/**
* Show accounts associated to an item
*
* @since version 0.84
*
* @param $item CommonDBTM object for which associated accounts must be displayed
* @param $withtemplate (default '')
**/
static function showForItem(CommonDBTM $item, $withtemplate = '')
{
global $DB, $CFG_GLPI;
$ID = $item->getField('id');
if ($item->isNewID($ID)) {
return false;
}
if (!plugin_accounts_haveRight('accounts', 'r')) {
return false;
}
if (!$item->can($item->fields['id'], 'r')) {
return false;
}
if (empty($withtemplate)) {
$withtemplate = 0;
}
$canedit = $item->canadditem('PluginAccountsAccount');
$rand = mt_rand();
$is_recursive = $item->isRecursive();
$who = Session::getLoginUserID();
if (count($_SESSION["glpigroups"]) && plugin_accounts_haveRight("my_groups", "r")) {
$first_groups = true;
$groups = "";
foreach ($_SESSION['glpigroups'] as $val) {
if (!$first_groups) {
$groups .= ",";
} else {
$first_groups = false;
}
$groups .= "'" . $val . "'";
}
$ASSIGN = "( `groups_id` IN ({$groups}) OR `users_id` = '{$who}') ";
} else {
// Only personal ones
$ASSIGN = " `users_id` = '{$who}' ";
}
$query = "SELECT `glpi_plugin_accounts_accounts_items`.`id` AS assocID,\n `glpi_entities`.`id` AS entity,\n `glpi_plugin_accounts_accounts`.`name` AS assocName,\n `glpi_plugin_accounts_accounts`.*\n FROM `glpi_plugin_accounts_accounts_items`\n LEFT JOIN `glpi_plugin_accounts_accounts`\n ON (`glpi_plugin_accounts_accounts_items`.`plugin_accounts_accounts_id`=`glpi_plugin_accounts_accounts`.`id`)\n LEFT JOIN `glpi_entities` ON (`glpi_plugin_accounts_accounts`.`entities_id`=`glpi_entities`.`id`)\n WHERE `glpi_plugin_accounts_accounts_items`.`items_id` = '{$ID}'\n AND `glpi_plugin_accounts_accounts_items`.`itemtype` = '" . $item->getType() . "' ";
$query .= getEntitiesRestrictRequest(" AND", "glpi_plugin_accounts_accounts", '', '', true);
if (!plugin_accounts_haveRight("all_users", "r")) {
$query .= " AND {$ASSIGN} ";
}
$query .= " ORDER BY `assocName`";
$result = $DB->query($query);
$number = $DB->numrows($result);
$i = 0;
$accounts = array();
$account = new PluginAccountsAccount();
$used = array();
if ($numrows = $DB->numrows($result)) {
while ($data = $DB->fetch_assoc($result)) {
$accounts[$data['assocID']] = $data;
$used[$data['id']] = $data['id'];
}
}
if ($canedit && $withtemplate < 2) {
// Restrict entity for knowbase
$entities = "";
$entity = $_SESSION["glpiactive_entity"];
if ($item->isEntityAssign()) {
/// Case of personal items : entity = -1 : create on active entity (Reminder case))
if ($item->getEntityID() >= 0) {
$entity = $item->getEntityID();
}
if ($item->isRecursive()) {
$entities = getSonsOf('glpi_entities', $entity);
} else {
$entities = $entity;
}
}
$limit = getEntitiesRestrictRequest(" AND ", "glpi_plugin_accounts_accounts", '', $entities, true);
$q = "SELECT COUNT(*)\n FROM `glpi_plugin_accounts_accounts`\n WHERE `is_deleted` = '0'\n {$limit}";
$result = $DB->query($q);
$nb = $DB->result($result, 0, 0);
echo "<div class='firstbloc'>";
if (plugin_accounts_haveRight('accounts', 'r') && $nb > count($used)) {
echo "<form name='account_form{$rand}' id='account_form{$rand}' method='post'\n action='" . Toolbox::getItemTypeFormURL('PluginAccountsAccount') . "'>";
echo "<table class='tab_cadre_fixe'>";
echo "<tr class='tab_bg_1'>";
echo "<td colspan='4' class='center'>";
echo "<input type='hidden' name='entities_id' value='{$entity}'>";
echo "<input type='hidden' name='is_recursive' value='{$is_recursive}'>";
echo "<input type='hidden' name='itemtype' value='" . $item->getType() . "'>";
echo "<input type='hidden' name='items_id' value='{$ID}'>";
if ($item->getType() == 'Ticket') {
echo "<input type='hidden' name='tickets_id' value='{$ID}'>";
}
$account->dropdownAccounts("plugin_accounts_accounts_id", $entities, $used);
echo "</td><td class='center' width='20%'>";
echo "<input type='submit' name='additem' value=\"" . _sx('button', 'Associate a account', 'accounts') . "\" class='submit'>";
echo "</td>";
echo "</tr>";
echo "</table>";
Html::closeForm();
}
echo "</div>";
}
echo "<div class='spaced'>";
if ($canedit && $number && $withtemplate < 2) {
Html::openMassiveActionsForm('mass' . __CLASS__ . $rand);
$massiveactionparams = array('num_displayed' => $number);
Html::showMassiveActions(__CLASS__, $massiveactionparams);
}
echo "<table class='tab_cadre_fixe'>";
if (Session::isMultiEntitiesMode()) {
$colsup = 1;
} else {
$colsup = 0;
}
//hash
$hashclass = new PluginAccountsHash();
$hash = 0;
$restrict = getEntitiesRestrictRequest(" ", "glpi_plugin_accounts_hashes", '', $item->getEntityID(), $hashclass->maybeRecursive());
$hashes = getAllDatasFromTable("glpi_plugin_accounts_hashes", $restrict);
if (!empty($hashes)) {
foreach ($hashes as $hashe) {
$hash = $hashe["hash"];
$hash_id = $hashe["id"];
}
$alert = '';
} else {
$alert = __('There is no encryption key for this entity', 'accounts');
}
$aeskey = new PluginAccountsAesKey();
if ($hash) {
if (!$aeskey->getFromDBByHash($hash_id) || !$aeskey->fields["name"]) {
echo "<tr><th colspan='" . (8 + $colsup) . "'>";
_e('Encryption key', 'accounts');
echo "<input type='password' name='aescrypted_key' id= 'aescrypted_key' autocomplete='off'>";
echo "</th></tr>";
}
} else {
echo "<tr><th colspan='" . (8 + $colsup) . "'>";
echo __('Encryption key', 'accounts') . "<div class='red'>";
echo $alert;
echo "</div>";
echo "</th></tr>";
}
echo "<tr>";
