Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Qual: Removed efc_xfss library. Not used.

Browse Source
This commit is contained in:
Laurent Destailleur 2011-08-11 19:41:23 +00:00
parent 76f1880583
commit cb3ec74a29
6 changed files with 6 additions and 1160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
COPYRIGHT
View File

@ -14,12 +14,8 @@ In alphabetical order of includes directory:
AdoDb-Date 0.21 Modified BSD License Yes Date convertion
ArtiChow 1.07 Public Domain Yes Graphics
CKEditor 3.6.1 GPL or LGPL 2.1 or MPL 1.1 Yes Editor WYSIWYG
EFC/XFSS 1.0.1 LGPL 3.0 Yes Enhanced File Crypt/Extended File Stealth System
FCKEditor 2.6.6 LGPL 2.1 or Mozilla PL 1.0 Yes Editor WYSIWYG
FPDF_TPL 1.1.5 Apache Software License 2.0 No GPL3 only PDF templates management
FPDI 1.3.4 Apache Software License 2.0 No GPL3 only PDF templates management
FPDI_Protection 1.0.3 Apache Software License 2.0 No GPL3 only PDF encryption (8 files)
GeoIP x.x Yes GeoIP Maxmind conversion
FPDI 1.4.1 Apache Software License 2.0 No GPL3 only PDF templates management
jQuery 1.6.1 GPL and MIT Licence Yes JS library
jQuery UI 1.8.14 GPL and MIT Licence Yes JS library plugin UI
jQuery Flot 0.7 MIT Licence Yes JS library to build graph
@ -34,8 +30,6 @@ MagPieRss 0.72 GPL 2.0 Yes Load RSS
NuSoap 0.9.5 LGPL 2.1 Yes Interfaces with third tools
OdtPHP 1.0.1 GPL 2.0 Yes Library to build/edit ODT files
Php-barcode 0.3pl1 GPL 2.0 Yes Bar code generation
PHP_WriteExcel 0.3.0 LGPL 2.1 Yes Excel files generation (obsolete)
PHP_ExcelReader 2.21 MIT License Yes Parse and retrieve information from XLS files (obsolete)
PHPExcel 1.7.6 LGPL 2.1 Yes Read/Write XLS files, read ODS files
SMTPs 1.15 GPL Yes SMTPS library
TCPDF 5.9.098 LGPL 3.0 Yes PDF generation

82
htdocs/includes/efc_xfss/README.txt
View File

@ -1,82 +0,0 @@
README (english)
----------------
EFC/XFSS - Enhanced File Crypt/Extended File Stealth System.
Web: http://www.phpclasses.org/browse/package/1297.html
Licence: GNU/LGPL v3
Author: Humaneasy Exp
Modified by: Regis Houssin
Version: 1.0.1
Last change: 2008-04-27
-- SUMMARY --
The main idea behind "EFC/XFSS - Enhanced File Crypt/Extended File Stealth System" is to have your uploaded files safe in the server in a way that, even if someone can get them, no one can read them without knowing a few details to decrypt the files.
The class uses a random trick to select the encryption method that is used. This will always generate diferent encrypted files.
The file names are also obfuscated, so a sneaker will not know what the original format was.
This class was mainly developed to be used with GPL'ed Care2002 Medical Information System (www.care2x.org). However, its use was postponed because most of the files uploaded were images and most of them do not have any personal identifiable info on them.
This class, in a broader sense, has yet a long way to go. For now it is simply a sub-class of part of the RC4Crypt class. It allows an easy process of encryption and decryption of uploaded files.
The next challenge will be to encrypt and decrypt the files at client side, perhaps with Javascript, for those that cannot have an SSL connection, and also the creation of a replacement class for those that do not have the possibility to use libmcrypt.
-- REQUIREMENTS --
* It requires libmcrypt support and, when possible, an (optional)
SSL internet connection to be used.
* The class needs mcrypt PHP functions setup.
* This class (still) uses PHP 4 and was not tested with PHP 5.
-- INSTALLATION --
Unpack the files included.
The only files that you need to look at into are index.php, srcefc.php, mkconfig.php and .htaccess (the last one to use in the secured directory for strict security if you can not put it outside Web document tree).
Developer documentation is included inside the PHP scripts.
-- CONFIGURATION --
* IMPORTANT! Check that you have mcrypt support installed in your PHP and that you are using PHP 4.
* You also need to search for the definition of __SECURE_PATH__, and modify the path in the above PHP files.
-- TROUBLESHOOTING --
See http://www.phpclasses.org/discuss/package/1297/ for help.
We do not support the product besides own code errors.
-- CONTACT --
Current maintainers:
* Lopo Lencastre de Almeida (humaneasy) - http://drupal.org/user/26117
This project has been sponsored by:
* iPublicis
Consulting and planning of Drupal powered sites, we offer installation, development,
theming, customization, SEO planning and hosting to get you started.
Besides Drupal, advertising and FLOSS consulting.
