public function loadKeePass($userId, $path, $pass)
{
$arr = array();
KeePassPHP::init(true);
$key = new CompositeKey();
$key->addKey(new KeyFromPassword(utf8_encode($pass)));
$kdbx = new KdbxImporter($path, $key);
$entries = $kdbx->parseEntries();
foreach ($entries as $entry => $value) {
//$creationDate;
//$creationTime;
list($creationDate, $creationTime) = split($value['CreationTime'] . '[TZ]', 2);
$array = array("id" => 4, "user_id" => $userId, "loginname" => $value['UserName'], "website" => $value['Title'], "address" => "", "pass" => $kdbx->getPassword($entry), "notes" => $value['Notes'], "creation_date" => $value['CreationTime']);
array_push($arr, $array);
}
return $arr;
}
/**
* Tries to parse the given string $xmlsource, assumed to be data formatted
* in XML, with the format of a KeePass 2.x database. Returns true
* if the parsing succeeds, or false otherwise ; in case of success,
* the attribute $this->entries will contain the result of the parsing,
* as an array of entries.
* @param string $xmlsource
* @return boolean
*/
private function tryXMLParse($xmlsource)
{
$xml = new XMLStackReader();
if (!$xml->XML($xmlsource)) {
$xml->close();
return false;
}
if (!$xml->read() || $xml->r->name != self::XML_FILEROOT) {
$xml->close();
return false;
}
$expectedParentsMeta = array(self::XML_FILEROOT, self::XML_META);
if (!$xml->readUntilParentsBe($expectedParentsMeta)) {
$xml->close();
return false;
}
$isHeaderChecked = false;
$d = $xml->r->depth;
while ($xml->isInSubtree($d)) {
if ($xml->r->name == self::XML_HEADERHASH) {
$hash = base64_decode($this->readTextValueFromXML($xml));
if (strcmp($hash, $this->header->headerHash) != 0) {
KeePassPHP::printDebug("Bad HeaderHash !");
}
$isHeaderChecked = true;
} elseif ($xml->r->name == self::XML_CUSTOMICONS) {
foreach ($xml->readInnerXML($xml->r->depth) as $icon) {
$uuid = null;
$data = null;
if ($icon[XMLStackReader::NODENAME] == self::XML_ICON && $this->tryReadTextValueFromArray($icon[XMLStackReader::INNER], self::XML_UUID, $uuid) && $this->tryReadTextValueFromArray($icon[XMLStackReader::INNER], self::XML_ICON_DATA, $data)) {
$this->icons->addIcon($uuid, $data);
}
}
}
}
if (!$isHeaderChecked) {
KeePassPHP::printDebug("Did not found HeaderHash text node...");
}
$this->rawEntries = array();
$expectedParents = array(self::XML_GROUP, self::XML_ENTRY);
while ($xml->readUntilParentsBe($expectedParents)) {
$entry = array();
$d = $xml->r->depth;
while ($xml->isInSubtree($d)) {
if ($xml->r->name == self::XML_UUID) {
$entry[self::XML_UUID] = bin2hex(base64_decode($this->readTextValueFromXML($xml)));
} elseif ($xml->r->name == self::XML_CUSTOMICONUUID) {
$entry[self::XML_CUSTOMICONUUID] = $this->readTextValueFromXML($xml);
} elseif ($xml->r->name == self::XML_TAGS) {
$entry[self::XML_TAGS] = $this->readTextValueFromXML($xml);
} elseif ($xml->r->name == self::XML_TIMES) {
$value = null;
$isHistory = $xml->isAncestor(self::XML_HISTORY);
$inner = $xml->readInnerXML($xml->r->depth);
if ($this->tryReadTextValueFromArray($inner, self::XML_CREATION_TIME, $value)) {
if ($value != null && !$isHistory) {
$entry[self::XML_CREATION_TIME] = $value;
}
}
} elseif ($xml->r->name == self::XML_STRING) {
$key = null;
$value = null;
$isHistory = $xml->isAncestor(self::XML_HISTORY);
$inner = $xml->readInnerXML($xml->r->depth);
if ($this->tryReadTextValueFromArray($inner, self::XML_STRING_VALUE, $value) && $this->tryReadTextValueFromArray($inner, self::XML_STRING_KEY, $key)) {
if ($key != null && $value != null && !$isHistory) {
$entry[$key] = $value;
}
}
}
}
if (count($entry) > 0) {
array_push($this->rawEntries, $entry);
}
}
$xml->close();
return true;
}
private function readBlock()
{
if (!$this->canRead()) {
return false;
}
$bl = $this->base->readInt();
if (!$bl->equalsInt($this->currentIndex)) {
return false;
}
$this->currentIndex++;
$hash = $this->base->read(32);
if ($hash == null || strlen($hash) != 32) {
return false;
}
// Won't work if $blockSize is bigger than 2**31
$blockSize = $this->base->readInt()->asInt();
if ($blockSize <= 0) {
return false;
}
$block = $this->base->read($blockSize);
if ($block == null || strlen($block) != $blockSize) {
return false;
}
if ($this->verify && strcmp($hash, $this->h->hash($block)) != 0) {
KeePassPHP::printDebug("Corrupted data !");
return false;
}
$this->currentBlock = $block;
$this->currentSize = $blockSize;
$this->currentPos = 0;
return true;
}
/**
* Tries to add the database $kdbxfile to KeePassPHP, using the ID $dbid,
* the internal password $internalpwd, and the master key composed of the
* keys $keys. If the ID already exists, the corresponding database will
* be overriden.