if ($canedit && $number && $withtemplate < 2) {
echo "<th width='10'>" . Html::getCheckAllAsCheckbox('mass' . __CLASS__ . $rand) . "</th>";
}
echo "<th>" . __('Name') . "</th>";
if (Session::isMultiEntitiesMode()) {
echo "<th>" . __('Entity') . "</th>";
}
echo "<th>" . __('Login') . "</th>";
echo "<th>" . __('Password') . "</th>";
echo "<th>" . __('Affected User', 'accounts') . "</th>";
echo "<th>" . __('Type') . "</th>";
echo "<th>" . __('Creation date') . "</th>";
echo "<th>" . __('Expiration date') . "</th>";
echo "</tr>";
$used = array();
if ($number) {
Session::initNavigateListItems('PluginAccountsAccount', sprintf(__('%1$s = %2$s'), $item->getTypeName(1), $item->getName()));
foreach ($accounts as $data) {
$accountID = $data["id"];
$link = NOT_AVAILABLE;
if ($account->getFromDB($accountID)) {
$link = $account->getLink();
}
Session::addToNavigateListItems('PluginAccountsAccount', $accountID);
$used[$accountID] = $accountID;
$assocID = $data["assocID"];
echo "<tr class='tab_bg_1" . ($data["is_deleted"] ? "_2" : "") . "'>";
if ($canedit && $withtemplate < 2) {
echo "<td width='10'>";
Html::showMassiveActionCheckBox(__CLASS__, $data["assocID"]);
echo "</td>";
}
echo "<td class='center'>{$link}</td>";
if (Session::isMultiEntitiesMode()) {
echo "<td class='center'>" . Dropdown::getDropdownName("glpi_entities", $data['entities_id']) . "</td>";
}
echo "<td class='center'>" . $data["login"] . "</td>";
echo "<td class='center'>";
//hash
if (isset($hash_id) && $aeskey->getFromDBByHash($hash_id) && $aeskey->fields["name"]) {
echo "<input type='hidden' name='aeskey' id= 'aeskey'\n value='" . $aeskey->fields["name"] . "' class='' autocomplete='off'>";
echo "<input type='hidden' autocomplete='off'\n name='encrypted_password\${$accountID}' value='" . $data["encrypted_password"] . "'>";
echo "<input type='text' name='hidden_password\${$accountID}' value='' size='30' >";
echo "<script language='javascript'>\n var good_hash=\"{$hash}\";\n var hash=SHA256(SHA256(document.getElementById(\"aeskey\").value));\n if (hash != good_hash) {\n document.getElementsByName(\"hidden_password\${$accountID}\").\n item(0).value=\"" . __s('Wrong encryption key', 'accounts') . "\";\n } else {\n document.getElementsByName(\"hidden_password\${$accountID}\").\n item(0).value=AESDecryptCtr(document.getElementsByName(\"encrypted_password\${$accountID}\").\n item(0).value,SHA256(document.getElementById(\"aeskey\").value), 256)};</script>";
} else {
$url = $CFG_GLPI["root_doc"] . "/plugins/accounts/front/account.form.php";
echo " <input type='button' id='decrypte_link{$accountID}' name='decrypte' value='" . __s('Uncrypt', 'accounts') . "'\n class='submit' onclick='return false;'>";
echo "<script type='text/javascript'>\n Ext.get('decrypte_link{$accountID}').on('click', function () {\n\n Ext.Ajax.request({\n url: '../plugins/accounts/ajax/get_new_crsf_token.php',\n success: function(response, opts) {\n var token = response.responseText;\n Ext.select('#account_form input[name=_glpi_csrf_token]')\n .set({'value': token});\n\n },\n failure: function(response, opts) {\n console.log('server-side failure with status code ' + response.status);\n }\n });\n\n var good_hash=\"{$hash}\";\n var hash=SHA256(SHA256(document.getElementById(\"aescrypted_key\").value));\n if (hash != good_hash) {\n alert(\"" . __('Wrong encryption key', 'accounts') . "\");\n return false;\n };\n alert(AESDecryptCtr(\"" . $data['encrypted_password'] . "\",\n SHA256(document.getElementById(\"aescrypted_key\").value),\n 256));\n\n callAjax(\"{$url}\",\n \"{$accountID}\" ,\n document.getElementsByName(\"name\").item(0).value,\n document.getElementsByName(\"_glpi_csrf_token\").item(0).value);\n\n });\n </script>";
}
echo "</td>";
echo "<td class='center'>";
echo getUsername($data["users_id"]);
echo "</td>";
echo "<td class='center'>";
echo Dropdown::getDropdownName("glpi_plugin_accounts_accounttypes", $data["plugin_accounts_accounttypes_id"]);
echo "</td>";
echo "<td class='center'>" . Html::convdate($data["date_creation"]) . "</td>";
if ($data["date_expiration"] <= date('Y-m-d') && !empty($data["date_expiration"])) {
echo "<td class='center'>";
echo "<div class='deleted'>" . Html::convdate($data["date_expiration"]) . "</div>";
echo "</td>";
} else {
if (empty($data["date_expiration"])) {
echo "<td class='center'>" . __('Don\'t expire', 'accounts') . "</td>";
} else {
echo "<td class='center'>" . Html::convdate($data["date_expiration"]) . "</td>";
}
}
echo "</tr>";
$i++;
}
}
echo "</table>";
if ($canedit && $number && $withtemplate < 2) {
$massiveactionparams['ontop'] = false;
Html::showMassiveActions(__CLASS__, $massiveactionparams);
Html::closeForm();
}
echo "</div>";
}
/**
* Print the acccount form
*
* @param $ID integer ID of the item
* @param $options array
* - target for the Form
* - withtemplate template or basic computer
*
* @return Nothing (display)
**/
public function showForm($ID, $options = array())
{
if (!$this->canView()) {
return false;
}
$hashclass = new PluginAccountsHash();
$restrict = getEntitiesRestrictRequest(" ", "glpi_plugin_accounts_hashes", '', '', $hashclass->maybeRecursive());
if ($ID < 1 && countElementsInTable("glpi_plugin_accounts_hashes", $restrict) == 0) {
echo "<div class='center'>" . __('There is no encryption key for this entity', 'accounts') . "<br><br>";
echo "<a href='" . Toolbox::getItemTypeSearchURL('PluginAccountsAccount') . "'>";
