lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Serious bug with encrypt and decrypt function.

Browse Source
This commit is contained in:
Laurent Destailleur 2009-09-07 14:03:19 +00:00
parent 7c833eb82d
commit c7144ce138
5 changed files with 79 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
htdocs/install/etape5.php
View File

@ -188,20 +188,25 @@ if ($_POST["action"] == "set" || eregi('upgrade',$_POST["action"]))
$db->begin();
dolibarr_install_syslog('install/etape5.php set MAIN_VERSION_LAST_INSTALL const to '.$targetversion, LOG_DEBUG);
$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey)."='MAIN_VERSION_LAST_INSTALL'");
$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_INSTALL',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey).",".$db->encrypt($targetversion,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey).",'chaine',0,'Dolibarr version when install',0)");
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,0)."='MAIN_VERSION_LAST_INSTALL'");
if (! $resql) dol_print_error($db,'Error in setup program');
$resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_INSTALL',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",".$db->encrypt($targetversion,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",'chaine',0,'Dolibarr version when install',0)");
if (! $resql) dol_print_error($db,'Error in setup program');
$conf->global->MAIN_VERSION_LAST_INSTALL=$targetversion;
if ($usedoliwamp)
{
dolibarr_install_syslog('install/etape5.php set MAIN_REMOVE_INSTALL_WARNING const to 1', LOG_DEBUG);
$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey)."='MAIN_REMOVE_INSTALL_WARNING'");
$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_REMOVE_INSTALL_WARNING',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey).",".$db->encrypt(1,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey).",'chaine',1,'Disable install warnings',0)");
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,0)."='MAIN_REMOVE_INSTALL_WARNING'");
if (! $resql) dol_print_error($db,'Error in setup program');
$resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_REMOVE_INSTALL_WARNING',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",".$db->encrypt(1,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",'chaine',1,'Disable install warnings',0)");
if (! $resql) dol_print_error($db,'Error in setup program');
$conf->global->MAIN_REMOVE_INSTALL_WARNING=1;
}
dolibarr_install_syslog('install/etape5.php Remove MAIN_NOT_INSTALLED const', LOG_DEBUG);
$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey)."='MAIN_NOT_INSTALLED'");
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,0)."='MAIN_NOT_INSTALLED'");
if (! $resql) dol_print_error($db,'Error in setup program');
$db->commit();
}
@ -231,8 +236,10 @@ if ($_POST["action"] == "set" || eregi('upgrade',$_POST["action"]))
if ($tagdatabase)
{
dolibarr_install_syslog('install/etape5.php set MAIN_VERSION_LAST_UPGRADE const to value '.$targetversion, LOG_DEBUG);
$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey)."='MAIN_VERSION_LAST_UPGRADE'");
$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_UPGRADE',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey).",".$db->encrypt($targetversion,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey).",'chaine',0,'Dolibarr version for last upgrade',0)");
$resql=$db->query("DELETE FROM llx_const WHERE ".$db->decrypt('name',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,0)."='MAIN_VERSION_LAST_UPGRADE'");
if (! $resql) dol_print_error($db,'Error in setup program');
$resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_VERSION_LAST_UPGRADE',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",".$db->encrypt($targetversion,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",'chaine',0,'Dolibarr version for last upgrade',0)");
if (! $resql) dol_print_error($db,'Error in setup program');
$conf->global->MAIN_VERSION_LAST_UPGRADE=$targetversion;
}
else
@ -251,7 +258,8 @@ if ($_POST["action"] == "set" || eregi('upgrade',$_POST["action"]))
}
// May fail if parameter already defined
$resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_LANG_DEFAULT',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey).",".$db->encrypt($setuplang,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey).",'chaine',0,'Default language',1)");
$resql=$db->query("INSERT INTO llx_const(name,value,type,visible,note,entity) values(".$db->encrypt('MAIN_LANG_DEFAULT',$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",".$db->encrypt($setuplang,$conf->db->dolibarr_main_db_encryption,$conf->db->dolibarr_main_db_cryptkey,1).",'chaine',0,'Default language',1)");
//if (! $resql) dol_print_error($db,'Error in setup program');
print '</table>';

35
htdocs/lib/databases/mssql.lib.php
View File

@ -691,16 +691,41 @@ class DoliDb
}
}
/**
* \brief Encrypt sensitive data in database
* \param fieldorvalue Field name or value to encrypt
* \param cryptType Type of encryption (2: AES (recommended), 1: DES , 0: no encryption)
* \param cryptKey Encryption key
* \param isAValue String in field can be a field name or a value
* \return return XXX(field) or XXX('value') or field or 'value'
*/
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $isAValue=0)
{
$return = $fieldorvalue;
return ($isAValue?"'":"").$return.($isAValue?"'":"");
}
/**
* \brief Decrypt sensitive data in database
* \param field Field name to decrypt
* \param cryptType Type of encryption (2: AES (recommended), 1: DES , 0: no encryption)
* \param cryptKey Encryption key
* \return return Field to decrypt if used
*/
function decrypt($field, $cryptType=0, $cryptKey='')
{
$return = $field;
return $return;
}
// Next function are not required. Only minor features use them.
//--------------------------------------------------------------
/**
\brief Renvoie l'id de la connexion
\return string Id connexion
*/
* \brief Renvoie l'id de la connexion
* \return string Id connexion
*/
function DDLGetConnectId()
{
$resql=$this->query('SELECT CONNECTION_ID()');