Visit http://www.ipublicis.com to contact us.
-- NOTICE --
"EFC/XFSS - Enhanced File Crypt/Extended File Stealth System" is relased under the GNU/LGPL version 3 or above.
THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the project nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

557
htdocs/includes/efc_xfss/crypt_class.php
View File

@ -1,557 +0,0 @@
<?php
// $Id$
/**
* @file
* EasyFileCrypt Extending Crypt Class
* @Version: 1.0.1
* @Released: 05/27/03
*
* Copyright (C) 2003-2009 Humaneasy, brainVentures Network.
* Licensed under GNU Lesser General Public License 3 or above.
* Please visit http://www.opensource.org/licenses/bsd-license.php
* to now more about it.
*
* --------------------------------
*
* Copyright (C) 2002 Jason Sheets <jsheets@shadonet.com>.
* All rights reserved.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
Name: Crypt Class
Version: 1.1
Date Released: 11/18/02
Description: Crypt Class is a wrapper around libmcrypt_ functions, it provides an easy
way to encrypt and decrypt data. Crypt Class greatly simplifies encryption by adding
automatic generation and creation of IV's, automatic initialization of encryption, and
error handling and automatic trimming of keys that are too long.
Simple Example:
<?php
// include crypt class file
include('crypt_class.php');
// create an instance of the crypt class
$crypt_class = new CRYPT_CLASS;
// set the encryption cipher to twofish
$crypt_class->set_cipher('twofish'); // set the cipher
// set the mode to cfb (you should use cfb for strings and cbc for files)
$crypt_class->set_mode('cfb'); // set encryption mode
// set the encryption key to 'test key'
$crypt_class->set_key('test key')
// this is the data we want to encrypt
$data = 'this is a test message';
// this will be the encrypted data
$encrypted = $crypt_class->encrypt($data);
// this is the decrypted data
$decrypted = $crypt_class->decrypt($encrypted);
?>
Usage:
See the README.txt file.
Author: Jason Sheets <jsheets@shadonet.com>
License: This script is distributed under the BSD License, you are free
to use, or modify it however you like. If you find this script useful please
e-mail me.
**/
class CRYPT_CLASS {
var $cipher; // cipher to encrypt with
var $defaultmode = 'cfb'; // default encryption mode to use
var $defaultcipher = 'twofish'; // default cipher to use
var $key; // encryption/decription key
var $mode; // encryption mode to use
var $post_decrypt_filter; // filter to apply after decrypting, before base64_decode ie gzip_enflate
var $pre_encrypt_filter; // filter to apply before encrypting ie gzip_deflate
/* You should use cfb mode for strings and cbc mode for files */
// constructor for CRYPT_CLASS
function CRYPT_CLASS() {
// make sure we can use mcrypt_generic_init
if (!function_exists(mcrypt_generic_init)) {
?>
<html><head><title>libmcrypt not available</title></head><body>
<h3>libmcrypt not available</h3>
<p>In order to use crypt class you must have libmcrypt >= 2.4.x installed and PHP must be compiled with --with-mcrypt, if you don't
know what this means please contact your hosting provider or system admin.</p>
</body></html>
<?php
exit;
}
// enable gzip compression if possible, if gzip is not installed but bzip2 is use bzip2 instead
/*
if (function_exists('gzdeflate')) {
$this->set_pre_encrypt_filter('gzdeflate');
$this->set_post_decrypt_filter('gzinflate');
} elseif (function_exists('bzcompress')) {
$this->set_pre_encrypt_filter('bzcompress');
$this->set_post_decrypt_filter('bzuncompress');
}
*/
}
// clears the key so it can't be fetched by get_key later
function clear_key() {
$this->key = '';
}
// clears the pre encrypt filter
function clear_pre_encrypt_filter()
{
$this->pre_encrypt_filter = '';
}
// clears the post decrypt filter
function clear_post_decrypt_filter()
{
$this->post_decrypt_filter = '';
}
// shortcut, clears both pre_encrypt and post_decrypt filters
function clear_filters()
{
$this->clear_pre_encrypt_filter();
$this->clear_post_decrypt_filter();
}
// creates an IV
function create_iv()
{
// before we create an IV make sure cipher is set
if ((!isset($this->cipher)) || (!isset($this->mode))) {
trigger_error('create_iv: cipher and mode must be set before using create_iv', E_USER_ERROR);
return 0;
}
// open encryption module
$td = $this->_open_cipher();
// try to generate the iv
$iv = @mcrypt_create_iv(mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
// if we couldn't generate the iv display an error
if (!$iv)
{
//trigger_error('create_iv: unable to create iv', E_USER_ERROR);
return '';
}
// cleanup
@mcrypt_module_close($td);
