Added encryption by using the openSSL functionality to encrypt the email passwords in the db

--HG-- branch : quitta-gsoc-2013
11 years ago · d1c1740741
parent 5174764f2d
commit d1c1740741
6 changed files with 101 additions and 23 deletions
--- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mail_handler.php
+++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mail_handler.php
@ -142,38 +142,49 @@ class Mail_Handler{
            }
            // Check mail
            $sGroups = Support_Group::getGroups();
+            
+            //decrypt passwords in the db!
+            $crypter = new MyCrypt($cfg['crypt']);     
+            foreach($sGroups as $group){
+                $group->setIMAP_Password($crypter->decrypt($cfg['mail']['default_password'])); 
+            }
+            
            $defaultGroup = new Support_Group();
            $defaultGroup->setSGroupId(0);
            $defaultGroup->setGroupEmail($default_groupemail);
            $defaultGroup->setIMAP_MailServer($cfg['mail']['default_mailserver']);
            $defaultGroup->setIMAP_Username($cfg['mail']['default_username']);
            $defaultGroup->setIMAP_Password($cfg['mail']['default_password']);
-
+            
+            //add default group to the list
            $sGroups[] = $defaultGroup;
            
            foreach($sGroups as $group){
-                $mbox = imap_open($group->getIMAP_MailServer(), $group->getIMAP_Username(), $group->getIMAP_Password()) or die('Cannot connect to mail server: ' . imap_last_error());
-                $message_count = imap_num_msg($mbox);
-        
-                for ($i = 1; $i <= $message_count; ++$i) {
-                    
-                    //return task ID
-                    $tid = self::incoming_mail_handler($mbox, $i,$group);
-        
-                    if($tid) {
-                        //TODO: base file on Ticket + timestamp
-                        $file = fopen($MAIL_DIR."/mail/ticket".$tid.".".time(), 'w');      
-                        fwrite($file, imap_fetchheader($mbox, $i) . imap_body($mbox, $i));     
-                        fclose($file);
+                //check if group has mailing stuff filled in!
+                if($group->getGroupEmail() != "" && $group->getIMAP_MailServer() != "" && $group->getIMAP_Username() != "" && $group->getIMAP_Password() != "")
+                    $mbox = imap_open($group->getIMAP_MailServer(), $group->getIMAP_Username(), $group->getIMAP_Password()) or die('Cannot connect to mail server: ' . imap_last_error());
+                    $message_count = imap_num_msg($mbox);
+            
+                    for ($i = 1; $i <= $message_count; ++$i) {
                        
-                        //mark message $i of $mbox for deletion!
-                        imap_delete($mbox, $i);
+                        //return task ID
+                        $tid = self::incoming_mail_handler($mbox, $i,$group);
+            
+                        if($tid) {
+                            //TODO: base file on Ticket + timestamp
+                            $file = fopen($MAIL_DIR."/mail/ticket".$tid.".".time(), 'w');      
+                            fwrite($file, imap_fetchheader($mbox, $i) . imap_body($mbox, $i));     
+                            fclose($file);
+                            
+                            //mark message $i of $mbox for deletion!
+                            imap_delete($mbox, $i);
+                        }
+    
                    }
-
+                    //delete marked messages
+                    imap_expunge($mbox);  
+                    imap_close($mbox);
                }
-                //delete marked messages
-                imap_expunge($mbox);  
-                imap_close($mbox);
            }
        }
    
--- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mycrypt.php
+++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/mycrypt.php
@ -0,0 +1,53 @@
+<?php
+
+class MyCrypt{
+    
+    private $config;
+    
+    function __construct($cryptinfo) {
+        $this->config = $cryptinfo;
+    }
+    
+
+    public function encrypt($data) {
+        
+        self::check_methods($this->config['enc_method'], $this->config['hash_method']);
+        $iv = self::hashIV($this->config['key'], $this->config['hash_method'], openssl_cipher_iv_length($this->config['enc_method']));
+        $infostr = sprintf('$%s$%s$', $this->config['enc_method'], $this->config['hash_method']);
+        return $infostr . openssl_encrypt($data, $this->config['enc_method'], $this->config['key'], false, $iv);
+    }
+
+    public function decrypt($edata) {
+        $e_arr = explode('$', $edata);
+        if( count($e_arr) != 4 ) {
+            Throw new Exception('Given data is missing crucial sections.');
+        }
+        $this->config['enc_method'] = $e_arr[1];
+        $this->config['hash_method'] = $e_arr[2];
+        self::check_methods($this->config['enc_method'], $this->config['hash_method']);
+        $iv = self::hashIV($this->config['key'], $this->config['hash_method'], openssl_cipher_iv_length($this->config['enc_method']));
+        return openssl_decrypt($e_arr[3], $this->config['enc_method'], $this->config['key'], false, $iv);
+    }
+
+    private static function hashIV($key, $method, $iv_size) {
+        $myhash = hash($method, $key, TRUE);
+        while( strlen($myhash) < $iv_size ) {
+            $myhash .= hash($method, $myhash, TRUE);
+        }
+        return substr($myhash, 0, $iv_size);
+    }
+
+    private static function check_methods($enc, $hash) {
+        
+        if( ! function_exists('openssl_encrypt') ) {
+            Throw new Exception('openssl_encrypt() not supported.');
+        } else if( ! in_array($enc, openssl_get_cipher_methods()) ) {
+            Throw new Exception('Encryption method ' . $enc . ' not supported.');
+        } else if( ! in_array(strtolower($hash), hash_algos()) ) {
+            Throw new Exception('Hashing method ' . $hash . ' not supported.');
+        }
+    }
+
+
+
+}
--- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/support_group.php
+++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/support_group.php
@ -51,7 +51,12 @@ class Support_Group{
                $sGroup->setGroupEmail($values['GroupEmail']);
                $sGroup->setIMAP_MailServer($values['IMAP_MailServer']);
                $sGroup->setIMAP_Username($values['IMAP_Username']);
-                $sGroup->setIMAP_Password($values['IMAP_Password']);
+                
+                //encrypt password!
+                global $cfg;
+                $crypter = new MyCrypt($cfg['crypt']);
+                $enc_password = $crypter->encrypt($values['IMAP_Password']);
+                $sGroup->setIMAP_Password($enc_password);
                $sGroup->create();
                
                return "SUCCESS";
--- a/code/ryzom/tools/server/ryzom_ams/www/config.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/config.php
@ -53,6 +53,10 @@ $SUPPORT_GROUP_IMAP_CRYPTKEY = "azerty";
 $TICKET_MAILING_SUPPORT = true;
 $MAIL_DIR = "/tmp";

+$cfg['crypt']['key']    = 'Sup3rS3cr3tStuff';
+$cfg['crypt']['enc_method']    = 'AES-256-CBC';
+$cfg['crypt']['hash_method'] = "SHA512";
+
 //-----------------------------------------------------------------------------------------
 // If true= the server will add automatically unknown user in the database
 // (in nel.user= nel.permission= ring.ring_user and ring.characters
--- a/code/ryzom/tools/server/ryzom_ams/www/html/func/modify_email_of_sgroup.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/modify_email_of_sgroup.php
@ -15,7 +15,12 @@ function modify_email_of_sgroup(){
                    $group->setGroupEmail($groupemail);
                    $group->setIMAP_MailServer(filter_var($_POST['IMAP_MailServer'],FILTER_SANITIZE_STRING));
                    $group->setIMAP_Username(filter_var($_POST['IMAP_Username'],FILTER_SANITIZE_STRING));
-                    $group->setIMAP_Password($password);
+                    
+                    //encrypt password!
+                    global $cfg;
+                    $crypter = new MyCrypt($cfg['crypt']);
+                    $enc_password = $crypter->encrypt($password);
+                    $group->setIMAP_Password($enc_password);
                    $group->update();
                    $result['RESULT_OF_MODIFYING'] = "SUCCESS";
                }else{
--- a/code/ryzom/tools/server/ryzom_ams/www/html/sql/install.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/sql/install.php
@ -290,7 +290,7 @@
          `GroupEmail` VARCHAR(45) NULL ,
          `IMAP_MailServer` VARCHAR(60) NULL ,
          `IMAP_Username` VARCHAR(45) NULL ,
-          `IMAP_Password` VARCHAR(45) NULL ,
+          `IMAP_Password` VARCHAR(90) NULL ,
          PRIMARY KEY (`SGroupId`) ,
          UNIQUE INDEX `Name_UNIQUE` (`Name` ASC) ,
          UNIQUE INDEX `Tag_UNIQUE` (`Tag` ASC) )