_e('Back');
echo "</a></div>";
return false;
}
/*
if ($ID > 0) {
$this->check($ID, READ);
if (!Session::haveRight("plugin_accounts_see_all_users", 1)) {
$access = 0;
if (Session::haveRight("plugin_accounts_my_groups", 1)) {
if ($this->fields["groups_id"]) {
if (count($_SESSION['glpigroups'])
&& in_array($this->fields["groups_id"], $_SESSION['glpigroups'])
) {
$access = 1;
}
}
if ($this->fields["users_id"]) {
if ($this->fields["users_id"] == Session::getLoginUserID())
$access = 1;
}
}
if (!Session::haveRight("plugin_accounts_my_groups", 1)
&& $this->fields["users_id"] == Session::getLoginUserID()
)
$access = 1;
if ($access != 1)
return false;
}
} else {
// Create item
$this->check(-1, UPDATE);
$this->getEmpty();
}
*/
$options["formoptions"] = "id = 'account_form'";
$this->initForm($ID, $options);
$this->showFormHeader($options);
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Name') . "</td>";
echo "<td>";
Html::autocompletionTextField($this, "name");
echo "</td>";
echo "<td>" . __('Status') . "</td><td>";
Dropdown::show('PluginAccountsAccountState', array('value' => $this->fields["plugin_accounts_accountstates_id"]));
echo "</td>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Login') . "</td>";
echo "<td>";
Html::autocompletionTextField($this, "login");
echo "</td>";
echo "<td>" . __('Type') . "</td><td>";
Dropdown::show('PluginAccountsAccountType', array('value' => $this->fields["plugin_accounts_accounttypes_id"]));
echo "</td>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
//hash
$hash = 0;
$restrict = getEntitiesRestrictRequest(" ", "glpi_plugin_accounts_hashes", '', $this->getEntityID(), $hashclass->maybeRecursive());
$hashes = getAllDatasFromTable("glpi_plugin_accounts_hashes", $restrict);
if (!empty($hashes)) {
foreach ($hashes as $hashe) {
$hash = $hashe["hash"];
$hash_id = $hashe["id"];
}
$alert = '';
} else {
$alert = __('There is no encryption key for this entity', 'accounts');
}
$aeskey = new PluginAccountsAesKey();
//aeskey non enregistre
if ($hash) {
if (!$aeskey->getFromDBByHash($hash_id) || !$aeskey->fields["name"]) {
echo "<td>" . __('Encryption key', 'accounts') . "</div></td><td>";
echo "<input type='password' autocomplete='off' name='aeskey' id='aeskey'>";
echo Html::hidden('encrypted_password', array('value' => $this->fields["encrypted_password"], 'id' => 'encrypted_password'));
echo Html::hidden('good_hash', array('value' => $hash, 'id' => 'good_hash'));
echo Html::hidden('wrong_key_locale', array('value' => __('Wrong encryption key', 'accounts'), 'id' => 'wrong_key_locale'));
if (!empty($ID) || $ID > 0) {
$url = $this->getFormURL();
echo " <input type='button' id='decrypte_link' name='decrypte' value='" . __s('Uncrypt', 'accounts') . "'\n class='submit'>";
}
echo "</td>";
} else {
echo "<td></td><td>";
echo "</td>";
}
} else {
echo "<td>" . __('Encryption key', 'accounts') . "</div></td><td><div class='red'>";
echo $alert;
echo "</div></td>";
}
if ($_SESSION['glpiactiveprofile']['interface'] == 'central') {
echo "<td>" . __('Affected User', 'accounts') . "</td><td>";
if ($this->canCreate()) {
User::dropdown(array('value' => $this->fields["users_id"], 'entity' => $this->fields["entities_id"], 'right' => 'all'));
} else {
echo getUserName($this->fields["users_id"]);
}
echo "</td>";
} else {
echo "<td>" . __('Affected User', 'accounts') . "</td><td>";
echo getUserName($this->fields["users_id"]);
echo "</td>";
}
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Password') . "</td>";
echo "<td>";
//aeskey enregistre
if (isset($hash_id) && $aeskey->getFromDBByHash($hash_id) && $aeskey->fields["name"]) {
echo Html::hidden('good_hash', array('value' => $hash, 'id' => 'good_hash'));
echo Html::hidden('aeskey', array('value' => $aeskey->fields["name"], 'id' => 'aeskey', 'autocomplete' => 'off'));
echo Html::hidden('encrypted_password', array('value' => $this->fields["encrypted_password"], 'id' => 'encrypted_password'));
echo Html::hidden('wrong_key_locale', array('value' => __('Wrong encryption key', 'accounts'), 'id' => 'wrong_key_locale'));
echo Html::scriptBlock("auto_decrypt();");
}
echo "<input type='text' name='hidden_password' id='hidden_password' size='30' >";
echo "</td>";
if ($_SESSION['glpiactiveprofile']['interface'] == 'central') {
echo "<td>" . __('Affected Group', 'accounts') . "</td><td>";
if (self::canCreate()) {
Dropdown::show('Group', array('value' => $this->fields["groups_id"], 'condition' => '`is_itemgroup`'));
} else {
echo Dropdown::getDropdownName("glpi_groups", $this->fields["groups_id"]);
}
echo "</td>";
} else {
echo "<td>" . __('Affected Group', 'accounts') . ":\t</td><td>";
echo Dropdown::getDropdownName("glpi_groups", $this->fields["groups_id"]);
echo "</td>";
}
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Creation date') . "</td>";
echo "<td>";
Html::showDateFormItem("date_creation", $this->fields["date_creation"], true, true);
echo "</td>";
echo "<td>" . __('Technician in charge of the hardware') . "</td>";
echo "<td>";
User::dropdown(array('name' => "users_id_tech", 'value' => $this->fields["users_id_tech"], 'entity' => $this->fields["entities_id"], 'right' => 'interface'));
echo "</td>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Expiration date') . " ";
Html::showToolTip(nl2br(__('Empty for infinite', 'accounts')));
echo "</td>";
echo "<td>";
