| 1 |
<?php |
<?php |
| 2 |
// $Id $ |
// $Id $ |
| 3 |
|
|
| 4 |
|
/** |
| 5 |
|
* AES encryption |
| 6 |
|
* @author easyfit (Johan Lindskog) |
| 7 |
|
* @version 6.x-1.3 |
| 8 |
|
*/ |
| 9 |
|
|
| 10 |
define("AES_PASSWORD_MAX_LENGTH", 128); |
define("AES_PASSWORD_MAX_LENGTH", 128); |
| 11 |
|
|
| 12 |
function aes_menu($may_cache) { |
function aes_menu() { |
| 13 |
$items = array(); |
|
| 14 |
|
$items = array(); |
| 15 |
if (!$may_cache) { |
|
| 16 |
$items[] = array( |
$items['admin/settings/aes'] = array( |
| 17 |
'path' => 'admin/settings/aes', |
'title' => 'AES settings', |
| 18 |
'title' => t('AES settings'), |
'description' => 'Configure the AES encryption module.', |
| 19 |
'callback' => 'drupal_get_form', |
'page callback' => 'drupal_get_form', |
| 20 |
'callback arguments' => 'aes_config', |
'page arguments' => array('aes_config'), |
| 21 |
'access' => user_access('administer aes'), |
'access arguments' => array('administer aes'), |
| 22 |
'description' => t('Configure the AES encryption module.'), |
'type' => MENU_NORMAL_ITEM, |
| 23 |
'type' => MENU_NORMAL_ITEM, |
); |
| 24 |
); |
|
| 25 |
|
$items['user/%/password'] = array( |
| 26 |
if (arg(0) == 'user') { |
'title' => 'View password', |
| 27 |
if (aes_password_exists(arg(1)) && (variable_get("aes_viewing_method", "collapsible") == "page" || variable_get("aes_viewing_method", "collapsible") == "both")) { |
'page callback' => 'aes_get_password', |
| 28 |
$items[] = array( |
'page arguments' => array(1, true), |
| 29 |
'path' => 'user/'.arg(1).'/password', |
'access callback' => 'aes_show_password_page', |
| 30 |
'title' => t('View password'), |
'access arguments' => array('view passwords', 1), |
| 31 |
'callback' => 'aes_get_password', |
'type' => MENU_LOCAL_TASK, |
| 32 |
'callback arguments' => array(arg(1), true), |
); |
| 33 |
'access' => user_access('view passwords'), |
|
| 34 |
'type' => MENU_LOCAL_TASK, |
return $items; |
|
); |
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
return $items; |
|
| 35 |
} |
} |
| 36 |
|
|
|
|
|
| 37 |
function aes_perm() { |
function aes_perm() { |
| 38 |
return array('administer aes', 'view passwords'); |
return array('administer aes', 'view passwords'); |
| 39 |
|
} |
| 40 |
|
|
| 41 |
|
function aes_show_password_page($access, $uid) { |
| 42 |
|
|
| 43 |
|
$viewing_method = variable_get("aes_viewing_method", "collapsible"); |
| 44 |
|
|
| 45 |
|
if(user_access($access) && aes_password_exists($uid) && ($viewing_method == "page" || $viewing_method == "both")) { |
| 46 |
|
return true; |
| 47 |
|
} |
| 48 |
|
else { |
| 49 |
|
return false; |
| 50 |
|
} |
| 51 |
} |
} |
| 52 |
|
|
| 53 |
function aes_config() { |
function aes_config() { |
| 54 |
|
|
| 55 |
if (file_exists(variable_get("aes_key_path", "")) && is_writable(variable_get("aes_key_path", "")) == false && variable_get("aes_key_storage_method", "") == "File") { |
if (file_exists(variable_get("aes_key_path", "")) && is_writable(variable_get("aes_key_path", "")) == false && variable_get("aes_key_storage_method", "") == "File") { |
| 56 |
drupal_set_message(t("The keyfile %keyfile_path is not writable. This module needs to be able to write to this file to update the encryption key.", array('%keyfile_path' => variable_get("aes_key_path", ""))), "error"); |
drupal_set_message(t("The keyfile %keyfile_path is not writable. This module needs to be able to write to this file to update the encryption key.", array('%keyfile_path' => variable_get("aes_key_path", ""))), "error"); |
| 57 |
} |
} |
| 58 |
|
|
| 59 |
$form = array(); |
$form = array(); |
| 60 |
|
|
| 61 |
$form['aes'] = array( |
$form['aes'] = array( |
| 62 |
'#type' => 'fieldset', |
'#type' => 'fieldset', |
| 63 |
'#title' => t('AES settings'), |
'#title' => t('AES settings'), |
| 64 |
'#collapsible' => false, |
'#collapsible' => false, |
| 65 |
); |
); |
| 66 |
|
|
| 67 |
|
$form['aes']['aes_convert'] = array( |
| 68 |
$form['aes']['aes_convert'] = array( |
'#type' => 'checkbox', |
| 69 |
'#type' => 'checkbox', |
'#title' => t('Create AES passwords'), |
| 70 |
'#title' => t('Create AES passwords'), |
'#default_value' => (variable_get("aes_convert", "false") == "true") ? true : false, |
| 71 |
'#default_value' => (variable_get("aes_convert", "false") == "true") ? true : false, |
'#description' => t('Check this box if you would like to start creating AES passwords. Note that this is a process since we can only get an existing users password in plain text at the moment this user logs in. In other words, you won\'t be able to view an existing users password until that user has logged in at least once after you checked this box.'), |
| 72 |
