/** * Set the hash for the user mails * * @return bool */ protected function setUserMailHash() { $ds = CSQLDataSource::get("std"); $mails = $ds->loadList("SELECT m.user_mail_id, m.account_class, m.account_id, m.from, m.to, m.subject, c.content FROM user_mail as m, content_html as c WHERE m.account_class IS NOT NULL AND m.account_id IS NOT NULL AND m.text_html_id = c.content_id ORDER BY m.user_mail_id DESC;"); if (count($mails)) { $values = array(); foreach ($mails as $_mail) { $data = "==FROM==\n" . $_mail['from'] . "\n==TO==\n" . $_mail['to'] . "\n==SUBJECT==\n" . $_mail['subject'] . "\n==CONTENT==\n" . $_mail['content']; $hash = CMbSecurity::hash(CMbSecurity::SHA256, $data); $values[] = '(' . $_mail['user_mail_id'] . ', ' . $_mail['account_id'] . ', \'' . $_mail['account_class'] . "', '{$hash}')"; } $mails = $ds->loadList("SELECT m.user_mail_id, m.account_class, m.account_id, m.from, m.to, m.subject, c.content FROM user_mail AS m, content_any AS c WHERE m.account_class IS NOT NULL AND m.account_id IS NOT NULL AND m.text_html_id IS NULL AND m.text_plain_id = c.content_id ORDER BY m.user_mail_id DESC;"); foreach ($mails as $_mail) { $data = "==FROM==\n" . $_mail['from'] . "\n==TO==\n" . $_mail['to'] . "\n==SUBJECT==\n" . $_mail['subject'] . "\n==CONTENT==\n" . $_mail['content']; $hash = CMbSecurity::hash(CMbSecurity::SHA256, $data); $values[] = '(' . $_mail['user_mail_id'] . ', ' . $_mail['account_id'] . ', \'' . $_mail['account_class'] . "', '{$hash}')"; } $query = "INSERT INTO `user_mail` (`user_mail_id`, `account_id`, `account_class`, `hash`) VALUES " . implode(', ', $values) . " ON DUPLICATE KEY UPDATE `hash` = VALUES(`hash`);"; $ds->query($query); if ($msg = $ds->error()) { CAppUI::stepAjax($msg, UI_MSG_WARNING); return false; } } return true; }
/** * Création d'une entête WS-Adressing * * @param string $action_name Action name * @param string $to To * * @return CSVSMessageXML[] */ static function createWSAddressing($action_name, $to) { $headers[] = self::createHeaders("Action", $action_name, true); $headers[] = self::createHeaders("MessageID", "urn:uuid:" . CMbSecurity::generateUUID()); $headers[] = self::createHeaders("ReplyTo", array("Address" => array("_", "http://www.w3.org/2005/08/addressing/anonymous"))); $headers[] = self::createHeaders("To", $to, true); return $headers; }
/** * @see parent::store() */ function store() { $this->completeField("datetime_start"); if (!$this->datetime_start) { $this->datetime_start = CMbDT::dateTime(); } if (!$this->_id) { $rand = CMbSecurity::getRandomString(16); $this->hash = CMbSecurity::hash(CMbSecurity::SHA1, $rand); } return parent::store(); }
/** * @see parent::updatePlainFields() */ function updatePlainFields() { parent::updatePlainFields(); // GET if ($this->_query_params_get) { $this->_query_params_get = CMbSecurity::filterInput($this->_query_params_get); $this->query_params_get = json_encode($this->_query_params_get); } // POST if ($this->_query_params_post) { $this->_query_params_post = CMbSecurity::filterInput($this->_query_params_post); $this->query_params_post = json_encode($this->_query_params_post); } // SESSION if ($this->_session_data) { $this->_session_data = CMbSecurity::filterInput($this->_session_data); $this->session_data = json_encode($this->_session_data); } }
/** * @see parent::extractData */ function extractData() { /** @var CCDAFactory $factory */ $factory = $this->mbObject; $this->document = $factory->mbObject; $this->targetObject = $factory->targetObject; $this->id_classification = 0; $this->id_external = 0; $mediuser = CMediusers::get(); $specialty = $mediuser->loadRefOtherSpec(); $group = $mediuser->loadRefFunction()->loadRefGroup(); $identifiant = CXDSTools::getIdEtablissement(true, $group) . "/{$mediuser->_id}"; $this->specialty = $specialty->code . "^" . $specialty->libelle . "^" . $specialty->oid; $this->xcn_mediuser = CXDSTools::getXCNMediuser($identifiant, $mediuser->_p_last_name, $mediuser->_p_first_name); $this->xon_etablissement = CXDSTools::getXONetablissement($group->text, CXDSTools::getIdEtablissement(false, $group)); $this->xpath = new CMbXPath($factory->dom_cda); $this->xpath->registerNamespace("cda", "urn:hl7-org:v3"); $this->patient_id = $this->getID($factory->patient, $factory->receiver); $this->ins_patient = $this->getIns($factory->patient); $uuid = CMbSecurity::generateUUID(); $this->uuid["registry"] = $uuid . "1"; $this->uuid["extrinsic"] = $uuid . "2"; $this->uuid["signature"] = $uuid . "3"; }