15
htdocs/lib/databases/mysql.lib.php
View File

@ -680,28 +680,29 @@ class DoliDb
/**
* \brief Encrypt sensitive data in database
* \param field Field name to encrypt
* \param fieldorvalue Field name or value to encrypt
* \param cryptType Type of encryption (2: AES (recommended), 1: DES , 0: no encryption)
* \param cryptKey Encryption key
* \return return Field to encrypt if used
* \param isAValue String in field can be a field name or a value
* \return return XXX(field) or XXX('value') or field or 'value'
*/
function encrypt($field, $cryptType=0, $cryptKey='')
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $isAValue=0)
{
$return = $field;
$return = $fieldorvalue;
if ($cryptType && !empty($cryptKey))
{
if ($cryptType == 2)
{
$return = 'AES_ENCRYPT('.$field.',\''.$cryptKey.'\')';
$return = 'AES_ENCRYPT('.($isAValue?"'":"").$fieldorvalue.($isAValue?"'":"").',\''.$cryptKey.'\')';
}
else if ($cryptType == 1)
{
$return = 'DES_ENCRYPT('.$field.',\''.$cryptKey.'\')';
$return = 'DES_ENCRYPT('.($isAValue?"'":"").$fieldorvalue.($isAValue?"'":"").',\''.$cryptKey.'\')';
}
}
return $return;
return ($isAValue?"'":"").$return.($isAValue?"'":"");
}
/**

24
htdocs/lib/databases/mysqli.lib.php
View File

@ -688,35 +688,31 @@ class DoliDb
return mysqli_insert_id($this->db);
}
// Next functions are not required. Only minor features use them.
//---------------------------------------------------------------
/**
* \brief Encrypt sensitive data in database
* \param field Field name to encrypt
* \param fieldorvalue Field name or value to encrypt
* \param cryptType Type of encryption (2: AES (recommended), 1: DES , 0: no encryption)
* \param cryptKey Encryption key
* \return return Field to encrypt if used
* \param isAValue String in field can be a field name or a value
* \return return XXX(field) or XXX('value') or field or 'value'
*/
function encrypt($field, $cryptType=0, $cryptKey='')
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $isAValue=0)
{
$return = $field;
$return = $fieldorvalue;
if ($cryptType && !empty($cryptKey))
{
if ($cryptType == 2)
{
$return = 'AES_ENCRYPT('.$field.',\''.$cryptKey.'\')';
$return = 'AES_ENCRYPT('.($isAValue?"'":"").$fieldorvalue.($isAValue?"'":"").',\''.$cryptKey.'\')';
}
else if ($cryptType == 1)
{
$return = 'DES_ENCRYPT('.$field.',\''.$cryptKey.'\')';
$return = 'DES_ENCRYPT('.($isAValue?"'":"").$fieldorvalue.($isAValue?"'":"").',\''.$cryptKey.'\')';
}
}
return $return;
return ($isAValue?"'":"").$return.($isAValue?"'":"");
}
/**
@ -745,6 +741,10 @@ class DoliDb
return $return;
}
// Next functions are not required. Only minor features use them.
//---------------------------------------------------------------
/**
* \brief Renvoie l'id de la connexion
* \return string Id connexion

54
htdocs/lib/databases/pgsql.lib.php
View File

@ -782,68 +782,40 @@ class DoliDb
return $row;
}
// Next function are not required. Only minor features use them.
//--------------------------------------------------------------
/**
* \brief Encrypt sensitive data in database
* \param field Field name to encrypt
* \param fieldorvalue Field name or value to encrypt
* \param cryptType Type of encryption (2: AES (recommended), 1: DES , 0: no encryption)
* \param cryptKey Encryption key
* \return return Field to encrypt if used
* TODO modifier pour postgresql
* \param isAValue String in field can be a field name or a value
* \return return XXX(field) or XXX('value') or field or 'value'
*/
function encrypt($field, $cryptType=0, $cryptKey='')
function encrypt($fieldorvalue, $cryptType=0, $cryptKey='', $isAValue=0)
{
/*
$return = $field;
if ($cryptType && !empty($cryptKey))
{
if ($cryptType == 2)
{
$return = 'AES_ENCRYPT('.$field.',\''.$cryptKey.'\')';
}
else if ($cryptType == 1)
{
$return = 'DES_ENCRYPT('.$field.',\''.$cryptKey.'\')';
}
}
return $return;
*/
$return = $fieldorvalue;
return ($isAValue?"'":"").$return.($isAValue?"'":"");
}
/**
* \brief Decrypt sensitive data in database
* \param field Field name to decrypt
* \param cryptType Type of encryption (2: AES (recommended), 1: DES , 0: no encryption)
* \param cryptKey Encryption key
* \return return Field to decrypt if used
* TODO modifier pour postgresql
*/
function decrypt($field, $cryptType=0, $cryptKey='')
{
/*
$return = $field;
if ($cryptType && !empty($cryptKey))
{
if ($cryptType == 2)
{
$return = 'AES_DECRYPT('.$field.',\''.$cryptKey.'\')';
}
else if ($cryptType == 1)
{
$return = 'DES_DECRYPT('.$field.',\''.$cryptKey.'\')';
}
}
return $return;
*/
}
/**
// Next function are not required. Only minor features use them.
//--------------------------------------------------------------
/**
* \brief Renvoie l'id de la connexion
* \return string Id connexion
*/