'#description' => t('Check this box if you would like to start creating AES passwords. Note that this is a process since we can only get an existing users password in plain text at the moment this user logs in. In other words, you won\'t be able to view an existing users password until that user has logged in at least once after you checked this box.'), |
); |
| 73 |
); |
|
| 74 |
|
$form['aes']['view_method'] = array( |
| 75 |
$form['aes']['view_method'] = array( |
'#type' => 'select', |
| 76 |
'#type' => 'select', |
'#title' => t('Method for viewing passwords'), |
| 77 |
'#title' => t('Method for viewing passwords'), |
'#options' => array('collapsible' => t('Collapsible box'), 'page' => t('Own page'), 'both' => t('Both')), |
| 78 |
'#options' => array('collapsible' => t('Sliding frame'), 'page' => t('Own page'), 'both' => t('Both')), |
'#default_value' => variable_get("aes_viewing_method", "collapsible"), |
| 79 |
'#default_value' => variable_get("aes_viewing_method", "collapsible"), |
'#description' => t('Wether to show the password as a collapsible box on the user info page (collapsed/hidden by default) or on a separate page with a tab on the user page, or both.'), |
| 80 |
'#description' => t('Wether to show the password as a sliding frame on the user info page (hidden by default) or on a separate page with a tab on the user page, or both.'), |
); |
| 81 |
); |
|
| 82 |
|
$form['aes']['aes_cipher'] = array( |
| 83 |
$form['aes']['aes_cipher'] = array( |
'#type' => 'select', |
| 84 |
'#type' => 'select', |
'#title' => t('Cipher'), |
| 85 |
'#title' => t('Cipher'), |
'#options' => array('rijndael-128' => 'Rijndael 128', 'rijndael-192' => 'Rijndael 192', 'rijndael-256' => 'Rijndael 256'), |
| 86 |
'#options' => array('rijndael-128' => 'Rijndael 128', 'rijndael-192' => 'Rijndael 192', 'rijndael-256' => 'Rijndael 256'), |
'#default_value' => variable_get("aes_cipher", "rijndael-128"), |
| 87 |
'#default_value' => variable_get("aes_cipher", "rijndael-128"), |
); |
| 88 |
); |
|
| 89 |
|
$form['aes']['aes_key_storage_method'] = array( |
| 90 |
$form['aes']['aes_key_storage_method'] = array( |
'#type' => 'select', |
| 91 |
'#type' => 'select', |
'#title' => t('Key storage method'), |
| 92 |
'#title' => t('Key storage method'), |
'#options' => array('Database' => 'Database', 'File' => 'File'), |
| 93 |
'#options' => array('Database' => 'Database', 'File' => 'File'), |
'#default_value' => variable_get("aes_key_storage_method", ""), |
| 94 |
'#default_value' => variable_get("aes_key_storage_method", ""), |
'#description' => t('If possible, you should use the file storage method and assign a path below.'), |
| 95 |
'#description' => t('If possible, you should use the file storage method and assign a path below.'), |
); |
| 96 |
); |
|
| 97 |
|
$form['aes']['aes_key_path'] = array( |
| 98 |
$form['aes']['aes_key_path'] = array( |
'#type' => 'textfield', |
| 99 |
'#type' => 'textfield', |
'#title' => t('Path to keyfile'), |
| 100 |
'#title' => t('Path to keyfile'), |
'#default_value' => variable_get("aes_key_path", ""), |
| 101 |
'#default_value' => variable_get("aes_key_path", ""), |
'#description' => t('The path, including the filename, of the file in which to store your key. The access restrictions on this file should be set as high as possible while still allowing PHP read/write access.'), |
| 102 |
'#description' => t('The path, including the filename, of the file in which to store your key. The access restrictions on this file should be set as high as possible while still allowing PHP read/write access.'), |
); |
| 103 |
); |
|
| 104 |
|
$form['aes']['aes_key'] = array( |
| 105 |
$form['aes']['aes_key'] = array( |
'#type' => 'password', |
| 106 |
'#type' => 'password', |
'#title' => t('Key'), |
| 107 |
'#title' => t('Key'), |
'#description' => t("The key for your encryption system. You normally don't need to worry about this since this module will generate a key for you if none is specified. However you have the option of using your own custom key here."), |
| 108 |
'#description' => t("The key for your encryption system. You normally don't need to worry about this since this module will generate a key for you if none is specified. However you have the option of using your own custom key here."), |
); |
| 109 |
); |
|
| 110 |
|
$form['aes']['aes_key_c'] = array( |
| 111 |
$form['aes']['aes_key_c'] = array( |
'#type' => 'password', |
| 112 |
'#type' => 'password', |
'#title' => t('Confirm key'), |
| 113 |
'#title' => t('Confirm key'), |
); |
| 114 |
); |
|
| 115 |
|
$form['aes']['submit'] = array( |
| 116 |
$form['aes']['submit'] = array( |
'#type' => 'submit', |
| 117 |
'#type' => 'submit', |
'#value' => t('Save'), |
| 118 |
'#value' => t('Save'), |
); |
| 119 |
); |
|
| 120 |
|
|
| 121 |
|
return $form; |
| 122 |
return $form; |
} |
| 123 |
} |
|
| 124 |
|
function aes_config_validate($form, &$form_state) { |
