diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 1d3f013e9f3..13361392396 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -92,7 +92,80 @@ function dol_decode($chain, $key = '1') } /** - * Returns a hash of a string. + * Encode a string with a symetric encryption. Used to encrypt sensitive data into database. + * Note: If a backup is restored onto another instance with a different $dolibarr_main_instance_unique_id, then decoded value will differ. + * + * @param string $chain string to encode + * @param string $key If '', we use $dolibarr_main_instance_unique_id + * @param string $ciphering Default ciphering algorithm + * @return string encoded string + * @see dolDecrypt(), dol_hash() + */ +function dolEncrypt($chain, $key = '', $ciphering = "AES-256-CTR") +{ + global $dolibarr_main_instance_unique_id; + + if ($chain === '') { + return ''; + } + + $reg = array(); + if (preg_match('/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) { + // The $chain is already a crypted string + return $chain; + } + + if (empty($key)) { + $key = $dolibarr_main_instance_unique_id; + } + + $newchain = $chain; + + if (!function_exists('openssl_encrypt')) { + return $chain; + } else { + $newchain = openssl_encrypt($chain, $ciphering, $key); + return 'dolcrypt:'.$ciphering.':'.$newchain; + } +} + +/** + * Decode a string with a symetric encryption. Used to decrypt sensitive data saved into database. + * Note: If a backup is restored onto another instance with a different $dolibarr_main_instance_unique_id, then decoded value will differ. + * + * @param string $chain string to encode + * @param string $key If '', we use $dolibarr_main_instance_unique_id + * @return string encoded string + * @see dolEncrypt(), dol_hash() + */ +function dolDecrypt($chain, $key = '') +{ + global $dolibarr_main_instance_unique_id; + + if ($chain === '') { + return ''; + } + + if (empty($key)) { + $key = $dolibarr_main_instance_unique_id; + } + + $reg = array(); + if (preg_match('/^dolcrypt:([^:]+):(.+)$/', $chain, $reg)) { + $ciphering = $reg[1]; + if (function_exists('openssl_decrypt')) { + $newchain = openssl_decrypt($reg[2], $ciphering, $key); + } else { + $newchain = 'Error function openssl_decrypt() not available'; + } + return $newchain; + } else { + return $chain; + } +} + +/** + * Returns a hash (non reversible encryption) of a string. * If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function (recommanded value is 'password_hash') * If constant MAIN_SECURITY_SALT is defined, we use it as a salt (used only if hashing algorightm is something else than 'password_hash'). * diff --git a/htdocs/emailcollector/class/emailcollector.class.php b/htdocs/emailcollector/class/emailcollector.class.php index 5c885209a71..7c43286ed9f 100644 --- a/htdocs/emailcollector/class/emailcollector.class.php +++ b/htdocs/emailcollector/class/emailcollector.class.php @@ -311,8 +311,13 @@ class EmailCollector extends CommonObject return -1; } + include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; + $this->password = dolEncrypt($this->password); + $id = $this->createCommon($user, $notrigger); + $this->password = dolDecrypt($this->password); + if (is_array($this->filters) && count($this->filters)) { $emailcollectorfilter = new EmailCollectorFilter($this->db); @@ -371,6 +376,7 @@ class EmailCollector extends CommonObject unset($object->id); unset($object->fk_user_creat); unset($object->import_key); + unset($object->password); // Clear fields $object->ref = "copy_of_".$object->ref; @@ -422,6 +428,10 @@ class EmailCollector extends CommonObject public function fetch($id, $ref = null) { $result = $this->fetchCommon($id, $ref); + + include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; + $this->password = dolDecrypt($this->password); + //if ($result > 0 && ! empty($this->table_element_line)) $this->fetchLines(); return $result; } @@ -517,7 +527,14 @@ class EmailCollector extends CommonObject return -1; } - return $this->updateCommon($user, $notrigger); + include_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php'; + $this->password = dolEncrypt($this->password); + + $result = $this->updateCommon($user, $notrigger); + + $this->password = dolDecrypt($this->password); + + return $result; } /**