Added encryption by using the openSSL functionality to encrypt the email passwords in the db

--HG--
branch : quitta-gsoc-2013
This commit is contained in:
Quitta 2013-08-19 20:22:01 +02:00
parent 5174764f2d
commit d1c1740741
6 changed files with 101 additions and 23 deletions

View file

@ -142,6 +142,13 @@ class Mail_Handler{
}
// Check mail
$sGroups = Support_Group::getGroups();
//decrypt passwords in the db!
$crypter = new MyCrypt($cfg['crypt']);
foreach($sGroups as $group){
$group->setIMAP_Password($crypter->decrypt($cfg['mail']['default_password']));
}
$defaultGroup = new Support_Group();
$defaultGroup->setSGroupId(0);
$defaultGroup->setGroupEmail($default_groupemail);
@ -149,31 +156,35 @@ class Mail_Handler{
$defaultGroup->setIMAP_Username($cfg['mail']['default_username']);
$defaultGroup->setIMAP_Password($cfg['mail']['default_password']);
//add default group to the list
$sGroups[] = $defaultGroup;
foreach($sGroups as $group){
$mbox = imap_open($group->getIMAP_MailServer(), $group->getIMAP_Username(), $group->getIMAP_Password()) or die('Cannot connect to mail server: ' . imap_last_error());
$message_count = imap_num_msg($mbox);
//check if group has mailing stuff filled in!
if($group->getGroupEmail() != "" && $group->getIMAP_MailServer() != "" && $group->getIMAP_Username() != "" && $group->getIMAP_Password() != "")
$mbox = imap_open($group->getIMAP_MailServer(), $group->getIMAP_Username(), $group->getIMAP_Password()) or die('Cannot connect to mail server: ' . imap_last_error());
$message_count = imap_num_msg($mbox);
for ($i = 1; $i <= $message_count; ++$i) {
for ($i = 1; $i <= $message_count; ++$i) {
//return task ID
$tid = self::incoming_mail_handler($mbox, $i,$group);
//return task ID
$tid = self::incoming_mail_handler($mbox, $i,$group);
if($tid) {
//TODO: base file on Ticket + timestamp
$file = fopen($MAIL_DIR."/mail/ticket".$tid.".".time(), 'w');
fwrite($file, imap_fetchheader($mbox, $i) . imap_body($mbox, $i));
fclose($file);
if($tid) {
//TODO: base file on Ticket + timestamp
$file = fopen($MAIL_DIR."/mail/ticket".$tid.".".time(), 'w');
fwrite($file, imap_fetchheader($mbox, $i) . imap_body($mbox, $i));
fclose($file);
//mark message $i of $mbox for deletion!
imap_delete($mbox, $i);
}
//mark message $i of $mbox for deletion!
imap_delete($mbox, $i);
}
//delete marked messages
imap_expunge($mbox);
imap_close($mbox);
}
//delete marked messages
imap_expunge($mbox);
imap_close($mbox);
}
}

View file

@ -0,0 +1,53 @@
<?php
class MyCrypt{
private $config;
function __construct($cryptinfo) {
$this->config = $cryptinfo;
}
public function encrypt($data) {
self::check_methods($this->config['enc_method'], $this->config['hash_method']);
$iv = self::hashIV($this->config['key'], $this->config['hash_method'], openssl_cipher_iv_length($this->config['enc_method']));
$infostr = sprintf('$%s$%s$', $this->config['enc_method'], $this->config['hash_method']);
return $infostr . openssl_encrypt($data, $this->config['enc_method'], $this->config['key'], false, $iv);
}
public function decrypt($edata) {
$e_arr = explode('$', $edata);
if( count($e_arr) != 4 ) {
Throw new Exception('Given data is missing crucial sections.');
}
$this->config['enc_method'] = $e_arr[1];
$this->config['hash_method'] = $e_arr[2];
self::check_methods($this->config['enc_method'], $this->config['hash_method']);
$iv = self::hashIV($this->config['key'], $this->config['hash_method'], openssl_cipher_iv_length($this->config['enc_method']));
return openssl_decrypt($e_arr[3], $this->config['enc_method'], $this->config['key'], false, $iv);
}
private static function hashIV($key, $method, $iv_size) {
$myhash = hash($method, $key, TRUE);
while( strlen($myhash) < $iv_size ) {
$myhash .= hash($method, $myhash, TRUE);
}
return substr($myhash, 0, $iv_size);
}
private static function check_methods($enc, $hash) {
if( ! function_exists('openssl_encrypt') ) {
Throw new Exception('openssl_encrypt() not supported.');
} else if( ! in_array($enc, openssl_get_cipher_methods()) ) {
Throw new Exception('Encryption method ' . $enc . ' not supported.');
} else if( ! in_array(strtolower($hash), hash_algos()) ) {
Throw new Exception('Hashing method ' . $hash . ' not supported.');
}
}
}

View file

@ -51,7 +51,12 @@ class Support_Group{
$sGroup->setGroupEmail($values['GroupEmail']);
$sGroup->setIMAP_MailServer($values['IMAP_MailServer']);
$sGroup->setIMAP_Username($values['IMAP_Username']);
$sGroup->setIMAP_Password($values['IMAP_Password']);
//encrypt password!
global $cfg;
$crypter = new MyCrypt($cfg['crypt']);
$enc_password = $crypter->encrypt($values['IMAP_Password']);
$sGroup->setIMAP_Password($enc_password);
$sGroup->create();
return "SUCCESS";

View file

@ -53,6 +53,10 @@ $SUPPORT_GROUP_IMAP_CRYPTKEY = "azerty";
$TICKET_MAILING_SUPPORT = true;
$MAIL_DIR = "/tmp";
$cfg['crypt']['key'] = 'Sup3rS3cr3tStuff';
$cfg['crypt']['enc_method'] = 'AES-256-CBC';
$cfg['crypt']['hash_method'] = "SHA512";
//-----------------------------------------------------------------------------------------
// If true= the server will add automatically unknown user in the database
// (in nel.user= nel.permission= ring.ring_user and ring.characters

View file

@ -15,7 +15,12 @@ function modify_email_of_sgroup(){
$group->setGroupEmail($groupemail);
$group->setIMAP_MailServer(filter_var($_POST['IMAP_MailServer'],FILTER_SANITIZE_STRING));
$group->setIMAP_Username(filter_var($_POST['IMAP_Username'],FILTER_SANITIZE_STRING));
$group->setIMAP_Password($password);
//encrypt password!
global $cfg;
$crypter = new MyCrypt($cfg['crypt']);
$enc_password = $crypter->encrypt($password);
$group->setIMAP_Password($enc_password);
$group->update();
$result['RESULT_OF_MODIFYING'] = "SUCCESS";
}else{

View file

@ -290,7 +290,7 @@
`GroupEmail` VARCHAR(45) NULL ,
`IMAP_MailServer` VARCHAR(60) NULL ,
`IMAP_Username` VARCHAR(45) NULL ,
`IMAP_Password` VARCHAR(45) NULL ,
`IMAP_Password` VARCHAR(90) NULL ,
PRIMARY KEY (`SGroupId`) ,
UNIQUE INDEX `Name_UNIQUE` (`Name` ASC) ,
UNIQUE INDEX `Tag_UNIQUE` (`Tag` ASC) )