| 125 |
function aes_config_validate($form_id, $form) { |
|
| 126 |
if (!empty($form['aes_key'])) { |
if(!empty($form_state['values']['aes_key'])) { |
| 127 |
if ($form['aes_key'] !== $form['aes_key_c']) { |
if($form_state['values']['aes_key'] !== $form_state['values']['aes_key_c']) { |
| 128 |
form_set_error("aes_key", t("The encryption keys didn't match.")); |
form_set_error("aes_key", t("The encryption keys didn't match.")); |
| 129 |
} |
} |
| 130 |
} |
} |
| 131 |
|
|
| 132 |
//if the storage method is set to File, check that the file can be openend for writing |
//if the storage method is set to File, check that the file can be openend for writing |
| 133 |
if ($form['aes_key_storage_method'] == "File") { |
if ($form_state['values']['aes_key_storage_method'] == "File") { |
| 134 |
$fp = @fopen($form['aes_key_path'], "a"); |
$fp = @fopen($form_state['values']['aes_key_path'], "a"); |
| 135 |
|
|
| 136 |
if ($fp === false) { |
if ($fp === false) { |
| 137 |
form_set_error("aes_key_path", t("Can't write to the specified location.")); |
form_set_error("aes_key_path", t("Can't write to the specified location.")); |
| 138 |
} |
} |
| 139 |
else { |
else { |
| 140 |
fclose($fp); |
fclose($fp); |
| 141 |
} |
} |
| 142 |
} |
} |
| 143 |
|
|
| 144 |
} |
} |
| 145 |
|
|
| 146 |
function aes_config_submit($form_id, $form) { |
function aes_config_submit($form, &$form_state) { |
| 147 |
if ($form['aes_convert']) { |
if ($form_state['values']['aes_convert']) { |
| 148 |
variable_set("aes_convert", "true"); |
if(variable_get("aes_convert", "true") == "false") { |
| 149 |
} |
variable_set("aes_convert", "true"); |
| 150 |
else { |
drupal_set_message(t("Creation of encrypted passwords enabled.")); |
| 151 |
variable_set("aes_convert", "false"); |
} |
| 152 |
} |
} |
| 153 |
|
else { |
| 154 |
variable_set("aes_key_path", $form['aes_key_path']); |
if(variable_get("aes_convert", "true") == "true") { |
| 155 |
|
variable_set("aes_convert", "false"); |
| 156 |
//check if the storage method has changed |
drupal_set_message(t("Creation of encrypted passwords disabled.")); |
| 157 |
if ($form['aes_key_storage_method'] != variable_get("aes_key_storage_method", "")) { |
} |
| 158 |
//if it has changed, we need to move the key to the new storage |
} |
| 159 |
drupal_set_message(t("Switching key storage method to !method.", array('!method' => $form['aes_key_storage_method']))); |
|
| 160 |
//get the key |
variable_set("aes_key_path", $form_state['values']['aes_key_path']); |
| 161 |
$key = aes_get_key(); |
|
| 162 |
//delete the key from the old storage |
//check if the storage method has changed |
| 163 |
aes_delete_key(variable_get("aes_key_storage_method", "")); |
if ($form_state['values']['aes_key_storage_method'] != variable_get("aes_key_storage_method", "")) { |
| 164 |
//set the new storage |
//if it has changed, we need to move the key to the new storage |
| 165 |
variable_set("aes_key_storage_method", $form['aes_key_storage_method']); |
drupal_set_message(t("Switching key storage method to !method.", array('!method' => $form_state['values']['aes_key_storage_method']))); |
| 166 |
//store the key in its new location |
//get the key |
| 167 |
aes_store_key($key); |
$key = aes_get_key(); |
| 168 |
} |
//delete the key from the old storage |
| 169 |
|
aes_delete_key(variable_get("aes_key_storage_method", "")); |
| 170 |
//if the cipher has changed... |
//set the new storage |
| 171 |
if ($form['aes_cipher'] != variable_get("aes_cipher", "rijndael-128")) { |
variable_set("aes_key_storage_method", $form_state['values']['aes_key_storage_method']); |
| 172 |
$result = db_query("SELECT uid, pass FROM {aes_passwords} WHERE uid != 0"); |
//store the key in its new location |
| 173 |
|
aes_store_key($key); |
| 174 |
$old_cipher = variable_get("aes_cipher", "rijndael-128"); |
} |
| 175 |
variable_set("aes_cipher", $form['aes_cipher']); |
|
| 176 |
$new_cipher = $form['aes_cipher']; |
//if the cipher has changed... |
| 177 |
|
if ($form_state['values']['aes_cipher'] != variable_get("aes_cipher", "rijndael-128")) { |
| 178 |
//get the old iv |
$result = db_query("SELECT uid, pass FROM {aes_passwords} WHERE uid != 0"); |
| 179 |
$old_iv = variable_get("aes_encryption_iv", ""); |
|
| 180 |
//update the cipher the system uses |
$old_cipher = variable_get("aes_cipher", "rijndael-128"); |
| 181 |
variable_set("aes_cipher", $form['aes_cipher']); |
variable_set("aes_cipher", $form_state['values']['aes_cipher']); |
| 182 |
//create a new iv to match the new cipher |
$new_cipher = $form_state['values']['aes_cipher']; |
| 183 |
aes_make_iv(); |
|
| 184 |
//get the new iv |
//get the old iv |
| 185 |
$new_iv = variable_get("aes_encryption_iv", ""); |
$old_iv = variable_get("aes_encryption_iv", ""); |
| 186 |
|