Html::showDateFormItem("date_expiration", $this->fields["date_expiration"], true, true);
echo "</td>";
echo "<td>" . __('Group in charge of the hardware') . "</td><td>";
Group::dropdown(array('name' => 'groups_id_tech', 'value' => $this->fields['groups_id_tech'], 'condition' => '`is_assign`'));
echo "</td>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Others') . "</td>";
echo "<td>";
Html::autocompletionTextField($this, "others");
echo "</td>";
echo "<td>" . __('Location') . "</td><td>";
Location::dropdown(array('value' => $this->fields["locations_id"], 'entity' => $this->fields["entities_id"]));
echo "</td>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td colspan = '4'>";
echo "<table cellpadding='2' cellspacing='2' border='0'><tr><td>";
echo __('Comments') . "</td></tr>";
echo "<tr><td class='center'>";
echo "<textarea cols='125' rows='3' name='comment'>" . $this->fields["comment"] . "</textarea>";
echo "</td></tr></table>";
echo "</td>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Associable to a ticket') . "</td><td>";
Dropdown::showYesNo('is_helpdesk_visible', $this->fields['is_helpdesk_visible']);
echo "</td>";
echo "<td colspan='2'>";
printf(__('Last update on %s'), Html::convDateTime($this->fields["date_mod"]));
echo "</td>";
echo "</tr>";
if (self::canCreate()) {
if (empty($ID) || $ID < 0) {
echo "<tr>";
echo "<td class='tab_bg_2 top' colspan='4'>";
echo "<div align='center'>";
echo "<input type='submit' name='add' id='account_add' value='" . _sx('button', 'Add') . "' class='submit'>";
echo "</div>";
echo Html::scriptBlock("\$('#account_form').submit(function(event){\n if (\$('#hidden_password').val() == '' || \$('#aeskey').val() == '') {\n alert('" . __('You have not filled the password and encryption key', 'accounts') . "');\n return false;\n };\n if (!check_hash()) {\n alert('" . __('Wrong encryption key', 'accounts') . "');\n return false;\n } else {\n encrypt_password();\n }\n });");
echo "</td>";
echo "</tr>";
} else {
echo "<tr>";
echo "<td class='tab_bg_2' colspan='4 top'><div align='center'>";
echo "<input type='hidden' name='id' value=\"{$ID}\">";
echo "<input type='submit' name='update' id='account_update' value=\"" . _sx('button', 'Save') . "\" class='submit' >";
echo Html::scriptBlock("\$('#account_form').submit(function(event){\n if (\$('#hidden_password').val() == '' || \$('#aeskey').val() == '') {\n alert('" . __('Password will not be modified', 'accounts') . "');\n } else if (!check_hash()) {\n alert('" . __('Wrong encryption key', 'accounts') . "');\n return false;\n } else {\n encrypt_password();\n }\n });");
if ($this->fields["is_deleted"] == '0') {
echo " <input type='submit' name='delete' value=\"" . _sx('button', 'Put in dustbin') . "\" class='submit'></div>";
} else {
echo " <input type='submit' name='restore' value=\"" . _sx('button', 'Restore') . "\" class='submit'>";
echo " <input type='submit' name='purge' value=\"" . _sx('button', 'Delete permanently') . "\" class='submit'></div>";
}
echo "</td>";
echo "</tr>";
}
}
$options['canedit'] = false;
$options['candel'] = false;
$this->showFormButtons($options);
Html::closeForm();
return true;
}
public static function updateHash($oldaeskey, $newaeskey, $hash_id)
{
global $DB;
$self = new self();
$self->getFromDB($hash_id);
$entities = getSonsOf('glpi_entities', $self->fields['entities_id']);
$account = new PluginAccountsAccount();
$aeskey = new PluginAccountsAesKey();
$oldhash = hash("sha256", $oldaeskey);
$newhash = hash("sha256", $newaeskey);
$newhashstore = hash("sha256", $newhash);
// uncrypt passwords for update
$query_ = "SELECT *\n FROM `glpi_plugin_accounts_accounts`\n WHERE ";
$query_ .= getEntitiesRestrictRequest(" ", "glpi_plugin_accounts_accounts", '', $entities);
$result_ = $DB->query($query_);
if ($DB->numrows($result_) > 0) {
while ($data = $DB->fetch_array($result_)) {
$oldpassword = addslashes(plugin_accounts_AESDecryptCtr($data['encrypted_password'], $oldhash, 256));
$newpassword = addslashes(plugin_accounts_AESEncryptCtr($oldpassword, $newhash, 256));
$account->update(array('id' => $data["id"], 'encrypted_password' => $newpassword));
}
$self->update(array('id' => $hash_id, 'hash' => $newhashstore));
if ($aeskey->getFromDBByHash($hash_id) && isset($aeskey->fields["name"])) {
$values["id"] = $aeskey->fields["id"];
$values["name"] = $newaeskey;
$aeskey->update($values);
}
}
}
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with accounts. If not, see <http://www.gnu.org/licenses/>.
--------------------------------------------------------------------------
*/
include '../../../inc/includes.php';
if (!isset($_GET["id"])) {
$_GET["id"] = "";
}
if (!isset($_GET["plugin_accounts_hashes_id"])) {
$_GET["plugin_accounts_hashes_id"] = "";
}
Session::checkRight("config", "w");
$aeskey = new PluginAccountsAesKey();
$plugin = new plugin();
if ($plugin->isActivated("environment")) {
Html::header(PluginAccountsAccount::getTypeName(2), '', "plugins", "environment", "accounts", "hash");
} else {
Html::header(PluginAccountsAccount::getTypeName(2), '', "plugins", "accounts", "hash");
}
if (isset($_POST["add"])) {
if ($aeskey->canCreate()) {
$newID = $aeskey->add($_POST);
}
Html::back();
} else {
if (isset($_POST["update"])) {
if ($aeskey->canCreate()) {
$aeskey->update($_POST);
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with accounts. If not, see <http://www.gnu.org/licenses/>.