// return iv
return $iv;
}
function decrypt($encrypted, $keepIV = 0)
{
if ((!isset($this->cipher)) || (!isset($this->mode)) || (!isset($this->key))) {
trigger_error('decrypt: cipher, mode, and key must be set before using decrypt', E_USER_ERROR);
}
// extract encrypted value from base64 encoded value
$data = base64_decode($encrypted);
// open encryption module
$td = $this->_open_cipher();
// get what size the IV should be
$ivsize = mcrypt_enc_get_iv_size($td);
// get the IV from the encrypted string
$iv = substr($data, 0, $ivsize);
// remove the IV from the data so we decrypt cleanly
if ($keepIV != 1) {
$data = substr($data, $ivsize);
}
// initialize decryption
@mcrypt_generic_init ($td, $this->key, $iv);
// decrypt the data
$decrypted = mdecrypt_generic ($td, $data);
// apply post-decrypt filter (this is usually a decompression call)
if (!empty($this->post_decrypt_filter)) {
$filter = $this->get_post_decrypt_filter();
$decrypted = $filter($decrypted);
unset($filter);
}
// cleanup
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
// get rid of original data
unset($data);
return $decrypted;
}
/* decrypts a file */
function decrypt_file($sourcefile, $destfile)
{
// make sure required fields are specified
if ((!isset($this->cipher)) || (!isset($this->mode)) || (!isset($this->key))) {
trigger_error('decrypt_file: cipher, mode, and key must be set before using decrypt_file', E_USER_ERROR);
}
// make sure file exists and is readable
if (!is_readable($sourcefile)) {
return 0;
}
// touch destion file so it will exist when we check for it
@touch($destfile);
if (!is_writable($destfile)) {
return 0;
}
// read the file into memory and encrypt it
$fp = fopen($sourcefile, r);
// return false if unable to open file
if (!$fp) {
return 0;
}
$filecontents = fread($fp, filesize($sourcefile));
fclose($fp);
// open the destionation file for writing
$dest_fp = fopen($destfile, w);
// return false if unable to open file
if (!$dest_fp) {
return 0;
}
// write decrypted data to file
fwrite($dest_fp, $this->decrypt($filecontents));
// close encrypted file pointer
fclose($dest_fp);
return 1;
}
function encrypt($data)
{
if ((!isset($this->cipher)) || (!isset($this->mode)) || (!isset($this->key))) {
trigger_error('encrypt: cipher, mode, and key must be set before using encrypt', E_USER_ERROR);
}
// create an IV
$iv = $this->create_iv();
// open encryption module
$td = $this->_open_cipher();
// apply pre-encrypt filter (this is usually a compression call)
if (!empty($this->pre_encrypt_filter)) {
$filter = $this->get_pre_encrypt_filter();
$data = $filter($data);
unset($filter);
}
// initialize encryption
mcrypt_generic_init ($td, $this->key, $iv);
$encrypted_data = mcrypt_generic($td, $data);
// cleanup
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
// get rid of original data
unset($data);
// return base64 encoded string
return base64_encode($iv . $encrypted_data);
}
/* encrypts a file */
function encrypt_file($sourcefile, $destfile) {
// make sure required fields are specified
if ((!isset($this->cipher)) || (!isset($this->mode)) || (!isset($this->key))) {
trigger_error('encrypt_file: cipher, mode, and key must be set before using encrypt_file', E_USER_ERROR);
}
// make sure file exists and is readable
if (!is_readable($sourcefile)) {
//trigger_error("encrypt_file: cannot read '$sourcefile' ", E_USER_ERROR);
return 0;
}
// touch destion file so it will exist when we check for it
@touch($destfile);
if (!is_writable($destfile)) {
//trigger_error("encrypt_file: cannot write to '$destfile' ", E_USER_ERROR);
return 0;
}
// read the file into memory and encrypt it
$fp = fopen($sourcefile, r);
// return false if unable to open file
if (!$fp) {
//trigger_error("encrypt_file: cannot open '$sourcefile' ", E_USER_ERROR);
return 0;
}
$filecontents = fread($fp, filesize($sourcefile));
fclose($fp);
// open the destionation file for writing
$dest_fp = fopen($destfile, w);
// return false if unable to open file
if (!$dest_fp) {
//trigger_error("encrypt_file: cannot open '$destfile' ", E_USER_ERROR);
return 0;
}
// write encrypted data to file
fwrite($dest_fp, $this->encrypt($filecontents));
// close encrypted file pointer
fclose($dest_fp);
return 1;
}
/* this function *ATTEMPTS* to generate a secure encryption/decryption key */
function generate_key()
{
/* generate an random decryption key */
$decryptkey = bin2hex(md5(uniqid(rand(),1)));
/* get a unique id with a random prefix */
$value = md5(uniqid(rand(),1));
// backup current encryption key
$oldkey = $this->key;
// set the encryption/decryption key to the randomly generated decryption key