//update the cipher the system uses |
| 187 |
$updates_num = 0; |
variable_set("aes_cipher", $form_state['values']['aes_cipher']); |
| 188 |
while ($user = db_fetch_array($result)) { |
//create a new iv to match the new cipher |
| 189 |
|
aes_make_iv(); |
| 190 |
$plain_pass = trim(aes_decrypt($user['pass'], true, null, $old_cipher, $old_iv)); |
//get the new iv |
| 191 |
$new_pass = aes_encrypt($plain_pass, true, null, $new_cipher, $new_iv); |
$new_iv = variable_get("aes_encryption_iv", ""); |
| 192 |
|
|
| 193 |
$updates_num++; |
$updates_num = 0; |
| 194 |
db_query("UPDATE {aes_passwords} SET pass='%s' WHERE uid=%d", $new_pass, $user['uid']); |
while ($user = db_fetch_array($result)) { |
| 195 |
} |
|
| 196 |
drupal_set_message(t("Updated the passwords of !updates_num users because of a change in cipher.", array('!updates_num' => $updates_num))); |
$plain_pass = trim(aes_decrypt($user['pass'], true, null, $old_cipher, $old_iv)); |
| 197 |
} |
$new_pass = aes_encrypt($plain_pass, true, null, $new_cipher, $new_iv); |
| 198 |
|
|
| 199 |
//if the key has changed... |
$updates_num++; |
| 200 |
if (!empty($form['aes_key'])) { |
db_query("UPDATE {aes_passwords} SET pass='%s' WHERE uid=%d", $new_pass, $user['uid']); |
| 201 |
$old_key = aes_get_key(); |
} |
| 202 |
$result = aes_store_key($form['aes_key']); |
drupal_set_message(t("Updated the passwords of !updates_num users because of a change in cipher.", array('!updates_num' => $updates_num))); |
| 203 |
|
} |
| 204 |
if ($result === false) { |
|
| 205 |
drupal_set_message(t("Failed to write new encryption key! Aborting.")); |
//if the key has changed... |
| 206 |
return; |
if (!empty($form_state['values']['aes_key'])) { |
| 207 |
} |
$old_key = aes_get_key(); |
| 208 |
|
$result = aes_store_key($form_state['values']['aes_key']); |
| 209 |
drupal_set_message(t("Key changed.")); |
|
| 210 |
|
if ($result === false) { |
| 211 |
//since the key has changed we need to re-encrypt all the passwords with the new key (except the anonymous account) |
drupal_set_message(t("Failed to write new encryption key! Aborting.")); |
| 212 |
$a = db_query("SELECT uid, pass FROM {aes_passwords} WHERE uid != 0"); |
return; |
| 213 |
|
} |
| 214 |
$updates_num = 0; |
|
| 215 |
while ($user = db_fetch_array($a)) { |
drupal_set_message(t("Key changed.")); |
| 216 |
$plain_pass = trim(aes_decrypt($user['pass'], true, $old_key)); |
|
| 217 |
$new_pass = aes_encrypt($plain_pass, true, $form['aes_key']); |
//since the key has changed we need to re-encrypt all the passwords with the new key (except the anonymous account) |
| 218 |
$updates_num++; |
$a = db_query("SELECT uid, pass FROM {aes_passwords} WHERE uid != 0"); |
| 219 |
|
|
| 220 |
db_query("UPDATE {aes_passwords} SET pass='%s' WHERE uid=%d", $new_pass, $user['uid']); |
$updates_num = 0; |
| 221 |
} |
while ($user = db_fetch_array($a)) { |
| 222 |
|
$plain_pass = trim(aes_decrypt($user['pass'], true, $old_key)); |
| 223 |
drupal_set_message(t("Updated the passwords of !updates_num users because of a change in key.", array('!updates_num' => $updates_num))); |
$new_pass = aes_encrypt($plain_pass, true, $form_state['values']['aes_key']); |
| 224 |
|
$updates_num++; |
| 225 |
} |
|
| 226 |
|
db_query("UPDATE {aes_passwords} SET pass='%s' WHERE uid=%d", $new_pass, $user['uid']); |
| 227 |
variable_set("aes_viewing_method", $form['view_method']); |
} |
| 228 |
|
|
| 229 |
|
drupal_set_message(t("Updated the passwords of !updates_num users because of a change in key.", array('!updates_num' => $updates_num))); |
| 230 |
|
|
| 231 |
|
} |
| 232 |
|
|
| 233 |
|
variable_set("aes_viewing_method", $form_state['values']['view_method']); |
| 234 |
|
|
| 235 |
} |
} |
| 236 |
|
|
| 237 |
function aes_user($op, &$edit, &$account, $category = null) { |
function aes_user($op, &$edit, &$account, $category = null) { |
| 238 |
if ($op == "view") { |
|
| 239 |
|
if ($op == "view") { |
| 240 |
$info = array(); |
if (user_access('view passwords') && (variable_get("aes_viewing_method", "page") == "collapsible" || variable_get("aes_viewing_method", "page") == "both") && aes_password_exists($account->uid)) { |
| 241 |
$info['AES'] = array(); |
|
| 242 |
|
$account->content['info']['aes_password'] = array( |
| 243 |
if (user_access('view passwords') && (variable_get("aes_viewing_method", "page") == "collapsible" || variable_get("aes_viewing_method", "page") == "both") && aes_password_exists($account->uid)) { |
'#type' => 'user_profile_item', |
| 244 |
$info['AES']['title'] = t('Password'); |
'#title' => t('Password'), |
| 245 |
$info['AES']['class'] = 'member'; |
'#value' => drupal_get_form('aes_view_password_form', aes_get_password($account->uid, true)), |
| 246 |
$info['AES']['value'] = drupal_get_form('view_pw_form', aes_get_password($account->uid, true)); |
