From d0891e2850765cdfdacf3c6eca05a63d3238234c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Wed, 13 Aug 2008 13:39:30 +0000
Subject: [PATCH] Fix: Encryption of password in file

---
 htdocs/admin/security.php   | 39 ++++++++++++++++++++++---------------
 htdocs/install/etape5.php   |  6 +++---
 htdocs/install/upgrade2.php |  2 +-
 htdocs/lib/admin.lib.php    |  8 ++++----
 htdocs/lib/security.lib.php | 22 ++++++++++++---------
 5 files changed, 44 insertions(+), 33 deletions(-)
diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php
index a9dc0858539..86973bd4a68 100644
--- a/htdocs/admin/security.php
+++ b/htdocs/admin/security.php
@@ -18,11 +18,11 @@
  */
 
 /**
-	    \file       htdocs/admin/security.php
-        \ingroup    setup
-        \brief      Page de configuration du module sécurité
-		\version    $Id$
-*/
+ *		\file       htdocs/admin/security.php
+ *      \ingroup    setup
+ *      \brief      Page de configuration du module sécurité
+ *		\version    $Id$
+ */
 
 require("./pre.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
@@ -95,7 +95,8 @@ if ($_GET["action"] == 'activate_encryptdbpassconf')
 	$result = encodedecode_dbpassconf(1);
 	if ($result > 0)
 	{
-		dolibarr_set_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED", "1");
+		// database value not required
+		//dolibarr_set_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED", "1");
 		Header("Location: security.php");
 		exit;
 	}
@@ -109,7 +110,8 @@ else if ($_GET["action"] == 'disable_encryptdbpassconf')
 	$result = encodedecode_dbpassconf(0);
 	if ($result > 0)
 	{
-		dolibarr_del_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED");
+		// database value not required
+		//dolibarr_del_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED");
 		Header("Location: security.php");
 		exit;
 	}
@@ -311,25 +313,30 @@ $var=!$var;
 print "<tr ".$bc[$var].">";
 print '<td colspan="3">'.$langs->trans("MainDbPasswordFileConfEncrypted").'</td>';
 print '<td align="center" width="60">';
-if($conf->global->MAIN_DATABASE_PWD_CONFIG_ENCRYPTED == 1)
+if (! empty($dolibarr_main_db_encrypted_pass))
 {
 	print img_tick();
 }
 
 print '</td>';
 
-if ($conf->global->MAIN_DATABASE_PWD_CONFIG_ENCRYPTED == 0)
+print '<td align="center" width="100">';
+if (empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass)) 
 {
-	print '<td align="center" width="100">';
-	print '<a href="security.php?action=activate_encryptdbpassconf">'.$langs->trans("Activate").'</a>';
-	print "</td>";
+	print img_warning($langs->trans("WarningPassIsEmpty"));
 }
-if($conf->global->MAIN_DATABASE_PWD_CONFIG_ENCRYPTED == 1)
+else
 {
-	print '<td align="center" width="100">';
-	print '<a href="security.php?action=disable_encryptdbpassconf">'.$langs->trans("Disable").'</a>';
-	print "</td>";
+	if (empty($dolibarr_main_db_encrypted_pass))
+	{
+		print '<a href="security.php?action=activate_encryptdbpassconf">'.$langs->trans("Activate").'</a>';
+	}
+	if (! empty($dolibarr_main_db_encrypted_pass))
+	{
+		print '<a href="security.php?action=disable_encryptdbpassconf">'.$langs->trans("Disable").'</a>';
+	}
 }
+print "</td>";
 
 print "</td>";
 print '</tr>';
diff --git a/htdocs/install/etape5.php b/htdocs/install/etape5.php
index 4182c888980..853e9a8acaa 100644
--- a/htdocs/install/etape5.php
+++ b/htdocs/install/etape5.php
@@ -87,12 +87,12 @@ pHeader($langs->trans("SetupEnd"),"etape5");
 
 if ($_POST["action"] == "set" || $_POST["action"] == "upgrade")
 {
-
+    require_once(DOL_DOCUMENT_ROOT ."/lib/functions.lib.php");
+    
     print '<table cellspacing="0" cellpadding="2" width="100%">';
     $error=0;
     