* $kdbxfile should be the temporary filename of the file, as just uploaded
* by PHP. KeePassPHP will perform itself move_uploaded_file. Likewise, the
* key filenames in $keys should be the temporary filenames as just uploaded
* by PHP, and will be moved by KeePassPHP.
* The internal password is used to encrypt the internal data kept by
* KeePassPHP, whereas the passwords in $keys are used to build the master
* key to decrypt the KeePass database file. The internal password may be
* part of the master key (this is even recommended for the sake of
* simplicity).
* @param string $kdbxfile The temporary filename of the KeePass database.
* @param string $dbid The ID to use.
* @param string $internalpwd The internal password.
* @param array $keys The keys composing the master key of the database.
* @return boolean Returns true in case of success, false otherwise.
*/
public static function tryAdd($kdbxfile, $dbid, $internalpwd, array $keys)
{
if (!self::$started) {
self::raiseError("KeepassPHP is not started !");
return false;
}
$nkeys = array();
foreach ($keys as $k) {
if ($k[0] == self::KEY_PWD) {
$nkeys[] = array(self::KEY_PWD);
} elseif ($k[0] == self::KEY_FILE) {
$h = KeePassPHP::addKeyFile($k[1]);
if ($h == null) {
self::raiseError("Key file upload failed.");
return false;
}
$nkeys[] = array(KeePassPHP::KEY_FILE, $h);
}
}
$hashname = KeePassPHP::addKdbxFile($kdbxfile);
if ($hashname == null) {
self::raiseError("Database file upload failed.");
return false;
}
if (KeePassPHP::addInternal($dbid, $internalpwd, $hashname, $nkeys, array(), true) == null) {
self::raiseError("Internal database write failed.");
return false;
}
return true;
}
$otherPwd = KphpUI::getString("openPwd1", $_POST);
$ui = new AjaxUI(AjaxUI::FAIL);
if (strlen($dbid) == 0) {
$ui->setResult(AjaxUI::SOMETHING_EMPTY);
$ui->setHTML("dbid");
} elseif (strlen($pwd) == 0) {
$ui->setResult(AjaxUI::SOMETHING_EMPTY);
$ui->setHTML("mainPwd");
} elseif (!$usePwdForCK && strlen($otherPwd) == 0) {
$ui->setResult(AjaxUI::SOMETHING_EMPTY);
$ui->setHTML("openPwd1");
} else {
require_once KEEPASSPHP_LOCATION;
KeePassPHP::init(KEEPASSPHP_DEBUG);
if (KeePassPHP::exists($dbid)) {
$db = KeePassPHP::get($dbid, $pwd, $usePwdForCK ? $pwd : $otherPwd);
if ($db != null && $db->tryLoad()) {
require_once "kphpui/htmlformat.php";
if ($isPwd) {
$pwd = $db->getPassword($uuid);
if ($pwd != null) {
$ui->setResult(AjaxUI::SUCCESS);
$ui->addHTML(HTMLFormat::formatPassword($pwd));
} else {
$ui->setResult(AjaxUI::PASSWORD_NOT_FOUND);
$ui->addHTML(HTMLFormat::PASSWORD_NOT_FOUND);
}
} else {
$ui->setResult(AjaxUI::SUCCESS);
$ui->addHTML(HTMLFormat::formatEntries($db));
}
}
if (!$ui->isSomethingEmpty) {
require_once KEEPASSPHP_LOCATION;
KeePassPHP::init(KEEPASSPHP_DEBUG);
if (!KeePassPHP::exists($dbid) || KeePassPHP::checkPassword($dbid, $mainPwd)) {
$keys = $usePwdForCK ? array(array(KeePassPHP::KEY_PWD, $mainPwd)) : array();
if ($pwd1 != '') {
$keys[] = array(KeePassPHP::KEY_PWD, $pwd1);
}
if ($keyfile != null) {
if (($keyfile = checkFile("addFile1", $keyfile, $ui)) != null) {
$keys[] = array(KeePassPHP::KEY_FILE, $keyfile);
}
}
if (KeePassPHP::checkKeys($kdbxFile, $keys)) {
if (KeePassPHP::tryAdd($kdbxFile, $dbid, $mainPwd, $keys)) {
$ui->addSuccess = true;
}
} else {
if ($usePwdForCK) {
$ui->setIfEmpty("addMainPwd", MainUI::HI_BADPWD, "error");
}
if ($pwd1 != "") {
$ui->setIfEmpty("addPwd1", MainUI::HI_BADPWD, "error");
}
if ($keyfile != null) {
$ui->setIfEmpty("addFile1", MainUI::HI_BADPWD, "error");
}
}
} else {