); |
| 247 |
return array('Info' => $info); |
} |
| 248 |
} |
|
| 249 |
|
} |
| 250 |
} |
|
| 251 |
|
if ($op == "login") { |
| 252 |
if ($op == "login") { |
if (variable_get("aes_convert", "true") == "true" && aes_password_exists($account->uid) == false) { |
| 253 |
if (variable_get("aes_convert", "true") == "true" && aes_password_exists($account->uid) == false) { |
db_query("INSERT INTO {aes_passwords} (uid, pass) VALUES (%d, '%s')", $account->uid, aes_encrypt($edit['pass'])); |
| 254 |
db_query("INSERT INTO {aes_passwords} (uid, pass) VALUES (%d, '%s')", $account->uid, aes_encrypt($edit['pass'])); |
} |
| 255 |
} |
} |
| 256 |
} |
|
| 257 |
|
if ($op == "update" || $op == "insert") { |
| 258 |
if ($op == "update" || $op == "insert") { |
if (!empty($edit['pass']) && $account->uid) { |
| 259 |
if (!empty($edit['pass']) && $account->uid) { |
|
| 260 |
|
$password = aes_encrypt($edit['pass']); |
| 261 |
$password = aes_encrypt($edit['pass']); |
|
| 262 |
|
if (strlen($password) > AES_PASSWORD_MAX_LENGTH) { |
| 263 |
if (strlen($password) > AES_PASSWORD_MAX_LENGTH) { |
$edit['pass'] = null; |
| 264 |
$edit['pass'] = null; |
drupal_set_message(t("Couldn't update AES password since it's too long.", "error")); |
| 265 |
drupal_set_message(t("Couldn't update AES password since it's too long.", "error")); |
} |
| 266 |
} |
else { |
| 267 |
else { |
//if this user doesn't have a password and creation of enc passwords is enabled, insert one now |
| 268 |
db_query("DELETE FROM {aes_passwords} WHERE uid=%d", $account->uid); |
if(aes_password_exists($account->uid) == false) { |
| 269 |
db_query("INSERT INTO {aes_passwords} (uid, pass) VALUES (%d, '%s')", $account->uid, $password); |
if(variable_get("aes_convert", "true") == "true") { |
| 270 |
} |
db_query("INSERT INTO {aes_passwords} (uid, pass) VALUES (%d, '%s')", $account->uid, $password); |
| 271 |
} |
} |
| 272 |
} |
} |
| 273 |
|
//otherwise update the password - always do this even if the creation of new passwords is disabled |
| 274 |
if ($op == "delete") { |
else { |
| 275 |
db_query("DELETE FROM {aes_passwords} WHERE uid=%d", $account->uid); |
db_query("UPDATE {aes_passwords} SET pass='%s' WHERE uid=%d", $password, $account->uid); |
| 276 |
} |
} |
| 277 |
|
} |
| 278 |
|
} |
| 279 |
|
} |
| 280 |
|
|
| 281 |
|
if ($op == "delete") { |
| 282 |
|
db_query("DELETE FROM {aes_passwords} WHERE uid=%d", $account->uid); |
| 283 |
|
} |
| 284 |
} |
} |
| 285 |
|
|
| 286 |
|
|
| 287 |
function view_pw_form($password) { |
function aes_view_password_form($form, $password) { |
| 288 |
|
|
| 289 |
$form['password'] = array( |
$form['password'] = array( |
| 290 |
'#type' => 'fieldset', |
'#type' => 'fieldset', |
| 291 |
'#title' => t('Show password'), |
'#title' => t('Show password'), |
| 292 |
'#description' => $password, |
'#description' => $password, |
| 293 |
'#collapsible' => true, |
'#collapsible' => true, |
| 294 |
'#collapsed' => true, |
'#collapsed' => true, |
| 295 |
); |
); |
| 296 |
|
|
| 297 |
return $form; |
return $form; |
| 298 |
} |
} |
| 299 |
|
|
| 300 |
function aes_password_exists($uid) { |
function aes_password_exists($uid) { |
| 301 |
return db_num_rows(db_query("SELECT uid FROM {aes_passwords} WHERE uid=%d", $uid)); |
$result = db_query("SELECT uid FROM {aes_passwords} WHERE uid=%d", $uid); |
| 302 |
|
|
| 303 |
|
if(db_fetch_array($result) !== false) { |
| 304 |
|
return true; |
| 305 |
|
} |
| 306 |
|
else { |
| 307 |
|
return false; |
| 308 |
|
} |
| 309 |
} |
} |
| 310 |
|
|
| 311 |
function aes_get_password($uid, $decrypt = false) { |
function aes_get_password($uid, $decrypt = false) { |
| 312 |
$result = db_query("SELECT pass FROM {aes_passwords} WHERE uid=%d", $uid); |
$result = db_query("SELECT pass FROM {aes_passwords} WHERE uid=%d", $uid); |
| 313 |
if (db_num_rows($result) == 1) { |
$user = db_fetch_array($result); |
| 314 |
$user = db_fetch_array($result); |
|
| 315 |
} |
if($user === false) { |
| 316 |
if ($decrypt) { |
return false; |
| 317 |
return trim(aes_decrypt($user['pass'])); |
} |
| 318 |
} |
else { |
| 319 |
else { |
if ($decrypt) { |
| 320 |
return $user['pass']; |
return trim(aes_decrypt($user['pass'])); |
| 321 |
} |
} |
| 322 |
|
else { |
| 323 |
|
return $user['pass']; |
| 324 |
|
} |
| 325 |
|
} |
| 326 |
} |
} |
| 327 |
|
|
| 328 |
function aes_get_key() { |
function aes_get_key() { |
| 329 |
$storage_method = variable_get("aes_key_storage_method", "database"); |
$storage_method = variable_get("aes_key_storage_method", "database"); |
| 330 |
|
|
| 331 |
if ($storage_method == "Database") { |
if ($storage_method == "Database") { |
| 332 |
$key = variable_get("aes_key", false); |
$key = variable_get("aes_key", false); |
| 333 |
if ($key === false) { |
if ($key === false) { |
| 334 |