--------------------------------------------------------------------------
*/
include '../../../inc/includes.php';
if (!isset($_GET["id"])) {
$_GET["id"] = "";
}
if (!isset($_GET["plugin_accounts_hashes_id"])) {
$_GET["plugin_accounts_hashes_id"] = "";
}
Session::checkRight("config", UPDATE);
$aeskey = new PluginAccountsAesKey();
$plugin = new plugin();
if ($plugin->isActivated("environment")) {
Html::header(PluginAccountsAccount::getTypeName(2), '', "assets", "pluginenvironmentdisplay", "accounts", "hash");
} else {
Html::header(PluginAccountsAccount::getTypeName(2), '', "admin", "pluginaccountsmenu", "hash");
}
if (isset($_POST["add"])) {
if ($aeskey->canCreate()) {
$newID = $aeskey->add($_POST);
}
if ($_SESSION['glpibackcreated']) {
Html::redirect($aeskey->getFormURL() . "?id=" . $newID);
}
Html::back();
} else {
/**
* Show accounts associated to an item
*
* @since version 0.84
*
* @param $item CommonDBTM object for which associated accounts must be displayed
* @param $withtemplate (default '')
**/
static function showForItem(CommonDBTM $item, $withtemplate = '')
{
global $DB, $CFG_GLPI;
$ID = $item->getField('id');
if ($item->isNewID($ID)) {
return false;
}
if (!Session::haveRight("plugin_accounts", READ)) {
return false;
}
if (!$item->can($item->fields['id'], READ)) {
return false;
}
if (empty($withtemplate)) {
$withtemplate = 0;
}
$canedit = $item->canadditem('PluginAccountsAccount');
$rand = mt_rand();
$is_recursive = $item->isRecursive();
$who = Session::getLoginUserID();
if (count($_SESSION["glpigroups"]) && Session::haveRight("plugin_accounts_my_groups", 1)) {
$first_groups = true;
$groups = "";
foreach ($_SESSION['glpigroups'] as $val) {
if (!$first_groups) {
$groups .= ",";
} else {
$first_groups = false;
}
$groups .= "'" . $val . "'";
}
$ASSIGN = "( `groups_id` IN ({$groups}) OR `users_id` = '{$who}') ";
} else {
// Only personal ones
$ASSIGN = " `users_id` = '{$who}' ";
}
$query = "SELECT `glpi_plugin_accounts_accounts_items`.`id` AS assocID,\n `glpi_entities`.`id` AS entity,\n `glpi_plugin_accounts_accounts`.`name` AS assocName,\n `glpi_plugin_accounts_accounts`.*\n FROM `glpi_plugin_accounts_accounts_items`\n LEFT JOIN `glpi_plugin_accounts_accounts`\n ON (`glpi_plugin_accounts_accounts_items`.`plugin_accounts_accounts_id`=`glpi_plugin_accounts_accounts`.`id`)\n LEFT JOIN `glpi_entities` ON (`glpi_plugin_accounts_accounts`.`entities_id`=`glpi_entities`.`id`)\n WHERE `glpi_plugin_accounts_accounts_items`.`items_id` = '{$ID}'\n AND `glpi_plugin_accounts_accounts_items`.`itemtype` = '" . $item->getType() . "' ";
$query .= getEntitiesRestrictRequest(" AND", "glpi_plugin_accounts_accounts", '', '', true);
if (!Session::haveRight("plugin_accounts_see_all_users", 1)) {
$query .= " AND {$ASSIGN} ";
}
$query .= " ORDER BY `assocName`";
$result = $DB->query($query);
$number = $DB->numrows($result);
$i = 0;
$accounts = array();
$account = new PluginAccountsAccount();
$used = array();
if ($numrows = $DB->numrows($result)) {
while ($data = $DB->fetch_assoc($result)) {
$accounts[$data['assocID']] = $data;
$used[$data['id']] = $data['id'];
}
}
if ($canedit && $withtemplate < 2) {
// Restrict entity for knowbase
$entities = "";
$entity = $_SESSION["glpiactive_entity"];
if ($item->isEntityAssign()) {
/// Case of personal items : entity = -1 : create on active entity (Reminder case))
if ($item->getEntityID() >= 0) {
$entity = $item->getEntityID();
}
if ($item->isRecursive()) {
$entities = getSonsOf('glpi_entities', $entity);
} else {
$entities = $entity;
}
}
$limit = getEntitiesRestrictRequest(" AND ", "glpi_plugin_accounts_accounts", '', $entities, true);
$q = "SELECT COUNT(*)\n FROM `glpi_plugin_accounts_accounts`\n WHERE `is_deleted` = '0'\n {$limit}";
$result = $DB->query($q);
$nb = $DB->result($result, 0, 0);
echo "<div class='firstbloc'>";
if (Session::haveRight('plugin_accounts', READ) && $nb > count($used)) {
echo "<form name='account_form{$rand}' id='account_form{$rand}' method='post'\n action='" . Toolbox::getItemTypeFormURL('PluginAccountsAccount') . "'>";
echo "<table class='tab_cadre_fixe'>";
echo "<tr class='tab_bg_1'>";
echo "<td colspan='4' class='center'>";
echo "<input type='hidden' name='entities_id' value='{$entity}'>";
echo "<input type='hidden' name='is_recursive' value='{$is_recursive}'>";
echo "<input type='hidden' name='itemtype' value='" . $item->getType() . "'>";
echo "<input type='hidden' name='items_id' value='{$ID}'>";
if ($item->getType() == 'Ticket') {
echo "<input type='hidden' name='tickets_id' value='{$ID}'>";
}
PluginAccountsAccount::dropdownAccount(array('entity' => $entities, 'used' => $used));
echo "</td><td class='center' width='20%'>";
echo "<input type='submit' name='additem' value=\"" . _sx('button', 'Associate a account', 'accounts') . "\" class='submit'>";
echo "</td>";
echo "</tr>";
echo "</table>";
Html::closeForm();
}
echo "</div>";
}
echo "<div class='spaced'>";
if ($canedit && $number && $withtemplate < 2) {
Html::openMassiveActionsForm('mass' . __CLASS__ . $rand);
$massiveactionparams = array('num_displayed' => $number);
Html::showMassiveActions($massiveactionparams);
}
echo "<table class='tab_cadre_fixe'>";
if (Session::isMultiEntitiesMode()) {
$colsup = 1;