$this->set_key($decryptkey);
// decrypt $value with an invalid decryption key so we get garbage
$returnkey = $this->decrypt($value, 1);
// restore encryption key
$this->key = $oldkey;
// cleanup variables
unset($oldkey, $decryptkey);
// return encryption key, should be base64 encoded for storage
return $returnkey;
}
/* return the name of the current cipher */
function get_cipher()
{
return $this->cipher;
}
/* return the encryption/decryption key */
function get_key()
{
return $this->key;
}
/* return the encryption mode */
function get_mode()
{
return $this->mode;
}
// return current post decrypt filter
function get_post_decrypt_filter()
{
return $this->post_decrypt_filter;
}
// return current pre encrypt filter
function get_pre_encrypt_filter()
{
return $this->pre_encrypt_filter;
}
// wrapper around md5
function md5($string)
{
// if the md5 function exists return md5($string), otherwise use built in md5
if (function_exists('md5')) {
return md5($string);
} else {
/* call to local md5 script goes here */
}
}
/* attempt to set the cipher to $ciphername, verifies ciphername against list of supported ciphers */
function set_cipher($ciphername)
{
if (in_array($ciphername, mcrypt_list_algorithms())) {
$this->cipher = $ciphername;
return 1;
} else {
return 0;
}
}
// wrapper around sha1
function sha1($string)
{
// if the sha1 function exists return sha1($string), otherwise use built in sha1
if (function_exists('sha1')) {
return sha1($string);
} else {
// note sha1 is only native to PHP 4.3.0 and newer
/* call to local sha1 script goes here */
}
}
/* set encryption key */
function set_key($encryptkey)
{
// make sure cipher and mode are set before setting IV
if ((!isset($this->cipher)) || (!isset($this->mode))) {
trigger_error('set_key: cipher and mode must be set before using set_key', E_USER_ERROR);
}
if (!empty($encryptkey)) {
// get the size of the encryption key
$keysize = @mcrypt_get_key_size ($this->cipher, $this->mode);
//$keysize = @mcrypt_get_key_size ($this->cipher);
//trigger_error($keysize, E_USER_ERROR);
// if the encryption key is less than 32 characters long and the expected keysize is at least 32 md5 the key
if ((strlen($encryptkey) < 32) && ($keysize >= 32)) {
$encryptkey = md5($encryptkey);
// if encryption key is longer than $keysize and the keysize is 32 then md5 the encryption key
} elseif ((strlen($encryptkey) > $keysize) && ($keysize == 32)) {
$encryptkey = md5($encryptkey);
} else {
// if encryption key is longer than the keysize substr it to the correct keysize length
$encryptkey = substr($encryptkey, 0, $keysize);
}
$this->key = $encryptkey;
} else {
return 0;
}
}
/* attempt to set encryption mode to $encryptmode, verifies mode against list of supported modes */
function set_mode($encryptmode)
{
// make sure encryption mode is a valid mode
if (in_array($encryptmode, mcrypt_list_modes())) {
$this->mode = $encryptmode;
} else {
return 0;
}
}
function set_post_decrypt_filter($function)
{
// if the function exists set the filter and return true
if (function_exists($function)) {
$this->post_decrypt_filter = $function;
return 1;
// function does not exist, return false
} else {
return 0;
}
}
function set_pre_encrypt_filter($function)
{
// if function exists set filter and return true
if (function_exists($function)) {
$this->pre_encrypt_filter = $function;
return 1;
// function does not exist, return false
} else {
return 0;
}
}
/* Everything below here are private methods and should not be called by anyone except the script */
/* attempt to open cipher, verify cipher was opened otherwise throw an error */
function _open_cipher()
{
// open encryption module
$td = @mcrypt_module_open($this->cipher, '', $this->mode, '');
// display error if we couldn't open the cipher
if (!$td) {
trigger_error('unable to open cipher ' . $this->cipher . ' in ' . $this->mode . ' mode', E_USER_ERROR);
}
return $td;
}
}
?>

403
htdocs/includes/efc_xfss/efc.class.php
View File

@ -1,403 +0,0 @@
<?php
// $Id$
/**
* @file
* EasyFileCrypt Extending Crypt Class
* @Version: 1.0.1
* @Released: 05/27/03
*
* Copyright (C) 2003-2009 Humaneasy, brainVentures Network.
* Licensed under GNU Lesser General Public License 3 or above.
* Please visit http://www.gnu.org to now more about it.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
* --------------------------------
*
* Crypt Class
* Copyright (C) 2002 Jason Sheets <jsheets@shadonet.com>.
* All rights reserved.
*
* This is licensed under a different, but compatible license scheme.
* See crypt_class.php for more details.