-    // on décode le mot de passe de la base si besoin
-    require_once(DOL_DOCUMENT_ROOT ."/lib/functions.lib.php");
+	// decode database pass if needed
     if (! empty($dolibarr_main_db_encrypted_pass))
     {
 		require_once(DOL_DOCUMENT_ROOT ."/lib/security.lib.php");
diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php
index cede40ed2b2..3ab40c31033 100644
--- a/htdocs/install/upgrade2.php
+++ b/htdocs/install/upgrade2.php
@@ -74,7 +74,7 @@ if (isset($_POST['action']) && $_POST['action'] == 'upgrade')
 
 	print '<table cellspacing="0" cellpadding="1" border="0" width="100%">';
 
-	// on decode le mot de passe de la base si besoin
+	// decode database pass if needed
 	if (! empty($dolibarr_main_db_encrypted_pass))
 	{
 		require_once($dolibarr_main_document_root."/lib/security.lib.php");
diff --git a/htdocs/lib/admin.lib.php b/htdocs/lib/admin.lib.php
index 75e4176b8c0..616ad7d2418 100644
--- a/htdocs/lib/admin.lib.php
+++ b/htdocs/lib/admin.lib.php
@@ -294,13 +294,13 @@ function dolibarr_get_const($db, $name)
 
 
 /**
-   \brief      	Insertion d'une constante dans la base de donnÃ©es.
+   \brief      	Insertion d'une constante dans la base de donnees.
    \sa			dolibarr_del_const, dolibarr_get_const
-   \param	    db          Handler d'accÃ©s base
+   \param	    db          Handler d'acces base
    \param	    name		Nom de la constante
    \param	    value		Valeur de la constante
-   \param	    type		Type de constante (chaine par dÃ©faut)
-   \param	    visible	    La constante est elle visible (0 par dÃ©faut)
+   \param	    type		Type de constante (chaine par defaut)
+   \param	    visible	    La constante est elle visible (0 par defaut)
    \param	    note		Explication de la constante
    \return     	int         -1 if KO, 1 if OK
 */
diff --git a/htdocs/lib/security.lib.php b/htdocs/lib/security.lib.php
index b657a2be838..2d2195f9586 100644
--- a/htdocs/lib/security.lib.php
+++ b/htdocs/lib/security.lib.php
@@ -53,11 +53,13 @@ function makesalt($type=CRYPT_SALT_LENGTH)
 }
 
 /**
-   \brief   Encode\decode database password in config file
-   \param   level    Encode level : 0 no enconding, 1 encoding
-*/
+ *  \brief   	Encode\decode database password in config file
+ *  \param   	level   Encode level : 0 no enconding, 1 encoding
+ *	\return		int		<0 if KO, >0 if OK	
+ */
 function encodedecode_dbpassconf($level=0)
 {
+	dolibarr_syslog("security.lib::encodedecode_dbpassconf level=".$level, LOG_DEBUG);
 	$config = '';
 
 	if ($fp = fopen(DOL_DOCUMENT_ROOT.'/conf/conf.php','r'))
@@ -95,19 +97,21 @@ function encodedecode_dbpassconf($level=0)
 		}
 		else
 		{
+			dolibarr_syslog("security.lib::encodedecode_dbpassconf Failed to open conf.php file for writing", LOG_WARNING);
 			return -1;
 		}
 	}
 	else
 	{
+		dolibarr_syslog("security.lib::encodedecode_dbpassconf Failed to read conf.php", LOG_ERR);
 		return -2;
 	}
 }
 
 /**
- \brief   Encode une chaine de caractére
- \param   chain    chaine de caractéres a encoder
- \return  string_coded  chaine de caractéres encodée
+ *	\brief   Encode une chaine de caractére
+ *	\param   chaine			chaine de caractères a encoder
+ *	\return  string_coded  	chaine de caractères encodée
  */
 function dol_encode($chain)
 {
@@ -121,9 +125,9 @@ function dol_encode($chain)
 }
 
 /**
- \brief   Decode une chaine de caractére
- \param   chain    chaine de caractéres a decoder
- \return  string_coded  chaine de caractéres decodée
+ *	\brief   Decode une chaine de caractére
+ *	\param   chain    chaine de caractéres a decoder
+ *	\return  string_coded  chaine de caractéres decodée
  */
 function dol_decode($chain)
 {