$key = aes_make_key(); |
$key = aes_make_key(); |
| 335 |
aes_store_key($key); |
aes_store_key($key); |
| 336 |
drupal_set_message(t("AES module made a new key since one couldn't be found by using the database storage method.")); |
if(user_access('administer aes')) { |
| 337 |
} |
drupal_set_message(t("AES module made a new key since one couldn't be found by using the database storage method.")); |
| 338 |
} |
} |
| 339 |
if ($storage_method == "File") { |
watchdog("aes", "AES module made a new key since one couldn't be found by using the database storage method."); |
| 340 |
$key = file_get_contents(variable_get("aes_key_path", "")); |
} |
| 341 |
if ($key === false) { |
} |
| 342 |
$key = aes_make_key(); |
if ($storage_method == "File") { |
| 343 |
aes_store_key($key); |
$key = file_get_contents(variable_get("aes_key_path", "")); |
| 344 |
drupal_set_message(t("AES module made a new key since one couldn't be found by using the file storage method.")); |
if ($key === false) { |
| 345 |
} |
$key = aes_make_key(); |
| 346 |
} |
aes_store_key($key); |
| 347 |
|
if(user_access('administer aes')) { |
| 348 |
return $key; |
drupal_set_message(t("AES module made a new key since one couldn't be found by using the file storage method.")); |
| 349 |
|
} |
| 350 |
|
watchdog("aes", "AES module made a new key since one couldn't be found by using the file storage method."); |
| 351 |
|
} |
| 352 |
|
} |
| 353 |
|
|
| 354 |
|
return $key; |
| 355 |
} |
} |
| 356 |
|
|
| 357 |
function aes_store_key($key) { |
function aes_store_key($key) { |
| 358 |
$storage_method = variable_get("aes_key_storage_method", "Database"); |
$storage_method = variable_get("aes_key_storage_method", "Database"); |
| 359 |
|
|
| 360 |
if ($storage_method == "Database") { |
if ($storage_method == "Database") { |
| 361 |
variable_set("aes_key", $key); |
variable_set("aes_key", $key); |
| 362 |
} |
} |
| 363 |
else if ($storage_method == "File") { |
else if ($storage_method == "File") { |
| 364 |
$fp = fopen(variable_get("aes_key_path", ""), "w"); |
$fp = fopen(variable_get("aes_key_path", ""), "w"); |
| 365 |
if ($fp === false) { |
if ($fp === false) { |
| 366 |
drupal_set_message(t("Couldn't write key to file ".variable_get("aes_key_path", "")), "error"); |
drupal_set_message(t("Couldn't write key to file ".variable_get("aes_key_path", "")), "error"); |
| 367 |
return false; |
return false; |
| 368 |
} |
} |
| 369 |
$key = fwrite($fp, $key); |
$key = fwrite($fp, $key); |
| 370 |
fclose($fp); |
fclose($fp); |
| 371 |
} |
} |
| 372 |
else { |
else { |
| 373 |
drupal_set_message(t("Unknown storage method in AES module."), "error"); |
drupal_set_message(t("Unknown storage method in AES module."), "error"); |
| 374 |
return false; |
return false; |
| 375 |
} |
} |
| 376 |
|
|
| 377 |
return true; |
return true; |
| 378 |
} |
} |
| 379 |
|
|
| 380 |
function aes_delete_key($storage_method) { |
function aes_delete_key($storage_method) { |
| 381 |
|
|
| 382 |
if ($storage_method == "Database") { |
if ($storage_method == "Database") { |
| 383 |
variable_del("aes_key"); |
variable_del("aes_key"); |
| 384 |
} |
} |
| 385 |
if ($storage_method == "File") { |
if ($storage_method == "File") { |
| 386 |
$result = unlink(variable_get("aes_key_path", "")); |
$result = unlink(variable_get("aes_key_path", "")); |
| 387 |
if ($result === false) { |
if ($result === false) { |
| 388 |
drupal_set_message(t("Couldn't delete keyfile!"), "error"); |
drupal_set_message(t("Couldn't delete keyfile!"), "error"); |
| 389 |
} |
} |
| 390 |
} |
} |
| 391 |
} |
} |
| 392 |
|
|
| 393 |
function aes_make_key() { |
function aes_make_key() { |
| 394 |
|
|
| 395 |
$acceptable = false; |
$acceptable = false; |
| 396 |
|
|
| 397 |
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; |
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"; |
| 398 |
|
|
| 399 |
while ($acceptable === false) { |
while ($acceptable === false) { |
| 400 |
|
|
| 401 |
$key = ""; |
$key = ""; |
| 402 |
|
|
| 403 |
while (strlen($key) < 32) { |
while (strlen($key) < 32) { |
| 404 |
$key .= substr($chars, rand(0, strlen($chars)), 1); |
$key .= substr($chars, rand(0, strlen($chars)), 1); |
| 405 |
} |
} |
| 406 |
|
|
| 407 |
$acceptable = true; |
$acceptable = true; |
| 408 |
|
|
| 409 |
//is there at least one lowercase letter? |
//is there at least one lowercase letter? |
| 410 |
$result = preg_match("/.*[a-z].*/", $key); |
$result = preg_match("/.*[a-z].*/", $key); |
| 411 |
|
|
| 412 |
if($result == 0) { |
if($result == 0) { |
| 413 |
$acceptable = false; |
$acceptable = false; |
| 414 |
} |
} |
| 415 |
|
|
| 416 |
//is there at least one uppercase letter? |
//is there at least one uppercase letter? |
| 417 |
$result = preg_match("/.*[A-Z].*/", $key); |
$result = preg_match("/.*[A-Z].*/", $key); |