*
* --------------------------------
*
* phpCrc16 v1.1 -- CRC16/CCITT implementation
* By Matteo Beccati <matteo@beccati.com>
*
* Original code by:
* Ashley Roll <ash@digitalnemesis.com>
* Digital Nemesis Pty Ltd
* www.digitalnemesis.com
*
* Test Vector: "123456789" (character string, no quotes)
* Generated CRC: 0x29B1
*
*/
// Define mandatory variables
if (!defined("__CONFIG_SECURE_PATH__"))
define("__CONFIG_SECURE_PATH__", DOL_DATA_ROOT."/admin/", TRUE);
// Include Extended Class
require_once('crypt_class.php');
/**
* class easyfilecrypt(CRYPT_CLASS)
*
* { EasyFileCrypt extends Crypt Class to work with files with very few
values. Crypt Class itself is a wrapper around libmcrypt_ functions, it provides an
easy way to encrypt and decrypt data. Crypt Class greatly simplifies encryption by
adding automatic generation and creation of IV's, automatic initialization of
encryption, and error handling and automatic trimming of keys that are too long.
EasyFileCrypt will be modified to avoid the requirement of libmcrypt when not present.}
*
*/
class easyfilecrypt extends CRYPT_CLASS {
// Set default variables for all new objects
//!default cipher to use
var $defaultcipher;
//!default encryption mode to use
var $defaultmode;
// Our vars
//!This is the array that will contain all needed variables
var $efc;
//!This is the array that will contain all file upload variables
var $_userfile;
//!This is the array that will contain all file path
var $_userfilepath;
//!Cipher config filename
var $cfg_filename;
/**
* easyfilecrypt::easyfilecrypt()
*
* { Constructor }
*
*/
function easyfilecrypt () {
$this->efc = array( 'name' => '',
'type' => '',
'ext' => '',
'size' => '',
'crc' => '',
'key' => '',
'cipher' => '' );
$this->defaultcipher = $this->cipher = 'twofish';
$this->defaultmode = $this->mode = 'cbc';
$this->cfg_filename = __CONFIG_SECURE_PATH__.".efc.config.php";
}
/**
* easyfilecrypt::encryptfile()
*
* { Encrypt the uploaded file contents and save it as a new one }
*
*/
function encryptfile(&$refer_userfile) {
// Reference File Array
$this->_userfile =& $refer_userfile;
// Get and sort available cipher methods
$ciphers = mcrypt_list_algorithms();
natsort($ciphers);
// Random choose one to get more security
srand ((float) microtime() * 10000000);
$this->efc['cipher'] = $ciphers[array_rand ($ciphers, 1)];
if ($this->efc['cipher'] == "")
$this->efc['cipher'] = $this->defaultcipher;
// set the encryption cipher
if (!$this->set_cipher($this->efc['cipher']))
$this->cipher = $this->defaultcipher;
$this->efc['cipher'] = $this->cipher;
// set the mode to cbc
// (you should use cfb for strings and cbc for files if possible)
@include_once($this->cfg_filename);
if (!is_array($xfss)) {
if (!$this->set_mode($this->efc['mode'])) {
// Neither User nor Default Mode available
if (!$this->set_mode($this->defaultmode)) {
// Get one of the available cipher Modes
srand ((float) microtime() * 10000000);
$modes = mcrypt_list_modes();
$this->set_mode($modes[array_rand ($modes, 1)]);
}
}
} else {
if ($this->efc['mode'] == "")
$this->efc['mode'] = $this->defaultmode;
/**
$td = @mcrypt_module_open ('arcfour', '', 'stream', '');
if (!$td) $msgteste = 'unable to open cipher ARCFOUR in STREAM mode<br>';
unset($td); $td = @mcrypt_module_open ('wake', '', 'stream', '');
if (!$td) $msgteste = 'unable to open cipher WAKE in STREAM mode<br>';
unset($td); $td = @mcrypt_module_open ('enigma', '', 'stream', '');
if (!$td) $msgteste = 'unable to open cipher ENIGMA in STREAM mode<br>';
if ($msgteste) trigger_error($msgteste, E_USER_ERROR);
echo "Default: ".$this->efc['mode']."<br>".strtoupper($this->cipher)." => ";
print_r($xfss[$this->cipher]);
**/
if (empty($xfss[$this->cipher])) {
$this->set_mode('stream');
} else {