} else {
$colsup = 0;
}
//hash
$hashclass = new PluginAccountsHash();
$hash = 0;
$restrict = getEntitiesRestrictRequest(" ", "glpi_plugin_accounts_hashes", '', $item->getEntityID(), $hashclass->maybeRecursive());
$hashes = getAllDatasFromTable("glpi_plugin_accounts_hashes", $restrict);
if (!empty($hashes)) {
foreach ($hashes as $hashe) {
$hash = $hashe["hash"];
$hash_id = $hashe["id"];
}
$alert = '';
} else {
$alert = __('There is no encryption key for this entity', 'accounts');
}
$aeskey = new PluginAccountsAesKey();
echo "<tr><th colspan='" . (8 + $colsup) . "'>";
if ($hash) {
if (!$aeskey->getFromDBByHash($hash_id) || !$aeskey->fields["name"]) {
_e('Encryption key', 'accounts');
echo "<input type='password' name='aeskey' id='aeskey' autocomplete='off'>";
} else {
echo Html::hidden('aeskey', array('value' => $aeskey->fields["name"], 'id' => 'aeskey', 'autocomplete' => 'off'));
}
} else {
echo __('Encryption key', 'accounts');
echo "<div class='red'>";
echo $alert;
echo "</div>";
}
echo "<tr>";
if ($canedit && $number && $withtemplate < 2) {
echo "<th width='10'>" . Html::getCheckAllAsCheckbox('mass' . __CLASS__ . $rand) . "</th>";
}
echo "<th>" . __('Name') . "</th>";
if (Session::isMultiEntitiesMode()) {
echo "<th>" . __('Entity') . "</th>";
}
echo "<th>" . __('Login') . "</th>";
echo "<th>" . __('Password') . "</th>";
echo "<th>" . __('Affected User', 'accounts') . "</th>";
echo "<th>" . __('Type') . "</th>";
echo "<th>" . __('Creation date') . "</th>";
echo "<th>" . __('Expiration date') . "</th>";
echo "</tr>";
$used = array();
if ($number) {
Session::initNavigateListItems('PluginAccountsAccount', sprintf(__('%1$s = %2$s'), $item->getTypeName(1), $item->getName()));
foreach ($accounts as $data) {
$accountID = $data["id"];
$link = NOT_AVAILABLE;
if ($account->getFromDB($accountID)) {
$link = $account->getLink();
}
Session::addToNavigateListItems('PluginAccountsAccount', $accountID);
$used[$accountID] = $accountID;
$assocID = $data["assocID"];
echo "<tr class='tab_bg_1" . ($data["is_deleted"] ? "_2" : "") . "'>";
if ($canedit && $withtemplate < 2) {
echo "<td width='10'>";
Html::showMassiveActionCheckBox(__CLASS__, $data["assocID"]);
echo "</td>";
}
echo "<td class='center'>{$link}</td>";
if (Session::isMultiEntitiesMode()) {
echo "<td class='center'>" . Dropdown::getDropdownName("glpi_entities", $data['entities_id']) . "</td>";
}
echo "<td class='center'>" . $data["login"] . "</td>";
echo "<td class='center'>";
//hash
if (isset($hash_id) && $aeskey->getFromDBByHash($hash_id) && $aeskey->fields["name"]) {
echo Html::hidden("encrypted_password{$accountID}", array('value' => $data["encrypted_password"], 'id' => "encrypted_password{$accountID}", 'autocomplete' => 'off'));
echo "<input type='text' id='hidden_password{$accountID}' value='' size='30' >";
echo Html::scriptBlock("\n if (!check_hash()) {\n \$('#hidden_password{$accountID}')\n .after('" . __('Wrong encryption key', 'accounts') . "')\n .remove();\n } else {\n decrypt_password('{$accountID}');\n }\n ");
} else {
$url = $CFG_GLPI["root_doc"] . "/plugins/accounts/front/account.form.php";
echo " <input type='button' id='decrypt_link{$accountID}' name='decrypte' value='" . __s('Uncrypt', 'accounts') . "'\n class='submit'>";
echo Html::hidden("encrypted_password{$accountID}", array('value' => $data["encrypted_password"], 'id' => "encrypted_password{$accountID}", 'autocomplete' => 'off'));
echo Html::scriptBlock("\$(document).on('click', '#decrypt_link{$accountID}', function(event) {\n if (!check_hash()) {\n alert('" . __('Wrong encryption key', 'accounts') . "');\n } else {\n var decrypted_password = decrypt_password('{$accountID}');\n \$('#decrypt_link{$accountID}')\n .after(decrypted_password)\n .remove();\n }\n });");
}
echo "</td>";
echo "<td class='center'>";
echo getUsername($data["users_id"]);
echo "</td>";
echo "<td class='center'>";
echo Dropdown::getDropdownName("glpi_plugin_accounts_accounttypes", $data["plugin_accounts_accounttypes_id"]);
echo "</td>";
echo "<td class='center'>" . Html::convdate($data["date_creation"]) . "</td>";
if ($data["date_expiration"] <= date('Y-m-d') && !empty($data["date_expiration"])) {
echo "<td class='center'>";
echo "<div class='deleted'>" . Html::convdate($data["date_expiration"]) . "</div>";
echo "</td>";
} else {
if (empty($data["date_expiration"])) {
echo "<td class='center'>" . __('Don\'t expire', 'accounts') . "</td>";
} else {
echo "<td class='center'>" . Html::convdate($data["date_expiration"]) . "</td>";
}
}
echo "</tr>";
$i++;
}
}
echo "</table>";
echo Html::hidden('good_hash', array('value' => $hash, 'id' => 'good_hash'));
if ($canedit && $number && $withtemplate < 2) {
$massiveactionparams['ontop'] = false;
Html::showMassiveActions($massiveactionparams);
Html::closeForm();
}
echo "</div>";
}
/**
* Print the acccount form
*
* @param $ID integer ID of the item
* @param $options array
* - target for the Form
* - withtemplate template or basic computer
*
* @return Nothing (display)
**/
public function showForm($ID, $options = array())
{
if (!$this->canView()) {
return false;
}
$hashclass = new PluginAccountsHash();
$restrict = getEntitiesRestrictRequest(" ", "glpi_plugin_accounts_hashes", '', '', $hashclass->maybeRecursive());