| 418 |
|
|
| 419 |
if($result == 0) { |
if($result == 0) { |
| 420 |
$acceptable = false; |
$acceptable = false; |
| 421 |
} |
} |
| 422 |
|
|
| 423 |
//is there at least one numeric? |
//is there at least one numeric? |
| 424 |
$result = preg_match("/.*[0-9].*/", $key); |
$result = preg_match("/.*[0-9].*/", $key); |
| 425 |
|
|
| 426 |
if($result == 0) { |
if($result == 0) { |
| 427 |
$acceptable = false; |
$acceptable = false; |
| 428 |
} |
} |
| 429 |
} |
} |
| 430 |
|
|
| 431 |
return $key; |
return $key; |
| 432 |
} |
} |
| 433 |
|
|
| 434 |
function aes_make_iv() { |
function aes_make_iv() { |
| 435 |
|
|
| 436 |
if (strtoupper(substr(PHP_OS, 0, 3)) === "WIN") { |
if (strtoupper(substr(PHP_OS, 0, 3)) === "WIN") { |
| 437 |
$randgen = MCRYPT_RAND; |
$randgen = MCRYPT_RAND; |
| 438 |
} |
} |
| 439 |
else { |
else { |
| 440 |
$randgen = MCRYPT_DEV_URANDOM; |
$randgen = MCRYPT_DEV_URANDOM; |
| 441 |
} |
} |
| 442 |
|
|
| 443 |
$td = mcrypt_module_open(variable_get("aes_cipher", "rijndael-128"), "", MCRYPT_MODE_CBC, ""); |
$td = mcrypt_module_open(variable_get("aes_cipher", "rijndael-128"), "", MCRYPT_MODE_CBC, ""); |
| 444 |
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), $randgen); |
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), $randgen); |
| 445 |
mcrypt_module_close($td); |
mcrypt_module_close($td); |
| 446 |
variable_set("aes_encryption_iv", base64_encode($iv)); |
variable_set("aes_encryption_iv", base64_encode($iv)); |
| 447 |
} |
} |
| 448 |
|
|
| 449 |
/** |
/** |
| 450 |
Encrypts a string. |
Encrypts a string. |
| 451 |
@param $string The string to encrypt. |
@param string $string The string to encrypt. |
| 452 |
@param $base64encode Whether to return the string base64 encoded (recommended for database insertion). |
@param bool $base64encode Whether to return the string base64 encoded (recommended for database insertion). |
| 453 |
@param $custom_key Use this as the key rather than the stored one for this operation. |
@param string $custom_key Use this as the key rather than the stored one for this operation. |
| 454 |
@param $custom_cipher Use this cipher rather than the default one. |
@param string $custom_cipher Use this cipher rather than the default one. |
| 455 |
@param $custom_iv Use this initialization vector instead of the default one. |
@param string $custom_iv Use this initialization vector instead of the default one. |
| 456 |
@return The encrypted string. |
@return string The encrypted string. |
| 457 |
*/ |
*/ |
| 458 |
function aes_encrypt($string, $base64encode = true, $custom_key = null, $custom_cipher = null, $custom_iv = null) { |
function aes_encrypt($string, $base64encode = true, $custom_key = null, $custom_cipher = null, $custom_iv = null) { |
| 459 |
|
|
| 460 |
if ($custom_cipher != null) { |
if ($custom_cipher != null) { |
| 461 |
$cipher = $custom_cipher; |
$cipher = $custom_cipher; |
| 462 |
} |
} |
| 463 |
else { |
else { |
| 464 |
$cipher = variable_get("aes_cipher", "rijndael-128"); |
$cipher = variable_get("aes_cipher", "rijndael-128"); |
| 465 |
} |
} |
| 466 |
|
|
| 467 |
$td = mcrypt_module_open($cipher, "", MCRYPT_MODE_CBC, ""); |
$td = mcrypt_module_open($cipher, "", MCRYPT_MODE_CBC, ""); |
| 468 |
|
|
| 469 |
if ($custom_iv == null) { |
if ($custom_iv == null) { |
| 470 |
$iv = base64_decode(variable_get("aes_encryption_iv", "")); |
$iv = base64_decode(variable_get("aes_encryption_iv", "")); |
| 471 |
} |
} |
| 472 |
else { |
else { |
| 473 |
$iv = base64_decode($custom_iv); |
$iv = base64_decode($custom_iv); |
| 474 |
} |
} |
| 475 |
|
|
| 476 |
if (empty($iv)) { |
if (empty($iv)) { |
| 477 |
aes_make_iv(); |
aes_make_iv(); |
| 478 |
$iv = base64_decode(variable_get("aes_encryption_iv", "")); |
$iv = base64_decode(variable_get("aes_encryption_iv", "")); |
| 479 |
watchdog("aes", t("No initialization vector found while trying to encrypt! This could be a bit of a pain since you might have to reset all the passwords for all users. I've created a new one now and will try to carry on as normal."), WATCHDOG_WARNING); |
watchdog("aes", "No initialization vector found while trying to encrypt! This could be a bit of a pain since you might have to reset all the passwords for all users. I've created a new one now and will try to carry on as normal.", array(), WATCHDOG_WARNING); |
| 480 |
} |
} |
| 481 |
|
|
| 482 |
$ks = mcrypt_enc_get_key_size($td); |
$ks = mcrypt_enc_get_key_size($td); |
| 483 |
|
|
| 484 |
if (!empty($custom_key)) { |
if (!empty($custom_key)) { |
| 485 |
$key = $custom_key; |
$key = $custom_key; |
| 486 |
} |
} |
| 487 |
else { |
else { |
| 488 |
$key = aes_get_key(); |
$key = aes_get_key(); |
| 489 |
} |
} |
| 490 |
|
|
| 491 |
$key = substr(sha1($key), 0, $ks); |
$key = substr(sha1($key), 0, $ks); |