if ( in_array ($this->efc['mode'], $xfss[$this->cipher]) ) {
$this->set_mode($this->efc['mode']);
} else {
$count = count ($xfss[$this->cipher]);
srand ((float) microtime() * 10000000);
$this->set_mode($xfss[$this->cipher][array_rand ($xfss[$this->cipher], 1)]);
}
}
}
$this->efc['mode'] = $this->mode;
// Set the encryption key
$this->efc['key'] = $this->generate_key(); // md5(time() . getmypid());
$this->efc['key'] = substr( md5( $this->efc['key'] ), 0, strlen( $this->efc['key'] ) );
$this->set_key($this->efc['key']);
// Save new filename name and mime-type
$this->efc['name'] = md5($this->_userfile['name'] . time() . getmypid());
$this->efc['type'] = $this->_userfile['type'];
$this->efc['ext'] = $this->getExtension($this->_userfile['name']);
// Set source and destination files name
$src_filename = $this->_userfile['tmp_name'];
$dst_filename = $this->_userfilepath.$this->efc['name'];
// make sure file exists and is readable
$msg = "encrypt_file: cannot read ".$this->_userfile['tmp_name']." ";
if (!is_readable($src_filename))
trigger_error($msg, E_USER_ERROR);
// touch destination file so it will exist when we check for it
@touch($dst_filename);
// can we write to it
$msg = "encrypt_file: cannot write to ".$dst_filename." ";
if (!is_writable($dst_filename))
trigger_error($msg, E_USER_ERROR);
// read the file into memory and encrypt it
$fp = fopen($src_filename, r);
// return false if unable to open file
$msg = "encrypt_file: cannot open ".$dst_filename." ";
if (!$fp) trigger_error($msg, E_USER_ERROR);
$filecontents = fread($fp, filesize($src_filename));
fclose($fp);
// open the destination file for writing
$dest_fp = fopen($dst_filename, w);
// return false if unable to open file
$msg = "encrypt_file: cannot open ".$dst_filename." ";
if (!$dest_fp) trigger_error($msg, E_USER_ERROR);
// adds length of content for cleanly removing the padding
$length = strlen($filecontents);
$cleanfilecontents = $length.'|'.$filecontents;
// write encrypted data to file
fwrite($dest_fp, $this->encrypt($cleanfilecontents));
// close encrypted file pointer
fclose($dest_fp);
// Save some checksums to test on decrypt
$this->efc['crc'] = $this->CRC16HexDigest($filecontents);
$this->efc['size'] = @filesize($dst_filename);
@unlink($src_filename);
}
/**
* easyfilecrypt::decryptfile()
*
* { Decrypt the file contents and save it as a new one }
*
*/
function decryptfile() {
// make sure required fields are specified
if ((!isset($this->efc['cipher'])) || (!isset($this->efc['key'])))
trigger_error('Decryption: cipher, mode, and key must be set before using this.', E_USER_ERROR);
// make sure file exists and is readable
$src_filename = $this->_userfilepath.$this->efc['name'];
if (!is_readable($src_filename))
trigger_error('Encrypted data is corrupted: Not readable', E_USER_ERROR);
// make sure file wasn't modified by someone
$msg = "Encrypted data is corrupted: Wrong Size (".filesize($src_filename)." / ".$this->efc['size'].")";
if( $this->efc['size'] != filesize($src_filename))
trigger_error($msg, E_USER_ERROR);
// get file contents
$contents = @file_get_contents($src_filename);
// set the encryption cipher
if (!$this->set_cipher($this->efc['cipher']))
$this->cipher = $this->efc['cipher'];
// set the mode to cbc (you should use cfb for strings and cbc for files)
if (!$this->set_mode($this->efc['mode']))
$this->mode = $this->efc['mode'];
// Set the encryption key
$this->set_key($this->efc['key']);
$this->efc['key'] = $this->key;
// decrypt file contents
$contents = $this->decrypt($contents);
// remove the padding
list($length, $padded_data) = explode('|', $contents, 2);
$contents = substr($padded_data, 0, $length);
// make sure contents where not modified
if( $this->efc['crc'] != $this->CRC16HexDigest($contents))