/** * Teste la validité de la phrase de passe via la chaîne témoin * * @param string $passphrase Phrase de passe saisie par l'utilisateur * * @return bool */ function testSample($passphrase) { $decrypted = CMbSecurity::decrypt(CMbSecurity::AES, CMbSecurity::CTR, $passphrase, $this->sample, $this->iv); return $decrypted === self::SAMPLE; }
/** * Make the hash for the given headers and mail content * * @param stdOject $header The headers, returned by the POP source * @param array $content The content, returned by the POP source * * @return bool|string */ public function makeHash($header, $content) { if (!isset($header->fromaddress) && !isset($header->toaddress) && !isset($header->subject)) { return null; } $data = "==FROM==\n" . self::flatMimeDecode($header->fromaddress) . "\n==TO==\n" . self::flatMimeDecode($header->toaddress) . "\n==SUBJECT==\n" . self::flatMimeDecode($header->subject); if (!empty($content['text']['html'])) { $content = $content['text']['html']; } elseif (!empty($content['text']['plain'])) { $content = $content['text']['plain']; } $data .= "\n==CONTENT==\n{$content}"; return CMbSecurity::hash(CMbSecurity::SHA256, $data); }
/** * @see parent::doStore() */ function doStore() { /** @var CUserMail $mail */ $mail = $this->_obj; $mail->date_inbox = CMbDT::dateTime(); $mail->date_read = $mail->date_inbox; $content_html = new CContentHTML(); $mail->_content = CUserMail::purifyHTML($mail->_content); $content_html->content = $mail->_content; if (!($msg = $content_html->store())) { $mail->text_html_id = $content_html->_id; $mail->_text_html = $content_html; } $content_plain = new CContentAny(); $content_plain->content = strip_tags($mail->_content); if (!($msg = $content_plain->store())) { $mail->text_plain_id = $content_plain->_id; } $hash = CMbSecurity::hash(CMbSecurity::SHA256, "==FROM==\n{$mail->from}\n==TO==\n{$mail->to}\n==SUBJECT==\n{$mail->subject}\n==CONTENT==\n{$mail->_content}"); if ($msg = $mail->store()) { CAppUI::setMsg($msg, UI_MSG_ERROR); return parent::doStore(); } $action = CValue::post('action'); switch ($action) { case 'draft': $mail->draft = '1'; CAppUI::setMsg('CUserMail-msg-drafted', UI_MSG_OK); break; case 'send': $mail->sent = '1'; $mail->draft = '0'; $account = $mail->loadAccount(); if ($mail->_is_apicrypt) { /** @var CSourceSMTP $smtp */ $smtp = CExchangeSource::get("mediuser-{$account->object_id}-apicrypt", 'smtp'); } else { /** @var CSourceSMTP $smtp */ $smtp = CExchangeSource::get("mediuser-{$account->object_id}", 'smtp'); } $smtp->init(); foreach (explode(',', $mail->to) as $_address) { $smtp->addTo($_address); } if ($mail->cc != '') { foreach (explode(',', $mail->cc) as $_address) { $smtp->addCc($_address); } } if ($mail->bcc != '') { foreach (explode(',', $mail->bcc) as $_address) { $smtp->addBcc($_address); } } $smtp->setSubject($mail->subject); if ($mail->_is_apicrypt) { $receiver = explode(',', $mail->to); $body = CApicrypt::encryptBody($account->object_id, $receiver[0], $mail->_content); $smtp->setBody($body); } else { $smtp->setBody($mail->_content); } /** @var CMailAttachments[] $attachments */ $attachments = $mail->loadAttachments(); foreach ($attachments as $_attachment) { $file = $_attachment->loadFiles(); $smtp->addAttachment($file->_file_path, $file->file_name); } try { $smtp->send(); CAppUI::setMsg('CUserMail-msg-sent', UI_MSG_OK); } catch (phpmailerException $e) { CAppUI::setMsg($e->errorMessage(), UI_MSG_ERROR); } catch (CMbException $e) { $e->stepAjax(); } break; default: } $mail->store(); if (CAppUI::isMsgOK() && $this->redirectStore) { $this->redirect =& $this->redirectStore; } if (!CAppUI::isMsgOK() && $this->redirectError) { $this->redirect =& $this->redirectError; } }
/** * Déchiffrement d'un mot de passe * * @param string $passphrase Phrase de passe à appliquer * * @return string */ function getPassword($passphrase = null) { if (!$passphrase) { $passphrase = CValue::sessionAbs("passphrase"); } return CMbSecurity::decrypt(CMbSecurity::AES, CMbSecurity::CTR, $passphrase, $this->password, $this->iv); }
/** * Return the certificate to array format * * @return String[] */ function getCertificateToArray() { return CMbSecurity::getInformationCertificate($this->certificate); }