$ui->setIfEmpty("addDbid", MainUI::HI_IDEXISTS, "error");
$answer = new AjaxAnswer();
$dbid = KPHPUI::getPost("dbid");
$mainPwd = KPHPUI::getPost("main_pwd");
$usePwdInKey = KPHPUI::getPost("use_pwd_in_key") == "true";
$otherPwd = KPHPUI::getPost("open_other_pwd");
if (empty($dbid)) {
$answer->set(AjaxAnswer::SOMETHING_EMPTY, "dbid");
} elseif (empty($mainPwd)) {
$answer->set(AjaxAnswer::SOMETHING_EMPTY, "main_pwd");
} elseif (!$usePwdInKey && empty($otherPwd)) {
$answer->set(AjaxAnswer::SOMETHING_EMPTY, "open_other_pwd");
} else {
require_once KEEPASSPHP_LOCATION;
KeePassPHP::init(dirname(KEEPASSPHP_LOCATION), KEEPASSPHP_DEBUG);
if (KeePassPHP::exists($dbid)) {
$db = KeePassPHP::get($dbid, $mainPwd, $usePwdInKey ? $mainPwd : $otherPwd);
if ($db != null) {
$uuid = KPHPUI::getPost("uuid");
if (!empty($uuid)) {
$pwd = $db->getPassword($uuid);
if ($pwd != null) {
$answer->set(AjaxAnswer::SUCCESS, '<input type="text" class="verysmall selectOnFocus form-control" value="' . KPHPUI::htmlify($pwd) . '" style="font-size:3px !important;"/>');
} else {
$answer->set(AjaxAnswer::PASSWORD_NOT_FOUND, '<span class="label label-danger">' . KPHPUI::l(KPHPUI::LANG_SEE_PWD_DOES_NOT_EXIST) . '</span>');
}
} else {
$s = '<table class="table table-hover form-inline"><thead><tr><th> </th><th>' . KPHPUI::l(KPHPUI::LANG_SEE_ENTRY_TITLE) . '</th><th>' . KPHPUI::l(KPHPUI::LANG_SEE_ENTRY_URL) . '</th><th>' . KPHPUI::l(KPHPUI::LANG_SEE_ENTRY_USERNAME) . '</th><th>' . KPHPUI::l(KPHPUI::LANG_SEE_ENTRY_PASSWORD) . '</th></tr></thead><tbody>';
foreach ($db->getEntries() as $uuid => $entry) {
$icon = $entry[Database::KEY_CUSTOMICON];
if (!empty($icon)) {
$icon = $db->getIconSrc($icon);
public function parse(Reader $reader)
{
$dreader = new DigestReader($reader);
$sig1 = $dreader->readInt();
$sig2 = $dreader->readInt();
if (!$sig1->equalsString(self::SIGNATURE1) || !$sig2->equalsString(self::SIGNATURE2)) {
KeePassPHP::printDebug("Bad database file !");
return false;
}
$version = $dreader->readInt();
if ($version->lsr(2)->asShort() < self::MINIMAL_VERSION) {
KeePassPHP::printDebug("Database version not supported !");
return false;
}
$ended = false;
while (!$ended) {
$headerId = $dreader->readByte()->asByte();
$headerLen = $dreader->readShort()->asShort();
$header = $dreader->read($headerLen);
/*
* end of header
*/
if ($headerId == 0) {
$ended = true;
} elseif ($headerId == 1) {
} elseif ($headerId == 2) {
if (strcmp($header, self::CIPHER_AES) == 0) {
$this->cipher = new CipherMcrypt(CipherMcrypt::AES128);
}
} elseif ($headerId == 3) {
$res = Binary::fromString($header)->asInt();
if ($res == 0) {
$this->compression = self::COMPRESSION_NONE;
} elseif ($res == 1) {
$this->compression = self::COMPRESSION_GZIP;
}
} elseif ($headerId == 4) {
if (strlen($header) == self::SEED_LEN) {
$this->masterSeed = $header;
}
} elseif ($headerId == 5) {
if (strlen($header) == self::SEED_LEN) {
$this->transformSeed = $header;
}
} elseif ($headerId == 6) {
$this->rounds = Binary::fromString($header, $headerLen);
} elseif ($headerId == 7) {
$this->encryptionIV = $header;
} elseif ($headerId == 8) {
$this->randomStreamKey = $header;
} elseif ($headerId == 9) {
if (strlen($header) == self::STARTBYTES_LEN) {
$this->startBytes = $header;
}
} elseif ($headerId == 10) {
$res = Binary::fromString($header)->asInt();
/*if($res == 1) // unsuported
$this->innerRandomStream= self::INNER_RANDOM_ARC4;
else*/
if ($res == 2) {
$this->innerRandomStream = self::INNER_RANDOM_SALSA20;
}
}
}
$this->headerHash = $dreader->GetDigest();
}
