|
||||
$tid = self::incoming_mail_handler($mbox, $i,$group);
|
||||
|
||||
if($tid) {
|
||||
//TODO: base file on Ticket + timestamp
|
||||
$file = fopen($MAIL_DIR."/mail/ticket".$tid.".".time(), 'w');
|
||||
fwrite($file, imap_fetchheader($mbox, $i) . imap_body($mbox, $i));
|
||||
fclose($file);
|
||||
//check if group has mailing stuff filled in!
|
||||
if($group->getGroupEmail() != "" && $group->getIMAP_MailServer() != "" && $group->getIMAP_Username() != "" && $group->getIMAP_Password() != "")
|
||||
$mbox = imap_open($group->getIMAP_MailServer(), $group->getIMAP_Username(), $group->getIMAP_Password()) or die('Cannot connect to mail server: ' . imap_last_error());
|
||||
$message_count = imap_num_msg($mbox);
|
||||
|
||||
for ($i = 1; $i <= $message_count; ++$i) {
|
||||
|
||||
//mark message $i of $mbox for deletion!
|
||||
imap_delete($mbox, $i);
|
||||
//return task ID
|
||||
$tid = self::incoming_mail_handler($mbox, $i,$group);
|
||||
|
||||
if($tid) {
|
||||
//TODO: base file on Ticket + timestamp
|
||||
$file = fopen($MAIL_DIR."/mail/ticket".$tid.".".time(), 'w');
|
||||
fwrite($file, imap_fetchheader($mbox, $i) . imap_body($mbox, $i));
|
||||
fclose($file);
|
||||
|
||||
//mark message $i of $mbox for deletion!
|
||||
imap_delete($mbox, $i);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
//delete marked messages
|
||||
imap_expunge($mbox);
|
||||
imap_close($mbox);
|
||||
}
|
||||
//delete marked messages
|
||||
imap_expunge($mbox);
|
||||
imap_close($mbox);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
<?php
|
||||
|
||||
class MyCrypt{
|
||||
|
||||
private $config;
|
||||
|
||||
function __construct($cryptinfo) {
|
||||
$this->config = $cryptinfo;
|
||||
}
|
||||
|
||||
|
||||
public function encrypt($data) {
|
||||
|
||||
self::check_methods($this->config['enc_method'], $this->config['hash_method']);
|
||||
$iv = self::hashIV($this->config['key'], $this->config['hash_method'], openssl_cipher_iv_length($this->config['enc_method']));
|
||||
$infostr = sprintf('$%s$%s$', $this->config['enc_method'], $this->config['hash_method']);
|
||||
return $infostr . openssl_encrypt($data, $this->config['enc_method'], $this->config['key'], false, $iv);
|
||||
}
|
||||
|
||||
public function decrypt($edata) {
|
||||
$e_arr = explode('$', $edata);
|
||||
if( count($e_arr) != 4 ) {
|
||||
Throw new Exception('Given data is missing crucial sections.');
|
||||
}
|
||||
$this->config['enc_method'] = $e_arr[1];
|
||||
$this->config['hash_method'] = $e_arr[2];
|
||||
self::check_methods($this->config['enc_method'], $this->config['hash_method']);
|
||||
$iv = self::hashIV($this->config['key'], $this->config['hash_method'], openssl_cipher_iv_length($this->config['enc_method']));
|
||||
return openssl_decrypt($e_arr[3], $this->config['enc_method'], $this->config['key'], false, $iv);
|
||||
}
|
||||
|
||||
private static function hashIV($key, $method, $iv_size) {
|
||||
$myhash = hash($method, $key, TRUE);
|
||||
while( strlen($myhash) < $iv_size ) {
|
||||
$myhash .= hash($method, $myhash, TRUE);
|
||||
}
|
||||
return substr($myhash, 0, $iv_size);
|
||||
}
|
||||
|
||||
private static function check_methods($enc, $hash) {
|
||||
|
||||
if( ! function_exists('openssl_encrypt') ) {
|
||||
Throw new Exception('openssl_encrypt() not supported.');
|
||||
} else if( ! in_array($enc, openssl_get_cipher_methods()) ) {
|
||||
Throw new Exception('Encryption method ' . $enc . ' not supported.');
|
||||
} else if( ! in_array(strtolower($hash), hash_algos()) ) {
|
||||
Throw new Exception('Hashing method ' . $hash . ' not supported.');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
|
@ -51,7 +51,12 @@ class Support_Group{
|
|||
$sGroup->setGroupEmail($values['GroupEmail']);
|
||||
$sGroup->setIMAP_MailServer($values['IMAP_MailServer']);
|
||||
$sGroup->setIMAP_Username($values['IMAP_Username']);
|
||||
$sGroup->setIMAP_Password($values['IMAP_Password']);
|
||||
|
||||
//encrypt password!
|
||||
global $cfg;
|
||||
$crypter = new MyCrypt($cfg['crypt']);
|
||||
$enc_password = $crypter->encrypt($values['IMAP_Password']);
|
||||
$sGroup->setIMAP_Password($enc_password);
|
||||
$sGroup->create();
|
||||
|
||||
return "SUCCESS";
|
||||
|
|
|
@ -53,6 +53,10 @@ $SUPPORT_GROUP_IMAP_CRYPTKEY = "azerty";
|
|||
$TICKET_MAILING_SUPPORT = true;
|
||||
$MAIL_DIR = "/tmp";
|
||||
|
||||
$cfg['crypt']['key'] = 'Sup3rS3cr3tStuff';
|
||||
$cfg['crypt']['enc_method'] = 'AES-256-CBC';
|
||||
$cfg['crypt']['hash_method'] = "SHA512";
|
||||
|
||||
//-----------------------------------------------------------------------------------------
|
||||
// If true= the server will add automatically unknown user in the database
|
||||
// (in nel.user= nel.permission= ring.ring_user and ring.characters
|
||||
|
|
|
@ -15,7 +15,12 @@ function modify_email_of_sgroup(){
|
|||
$group->setGroupEmail($groupemail);
|
||||
$group->setIMAP_MailServer(filter_var($_POST['IMAP_MailServer'],FILTER_SANITIZE_STRING));
|
||||
$group->setIMAP_Username(filter_var($_POST['IMAP_Username'],FILTER_SANITIZE_STRING));
|
||||
$group->setIMAP_Password($password);
|
||||
|
||||
//encrypt password!
|
||||
global $cfg;
|
||||
$crypter = new MyCrypt($cfg['crypt']);
|
||||
$enc_password = $crypter->encrypt($password);
|
||||
$group->setIMAP_Password($enc_password);
|
||||
$group->update();
|
||||
$result['RESULT_OF_MODIFYING'] = "SUCCESS";
|
||||
}else{
|
||||
|
|
|
@ -290,7 +290,7 @@
|
|||
`GroupEmail` VARCHAR(45) NULL ,
|
||||
`IMAP_MailServer` VARCHAR(60) NULL ,
|
||||
`IMAP_Username` VARCHAR(45) NULL ,
|
||||
`IMAP_Password` VARCHAR(45) NULL ,
|
||||
`IMAP_Password` VARCHAR(90) NULL ,
|
||||
PRIMARY KEY (`SGroupId`) ,
|
||||
UNIQUE INDEX `Name_UNIQUE` (`Name` ASC) ,
|
||||
UNIQUE INDEX `Tag_UNIQUE` (`Tag` ASC) )
|
||||
|
|
Loading…
Reference in a new issue