trigger_error('Original Data is corrupted: Bad CRC', E_USER_ERROR);
// return file contents
return $contents;
}
/**
* easyfilecrypt::getExtension()
*
* { Returns the extension of a given filename }
*
*/
function getExtension ($filename) {
return substr($str = substr($filename, ($pos = strrpos($filename, '/')) !== false ? ++$pos : 0), strpos($str, '.') + 1);
}
/**
* easyfilecrypt::_CRC16()
*
* { Returns CRC16 of a string as int value. Used internaly. }
*
*
*/
function _CRC16($str)
{
static $CRC16_Lookup = array(
0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50A5, 0x60C6, 0x70E7,
0x8108, 0x9129, 0xA14A, 0xB16B, 0xC18C, 0xD1AD, 0xE1CE, 0xF1EF,
0x1231, 0x0210, 0x3273, 0x2252, 0x52B5, 0x4294, 0x72F7, 0x62D6,
0x9339, 0x8318, 0xB37B, 0xA35A, 0xD3BD, 0xC39C, 0xF3FF, 0xE3DE,
0x2462, 0x3443, 0x0420, 0x1401, 0x64E6, 0x74C7, 0x44A4, 0x5485,
0xA56A, 0xB54B, 0x8528, 0x9509, 0xE5EE, 0xF5CF, 0xC5AC, 0xD58D,
0x3653, 0x2672, 0x1611, 0x0630, 0x76D7, 0x66F6, 0x5695, 0x46B4,
0xB75B, 0xA77A, 0x9719, 0x8738, 0xF7DF, 0xE7FE, 0xD79D, 0xC7BC,
0x48C4, 0x58E5, 0x6886, 0x78A7, 0x0840, 0x1861, 0x2802, 0x3823,
0xC9CC, 0xD9ED, 0xE98E, 0xF9AF, 0x8948, 0x9969, 0xA90A, 0xB92B,
0x5AF5, 0x4AD4, 0x7AB7, 0x6A96, 0x1A71, 0x0A50, 0x3A33, 0x2A12,
0xDBFD, 0xCBDC, 0xFBBF, 0xEB9E, 0x9B79, 0x8B58, 0xBB3B, 0xAB1A,
0x6CA6, 0x7C87, 0x4CE4, 0x5CC5, 0x2C22, 0x3C03, 0x0C60, 0x1C41,
0xEDAE, 0xFD8F, 0xCDEC, 0xDDCD, 0xAD2A, 0xBD0B, 0x8D68, 0x9D49,
0x7E97, 0x6EB6, 0x5ED5, 0x4EF4, 0x3E13, 0x2E32, 0x1E51, 0x0E70,
0xFF9F, 0xEFBE, 0xDFDD, 0xCFFC, 0xBF1B, 0xAF3A, 0x9F59, 0x8F78,
0x9188, 0x81A9, 0xB1CA, 0xA1EB, 0xD10C, 0xC12D, 0xF14E, 0xE16F,
0x1080, 0x00A1, 0x30C2, 0x20E3, 0x5004, 0x4025, 0x7046, 0x6067,
0x83B9, 0x9398, 0xA3FB, 0xB3DA, 0xC33D, 0xD31C, 0xE37F, 0xF35E,
0x02B1, 0x1290, 0x22F3, 0x32D2, 0x4235, 0x5214, 0x6277, 0x7256,
0xB5EA, 0xA5CB, 0x95A8, 0x8589, 0xF56E, 0xE54F, 0xD52C, 0xC50D,
0x34E2, 0x24C3, 0x14A0, 0x0481, 0x7466, 0x6447, 0x5424, 0x4405,
0xA7DB, 0xB7FA, 0x8799, 0x97B8, 0xE75F, 0xF77E, 0xC71D, 0xD73C,
0x26D3, 0x36F2, 0x0691, 0x16B0, 0x6657, 0x7676, 0x4615, 0x5634,
0xD94C, 0xC96D, 0xF90E, 0xE92F, 0x99C8, 0x89E9, 0xB98A, 0xA9AB,
0x5844, 0x4865, 0x7806, 0x6827, 0x18C0, 0x08E1, 0x3882, 0x28A3,
0xCB7D, 0xDB5C, 0xEB3F, 0xFB1E, 0x8BF9, 0x9BD8, 0xABBB, 0xBB9A,
0x4A75, 0x5A54, 0x6A37, 0x7A16, 0x0AF1, 0x1AD0, 0x2AB3, 0x3A92,
0xFD2E, 0xED0F, 0xDD6C, 0xCD4D, 0xBDAA, 0xAD8B, 0x9DE8, 0x8DC9,
0x7C26, 0x6C07, 0x5C64, 0x4C45, 0x3CA2, 0x2C83, 0x1CE0, 0x0CC1,
0xEF1F, 0xFF3E, 0xCF5D, 0xDF7C, 0xAF9B, 0xBFBA, 0x8FD9, 0x9FF8,
0x6E17, 0x7E36, 0x4E55, 0x5E74, 0x2E93, 0x3EB2, 0x0ED1, 0x1EF0
);
$crc16 = 0xFFFF; // the CRC
$len = strlen($str);
for($i = 0; $i < $len; $i++ )
{
$t = ($crc16 >> 8) ^ ord($str[$i]); // High byte Xor Message Byte to get index
$crc16 = (($crc16 << 8) & 0xffff) ^ $CRC16_Lookup[$t]; // Update the CRC from table
}
// crc16 now contains the CRC value
return $crc16;
}
/**
* easyfilecrypt::CRC16HexDigest()
*
* { Returns CRC16 of a string as hexadecimal string. }
*
*
*/
function CRC16HexDigest($str)
{
return sprintf('%04X', $this->_CRC16($str));
}
/** EOF Class **/
}
?>

113
htdocs/lib/security.lib.php
View File

@ -20,12 +20,13 @@
/**
* \file htdocs/lib/security.lib.php
* \brief Set of function used for dolibarr security
* \version $Id: security.lib.php,v 1.125 2011/07/31 23:25:15 eldy Exp $
* \version $Id: security.lib.php,v 1.126 2011/08/11 19:41:24 eldy Exp $
*/
/**
* Return a login if login/pass was successfull using an external login method
*
* @return string Login or ''
* TODO Provide usertotest, passwordtotest and entitytotest by parameters
*/
@ -82,6 +83,7 @@ function getLoginMethod()
/**
* Show Dolibarr default login page
*
* @param langs Lang object (must be initialized by a new).