if ($ID < 1 && countElementsInTable("glpi_plugin_accounts_hashes", $restrict) == 0) {
echo "<div class='center'>" . __('There is no encryption key for this entity', 'accounts') . "<br><br>";
echo "<a href='" . Toolbox::getItemTypeSearchURL('PluginAccountsAccount') . "'>";
_e('Back');
echo "</a></div>";
return false;
}
if ($ID > 0) {
$this->check($ID, 'r');
if (!plugin_accounts_haveRight("all_users", "r")) {
$access = 0;
if (plugin_accounts_haveRight("my_groups", "r")) {
if ($this->fields["groups_id"]) {
if (count($_SESSION['glpigroups']) && in_array($this->fields["groups_id"], $_SESSION['glpigroups'])) {
$access = 1;
}
}
if ($this->fields["users_id"]) {
if ($this->fields["users_id"] == Session::getLoginUserID()) {
$access = 1;
}
}
}
if (!plugin_accounts_haveRight("my_groups", "r") && $this->fields["users_id"] == Session::getLoginUserID()) {
$access = 1;
}
if ($access != 1) {
return false;
}
}
} else {
// Create item
$this->check(-1, 'w');
$this->getEmpty();
}
$this->showTabs($options);
$options["formoptions"] = "id = 'account_form'";
$this->showFormHeader($options);
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Name') . "</td>";
echo "<td>";
Html::autocompletionTextField($this, "name");
echo "</td>";
echo "<td>" . __('Status') . "</td><td>";
Dropdown::show('PluginAccountsAccountState', array('value' => $this->fields["plugin_accounts_accountstates_id"]));
echo "</td>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Login') . "</td>";
echo "<td>";
Html::autocompletionTextField($this, "login");
echo "</td>";
echo "<td>" . __('Type') . "</td><td>";
Dropdown::show('PluginAccountsAccountType', array('value' => $this->fields["plugin_accounts_accounttypes_id"]));
echo "</td>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
//hash
$hash = 0;
$restrict = getEntitiesRestrictRequest(" ", "glpi_plugin_accounts_hashes", '', $this->getEntityID(), $hashclass->maybeRecursive());
$hashes = getAllDatasFromTable("glpi_plugin_accounts_hashes", $restrict);
if (!empty($hashes)) {
foreach ($hashes as $hashe) {
$hash = $hashe["hash"];
$hash_id = $hashe["id"];
}
$alert = '';
} else {
$alert = __('There is no encryption key for this entity', 'accounts');
}
$aeskey = new PluginAccountsAesKey();
//aeskey non enregistre
if ($hash) {
if (!$aeskey->getFromDBByHash($hash_id) || !$aeskey->fields["name"]) {
echo "<td>" . __('Encryption key', 'accounts') . "</div></td><td>";
echo "<input type='password' autocomplete='off' name='aeskey' id= 'aeskey' value='' class=''>";
echo "<input type='hidden' name='encrypted_password' value='" . $this->fields["encrypted_password"] . "'>";
if (!empty($ID) || $ID > 0) {
$url = $this->getFormURL();
echo " <input type='button' id='decrypte_link' name='decrypte' value='" . __s('Uncrypt', 'accounts') . "'\n class='submit' onclick='return false;'>";
echo "<script type='text/javascript'>\n Ext.get('decrypte_link').on('click', function () {\n var good_hash=\"{$hash}\";var hash=SHA256(SHA256(document.getElementById(\"aeskey\").value));\n if (hash != good_hash) {\n alert(\"" . __('Wrong encryption key', 'accounts') . "\");\n return false;\n };\n document.getElementsByName(\"hidden_password\").item(0).value=AESDecryptCtr(document.getElementsByName(\"encrypted_password\").item(0).value,SHA256(document.getElementById(\"aeskey\").value), 256);\n\n callAjax(\"{$url}\", \"{$ID}\" , document.getElementsByName(\"name\").item(0).value, document.getElementsByName(\"_glpi_csrf_token\").item(0).value);\n\n Ext.Ajax.request({\n url: '../ajax/get_new_crsf_token.php',\n success: function(response, opts) {\n var token = response.responseText;\n Ext.select('#account_form input[name=_glpi_csrf_token]')\n .set({'value': token});\n },\n failure: function(response, opts) {\n console.log('server-side failure with status code ' + response.status);\n }\n });\n });\n </script>";
}
echo "</td>";
} else {
echo "<td></td><td>";
echo "</td>";
}
} else {
echo "<td>" . __('Encryption key', 'accounts') . "</div></td><td><div class='red'>";
echo $alert;
echo "</div></td>";
}
if ($_SESSION['glpiactiveprofile']['interface'] == 'central') {
echo "<td>" . __('Affected User', 'accounts') . "</td><td>";
if ($this->canCreate()) {
User::dropdown(array('value' => $this->fields["users_id"], 'entity' => $this->fields["entities_id"], 'right' => 'all'));
} else {
echo getUserName($this->fields["users_id"]);
}
echo "</td>";
} else {
echo "<td>" . __('Affected User', 'accounts') . "</td><td>";
echo getUserName($this->fields["users_id"]);
echo "</td>";
}
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Password') . "</td>";
echo "<td>";
//aeskey enregistre
if (isset($hash_id) && $aeskey->getFromDBByHash($hash_id) && $aeskey->fields["name"]) {
echo "<input type='hidden' name='aeskey' id= 'aeskey' value='" . $aeskey->fields["name"] . "' class='' autocomplete='off'>";
echo "<input type='hidden' name='encrypted_password' value='" . $this->fields["encrypted_password"] . "'>";
echo "<input type='text' name='hidden_password' value='' size='30'>";