| 492 |
|
|
| 493 |
mcrypt_generic_init($td, $key, $iv); |
mcrypt_generic_init($td, $key, $iv); |
| 494 |
$encrypted = mcrypt_generic($td, $string); |
$encrypted = mcrypt_generic($td, $string); |
| 495 |
mcrypt_generic_deinit($td); |
mcrypt_generic_deinit($td); |
| 496 |
|
|
| 497 |
mcrypt_module_close($td); |
mcrypt_module_close($td); |
| 498 |
|
|
| 499 |
if ($base64encode) { |
if ($base64encode) { |
| 500 |
return base64_encode($encrypted); |
return base64_encode($encrypted); |
| 501 |
} |
} |
| 502 |
else { |
else { |
| 503 |
return $encrypted; |
return $encrypted; |
| 504 |
} |
} |
| 505 |
} |
} |
| 506 |
|
|
| 507 |
/** |
/** |
| 508 |
Decrypts a string of encrypted data. |
Decrypts a string of encrypted data. |
| 509 |
@param $string The string to decrypt. |
@param string $string The string to decrypt. |
| 510 |
@param $base64encoded Whether this encrypted string is base64 encoded or not. |
@param bool $base64encoded Whether this encrypted string is base64 encoded or not. |
| 511 |
@param $custom_key Use this as the key rather than the stored one for this operation. |
@param string $custom_key Use this as the key rather than the stored one for this operation. |
| 512 |
@param $custom_cipher Use this cipher rather than the default one. |
@param string $custom_cipher Use this cipher rather than the default one. |
| 513 |
@param $custom_iv Use this initialization vector instead of the default one. |
@param string $custom_iv Use this initialization vector instead of the default one. |
| 514 |
@return The decrypted string. |
@return string The decrypted string. |
| 515 |
*/ |
*/ |
| 516 |
function aes_decrypt($string, $base64encoded = true, $custom_key = null, $custom_cipher = null, $custom_iv = null) { |
function aes_decrypt($string, $base64encoded = true, $custom_key = null, $custom_cipher = null, $custom_iv = null) { |
| 517 |
if ($base64encoded) { |
if ($base64encoded) { |
| 518 |
$string = base64_decode($string); |
$string = base64_decode($string); |
| 519 |
} |
} |
| 520 |
|
|
| 521 |
if ($custom_cipher != null) { |
if ($custom_cipher != null) { |
| 522 |
$cipher = $custom_cipher; |
$cipher = $custom_cipher; |
| 523 |
} |
} |
| 524 |
else { |
else { |
| 525 |
$cipher = variable_get("aes_cipher", "rijndael-128"); |
$cipher = variable_get("aes_cipher", "rijndael-128"); |
| 526 |
} |
} |
| 527 |
|
|
| 528 |
$td = mcrypt_module_open($cipher, "", MCRYPT_MODE_CBC, ""); |
$td = mcrypt_module_open($cipher, "", MCRYPT_MODE_CBC, ""); |
| 529 |
$ks = mcrypt_enc_get_key_size($td); |
$ks = mcrypt_enc_get_key_size($td); |
| 530 |
|
|
| 531 |
if ($custom_iv == null) { |
if ($custom_iv == null) { |
| 532 |
$iv = base64_decode(variable_get("aes_encryption_iv", "")); |
$iv = base64_decode(variable_get("aes_encryption_iv", "")); |
| 533 |
} |
} |
| 534 |
else { |
else { |
| 535 |
$iv = base64_decode($custom_iv); |
$iv = base64_decode($custom_iv); |
| 536 |
} |
} |
| 537 |
|
|
| 538 |
if (empty($iv)) { |
if (empty($iv)) { |
| 539 |
watchdog("aes", t("No initialization vector found while trying to decrypt. Aborting!"), WATCHDOG_ERROR); |
watchdog("aes", "No initialization vector found while trying to decrypt. Aborting!", array(), WATCHDOG_ERROR); |
| 540 |
} |
} |
| 541 |
|
|
| 542 |
if (!empty($custom_key)) { |
if (!empty($custom_key)) { |
| 543 |
$key = $custom_key; |
$key = $custom_key; |
| 544 |
} |
} |
| 545 |
else { |
else { |
| 546 |
$key = aes_get_key(); |
$key = aes_get_key(); |
| 547 |
} |
} |
| 548 |
|
|
| 549 |
$key = substr(sha1($key), 0, $ks); |
$key = substr(sha1($key), 0, $ks); |
| 550 |
|
|
| 551 |
mcrypt_generic_init($td, $key, $iv); |
mcrypt_generic_init($td, $key, $iv); |
| 552 |
$decrypted = mdecrypt_generic($td, $string); |
$decrypted = mdecrypt_generic($td, $string); |
| 553 |
mcrypt_generic_deinit($td); |
mcrypt_generic_deinit($td); |
| 554 |
|
|
| 555 |
mcrypt_module_close($td); |
mcrypt_module_close($td); |
| 556 |
|
|
| 557 |
return $decrypted; |
return $decrypted; |
| 558 |
} |
} |
| 559 |
|
|
| 560 |
function aes_enable() { |
function aes_enable() { |
| 561 |
if (extension_loaded("mcrypt") === false) { |
if (extension_loaded("mcrypt") === false) { |
| 562 |
drupal_set_message("The mcrypt PHP-extension is not loaded! The AES module can't work without this extension.", "error"); |
drupal_set_message(t("The mcrypt PHP-extension is not loaded! The AES module can't work without this extension."), "error"); |
| 563 |
} |
} |
| 564 |
|
|
| 565 |
$iv = base64_decode(variable_get("aes_encryption_iv", "")); |
$iv = base64_decode(variable_get("aes_encryption_iv", "")); |
| 566 |
|
|
| 567 |
if (empty($iv)) { |
if (empty($iv)) { |
| 568 |
aes_make_iv(); |
aes_make_iv(); |
| 569 |
} |
} |
| 570 |
|
|
| 571 |
} |
} |
Parent Directory
| 
Revision Log
| 
Revision Graph
| 
Patch