* @param conf Conf object
* @param mysoc Company object
@ -267,6 +269,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
/**
* Fonction pour initialiser un salt pour la fonction crypt
*
* @param $type 2=>renvoi un salt pour cryptage DES
* 12=>renvoi un salt pour cryptage MD5
* non defini=>renvoi un salt pour cryptage par defaut
@ -295,6 +298,7 @@ function makesalt($type=CRYPT_SALT_LENGTH)
/**
* Encode or decode database password in config file
*
* @param level Encode level: 0 no encoding, 1 encoding
* @return int <0 if KO, >0 if OK
*/
@ -430,113 +434,6 @@ function dol_decode($chain)
}
/**
* Return array of ciphers mode available
* @return strAv Configuration file content
*/
function dol_efc_config()
{
// Make sure we can use mcrypt_generic_init
if (!function_exists("mcrypt_generic_init"))
{
return -1;
}
// Set a temporary $key and $data for encryption tests
$key = md5(time() . getmypid());
$data = mt_rand();
// Get and sort available cipher methods
$ciphers = mcrypt_list_algorithms();
natsort($ciphers);
// Get and sort available cipher modes
$modes = mcrypt_list_modes();
natsort($modes);
foreach ($ciphers as $cipher)
{
foreach ($modes as $mode)
{
// Not Compatible
$result = 'false';
// open encryption module
$td = @mcrypt_module_open($cipher, '', $mode, '');
// if we could open the cipher
if ($td)
{
// try to generate the iv
$iv = @mcrypt_create_iv(mcrypt_enc_get_iv_size ($td), MCRYPT_RAND);
// if we could generate the iv
if ($iv)
{
// initialize encryption
@mcrypt_generic_init ($td, $key, $iv);
// encrypt data
$encrypted_data = mcrypt_generic($td, $data);
// cleanup
mcrypt_generic_deinit($td);
// No error issued
$result = 'true';
}
// close
@mcrypt_module_close($td);
}
if ($result == "true") $available["$cipher"][] = $mode;
}
}
if (count($available) > 0)
{
// Content of configuration
$strAv = "<?php\n";
$strAv.= "/* Copyright (C) 2003 HumanEasy, Lda. <humaneasy@sitaar.com>\n";
$strAv.= " * Copyright (C) 2009 Regis Houssin <regis@dolibarr.fr>\n";
$strAv.= " *\n";
$strAv.= " * All rights reserved.\n";
$strAv.= " * This file is licensed under GNU GPL version 2 or above.\n";
$strAv.= " * Please visit http://www.gnu.org to now more about it.\n";
$strAv.= " */\n\n";
$strAv.= "/**\n";
$strAv.= " * Name: EasyFileCrypt Extending Crypt Class\n";
$strAv.= " * Version: 1.0\n";
$strAv.= " * Created: ".date("r")."\n";
$strAv.= " * Ciphers Installed on this system: ".count($ciphers)."\n";
$strAv.= " */\n\n";
$strAv.= " \$xfss = Array ( ";
foreach ($ciphers as $avCipher) {
$v = "";
if (count($available["$avCipher"]) > 0) {
foreach ($available["$avCipher"] as $avMode)
$v .= " '".$avMode."', ";
$i = dol_strlen($v) - 2;
if ($v[$i] == ",")
$v = substr($v, 2, $i - 3);
}
if (!empty($v)) $v = " '".$v."' ";
$strAv .= "'".$avCipher."' => Array (".$v."),\n ";
}
$strAv = rtrim($strAv);
if ($strAv[dol_strlen($strAv) - 1] == ",")
$strAv = substr($strAv, 0, dol_strlen($strAv) - 1);
$strAv .= " );\n\n";
$strAv .= "?>";
return $strAv;
}
}
/**
* Return a generated password using default module
* @param generic Create generic password

3
test/phpunit/phpunittest.xml
View File

@ -18,7 +18,6 @@
<directory suffix=".php">../../htdocs/includes/artichow/</directory>
<directory suffix=".php">../../htdocs/includes/barcode/php-barcode/</directory>
<directory suffix=".php">../../htdocs/includes/ckeditor/</directory>
<directory suffix=".php">../../htdocs/includes/efc_xfss/</directory>
<directory suffix=".php">../../htdocs/includes/fckeditor/</directory>
<directory suffix=".php">../../htdocs/includes/fpdi/</directory>
<directory suffix=".php">../../htdocs/includes/geoip/</directory>
@ -61,11 +60,9 @@
<directory suffix=".php">../../htdocs/includes/adodbtime/</directory>
<directory suffix=".php">../../htdocs/includes/artichow/</directory>
<directory suffix=".php">../../htdocs/includes/barcode/php-barcode/</directory>
<directory suffix=".php">../../htdocs/includes/efc_xfss/</directory>
<directory suffix=".php">../../htdocs/includes/fckeditor/</directory>
<directory suffix=".php">../../htdocs/includes/fpdi/</directory>
<directory suffix=".php">../../htdocs/includes/geoip/</directory>
<directory suffix=".php">../../htdocs/includes/jcrop/</directory>
<directory suffix=".php">../../htdocs/includes/jquery/</directory>
<directory suffix=".php">../../htdocs/includes/jsgantt/</directory>
<directory suffix=".php">../../htdocs/includes/magpierss/</directory>