echo "<script language='javascript'>\n var good_hash=\"{$hash}\";\n var hash=SHA256(SHA256(document.getElementById(\"aeskey\").value));\n if (hash != good_hash) {\n document.getElementsByName(\"hidden_password\").item(0).value=\"" . __s('Wrong encryption key', 'accounts') . "\";\n } else {\n document.getElementsByName(\"hidden_password\").item(0).value=AESDecryptCtr(document.getElementsByName(\"encrypted_password\").item(0).value,SHA256(document.getElementById(\"aeskey\").value), 256)};</script>";
} else {
echo "<input type='text' name='hidden_password' value='' size='30' >";
}
echo "</td>";
if ($_SESSION['glpiactiveprofile']['interface'] == 'central') {
echo "<td>" . __('Affected Group', 'accounts') . "</td><td>";
if ($this->canCreate()) {
Dropdown::show('Group', array('value' => $this->fields["groups_id"], 'condition' => '`is_itemgroup`'));
} else {
echo Dropdown::getDropdownName("glpi_groups", $this->fields["groups_id"]);
}
echo "</td>";
} else {
echo "<td>" . __('Affected Group', 'accounts') . ":\t</td><td>";
echo Dropdown::getDropdownName("glpi_groups", $this->fields["groups_id"]);
echo "</td>";
}
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Creation date') . "</td>";
echo "<td>";
Html::showDateFormItem("date_creation", $this->fields["date_creation"], true, true);
echo "</td>";
echo "<td>" . __('Technician in charge of the hardware') . "</td>";
echo "<td>";
User::dropdown(array('name' => "users_id_tech", 'value' => $this->fields["users_id_tech"], 'entity' => $this->fields["entities_id"], 'right' => 'interface'));
echo "</td>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Expiration date') . " ";
Html::showToolTip(nl2br(__('Empty for infinite', 'accounts')));
echo "</td>";
echo "<td>";
Html::showDateFormItem("date_expiration", $this->fields["date_expiration"], true, true);
echo "</td>";
echo "<td>" . __('Group in charge of the hardware') . "</td><td>";
Group::dropdown(array('name' => 'groups_id_tech', 'value' => $this->fields['groups_id_tech'], 'condition' => '`is_assign`'));
echo "</td>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Others') . "</td>";
echo "<td>";
Html::autocompletionTextField($this, "others");
echo "</td>";
echo "<td>" . __('Location') . "</td><td>";
Location::dropdown(array('value' => $this->fields["locations_id"], 'entity' => $this->fields["entities_id"]));
echo "</td>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td colspan = '4'>";
echo "<table cellpadding='2' cellspacing='2' border='0'><tr><td>";
echo __('Comments') . "</td></tr>";
echo "<tr><td class='center'>";
echo "<textarea cols='125' rows='3' name='comment'>" . $this->fields["comment"] . "</textarea>";
echo "</td></tr></table>";
echo "</td>";
echo "</tr>";
echo "<tr class='tab_bg_1'>";
echo "<td>" . __('Associable to a ticket') . "</td><td>";
Dropdown::showYesNo('is_helpdesk_visible', $this->fields['is_helpdesk_visible']);
echo "</td>";
echo "<td colspan='2'>";
printf(__('Last update on %s'), Html::convDateTime($this->fields["date_mod"]));
echo "</td>";
echo "</tr>";
if ($this->canCreate()) {
if (empty($ID) || $ID < 0) {
echo "<tr>";
echo "<td class='tab_bg_2 top' colspan='4'>";
echo "<div align='center'><input onclick='var good_hash=\"{$hash}\";\n var hash=SHA256(SHA256(document.getElementById(\"aeskey\").value));\n if ((document.getElementsByName(\"hidden_password\").item(0).value == \"\")\n || (document.getElementById(\"aeskey\").value == \"\")) {\n alert(\"" . __('You have not filled the password and encryption key', 'accounts') . "\");\n return false;\n };\n if (hash != good_hash) {\n alert(\"" . __('Wrong encryption key', 'accounts') . "\");\n return false;\n };\n document.getElementsByName(\"encrypted_password\").item(0).value=AESEncryptCtr(document.getElementsByName(\"hidden_password\").item(0).value,SHA256(document.getElementById(\"aeskey\").value), 256);'\n type='submit' name='add' value=\"" . _sx('button', 'Add') . "\" class='submit'></div>";
echo "</td>";
echo "</tr>";
} else {
echo "<tr>";
echo "<td class='tab_bg_2' colspan='4 top'><div align='center'>";
echo "<input type='hidden' name='id' value=\"{$ID}\">";
echo "<input onclick='var good_hash=\"{$hash}\";\n var hash=SHA256(SHA256(document.getElementById(\"aeskey\").value));\n if ((document.getElementsByName(\"hidden_password\").item(0).value == \"\")\n || (document.getElementById(\"aeskey\").value == \"\")) {\n alert(\"" . __('Password will not be modified', 'accounts') . "\");\n return true;\n } else {\n if (hash != good_hash) {\n alert(\"" . __('Wrong encryption key', 'accounts') . "\");\n return false;\n };\n };\n document.getElementsByName(\"encrypted_password\").item(0).value=AESEncryptCtr(document.getElementsByName(\"hidden_password\").item(0).value,SHA256(document.getElementById(\"aeskey\").value), 256);'\n type='submit' name='update' value=\"" . _sx('button', 'Save') . "\" class='submit' >";
if ($this->fields["is_deleted"] == '0') {
echo " <input type='submit' name='delete' value=\"" . _sx('button', 'Put in dustbin') . "\" class='submit'></div>";
} else {
echo " <input type='submit' name='restore' value=\"" . _sx('button', 'Restore') . "\" class='submit'>";
echo " <input type='submit' name='purge' value=\"" . _sx('button', 'Delete permanently') . "\" class='submit'></div>";
}
echo "</td>";
echo "</tr>";
}
}
echo "</table>";
echo "</div>";
Html::closeForm();
$this->addDivForTabs();
return true;
}
