/**
* Login form
* @author Benjamin BALET <*****@*****.**>
*/
public function login()
{
$data['title'] = lang('session_login_title');
$data['help'] = $this->help->create_help_link('global_link_doc_page_login');
$this->load->helper('form');
$this->load->library('form_validation');
//Note that we don't receive the password as a clear string
$this->form_validation->set_rules('login', lang('session_login_field_login'), 'required');
$data['last_page'] = $this->session->userdata('last_page');
if ($this->form_validation->run() === FALSE) {
$data['public_key'] = file_get_contents('./assets/keys/public.pem', TRUE);
$data['salt'] = $this->generateRandomString(rand(5, 20));
$data['language'] = $this->session->userdata('language');
$data['language_code'] = $this->session->userdata('language_code');
$this->session->set_userdata('salt', $data['salt']);
$data['flash_partial_view'] = $this->load->view('templates/flash', $data, TRUE);
$this->load->view('templates/header', $data);
$this->load->view('session/login', $data);
$this->load->view('templates/footer');
} else {
$this->load->model('users_model');
//Set language
$this->session->set_userdata('language_code', $this->input->post('language'));
$this->session->set_userdata('language', $this->polyglot->code2language($this->input->post('language')));
//Decipher the password value (RSA encoded -> base64 -> decode -> decrypt) and remove the salt!
require_once APPPATH . 'third_party/phpseclib/vendor/autoload.php';
$rsa = new phpseclib\Crypt\RSA();
$private_key = file_get_contents('./assets/keys/private.pem', TRUE);
$rsa->setEncryptionMode(phpseclib\Crypt\RSA::ENCRYPTION_PKCS1);
$rsa->loadKey($private_key, phpseclib\Crypt\RSA::PRIVATE_FORMAT_PKCS1);
$password = $rsa->decrypt(base64_decode($this->input->post('CipheredValue')));
//Remove the salt
$len_salt = strlen($this->session->userdata('salt')) * -1;
$password = substr($password, 0, $len_salt);
$loggedin = FALSE;
if ($this->config->item('ldap_enabled')) {
if ($password != "") {
//Bind to MS-AD with blank password might return OK
$ldap = ldap_connect($this->config->item('ldap_host'), $this->config->item('ldap_port'));
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
set_error_handler(function () {
/* ignore errors */
});
if ($this->config->item('ldap_basedn_db')) {
$basedn = $this->users_model->getBaseDN($this->input->post('login'));
} else {
$basedn = sprintf($this->config->item('ldap_basedn'), $this->input->post('login'));
}
$bind = ldap_bind($ldap, $basedn, $password);
restore_error_handler();
if ($bind) {
$loggedin = $this->users_model->checkCredentialsLDAP($this->input->post('login'));
}
ldap_close($ldap);
}
} else {
$loggedin = $this->users_model->checkCredentials($this->input->post('login'), $password);
}
if ($loggedin == FALSE) {
log_message('error', '{controllers/session/login} Invalid login id or password for user='******'login'));
$this->session->set_flashdata('msg', lang('session_login_flash_bad_credentials'));
$data['public_key'] = file_get_contents('./assets/keys/public.pem', TRUE);
$data['salt'] = $this->generateRandomString(rand(5, 20));
$data['language'] = $this->session->userdata('language');
$data['language_code'] = $this->session->userdata('language_code');
$this->session->set_userdata('salt', $data['salt']);
$data['flash_partial_view'] = $this->load->view('templates/flash', $data, TRUE);
$this->load->view('templates/header', $data);
$this->load->view('session/login', $data);
$this->load->view('templates/footer');
} else {
//If the user has a target page (e.g. link in an e-mail), redirect to this destination
if ($this->session->userdata('last_page') != '') {
if (strpos($this->session->userdata('last_page'), 'index.php', strlen($this->session->userdata('last_page')) - strlen('index.php'))) {
$this->session->set_userdata('last_page', base_url() . 'home');
}
if ($this->session->userdata('last_page_params') == '') {
redirect($this->session->userdata('last_page'));
} else {
redirect($this->session->userdata('last_page') . '?' . $this->session->userdata('last_page_params'));
}
} else {
redirect(base_url() . 'home');
}
}
}
}
/**
* Update a given user in the database. Update data are coming from an HTML form
* @return int number of affected rows
* @author Benjamin BALET <*****@*****.**>
*/
public function resetPassword($id, $CipheredNewPassword)
{
//Decipher the password value (RSA encoded -> base64 -> decode -> decrypt)
require_once APPPATH . 'third_party/phpseclib/vendor/autoload.php';
$rsa = new phpseclib\Crypt\RSA();
$private_key = file_get_contents('./assets/keys/private.pem', TRUE);
$rsa->setEncryptionMode(phpseclib\Crypt\RSA::ENCRYPTION_PKCS1);
$rsa->loadKey($private_key, phpseclib\Crypt\RSA::PRIVATE_FORMAT_PKCS1);
$password = $rsa->decrypt(base64_decode($CipheredNewPassword));
//Hash the clear password using bcrypt (8 iterations)
$salt = '$2a$08$' . substr(strtr(base64_encode($this->getRandomBytes(16)), '+', '.'), 0, 22) . '$';
$hash = crypt($password, $salt);
$data = array('password' => $hash);
$this->db->where('id', $id);
return $this->db->update('users', $data);
}
$versions[$matches[1][$i]] = $fullVersion;
} else {
$versions[$matches[1][$i]] = $m[0];
}
}
}
echo "<tr><td>PHP_VERSION</td><td>" . (version_compare(PHP_VERSION, '4.2.0', '>=') ? '>=4.2.0' : '<4.2.0') . '</td></tr>';
echo "<tr><td>openssl</td><td>" . (extension_loaded('openssl') ? 'extension loaded' : 'extension not loaded') . '</td></tr>';
echo "<tr><td>openssl_pkey_get_details</td><td>" . (function_exists('openssl_pkey_get_details') ? 'exists' : 'doesn\'t exist') . '</td></tr>';
echo "<tr><td>Private key</td><td>" . ($privateKey != '' ? 'Found' : 'Not found') . '</td></tr>';
echo "<tr><td>Public key</td><td>" . ($publicKey != '' ? 'Found' : 'Not found') . '</td></tr>';
echo "<tr><td>OpenSSL Library</td><td>" . (isset($versions['Library']) ? $versions['Library'] : 'Not found') . '</td></tr>';
echo "<tr><td>OpenSSL Header</td><td>" . (isset($versions['Header']) ? $versions['Header'] : 'Not found') . '</td></tr>';
$rsa = new \phpseclib\Crypt\RSA();
echo "<tr><td>CRYPT_RSA_MODE</td><td>" . (CRYPT_RSA_MODE == 1 ? 'MODE_INTERNAL' : 'MODE_OPENSSL') . '</td></tr>';
$rsa->setEncryptionMode(phpseclib\Crypt\RSA::ENCRYPTION_PKCS1);
$plaintext = 'Jorani is the best open source Leave Management System';
$rsa->loadKey($publicKey);
$ciphertext = $rsa->encrypt($plaintext);
$rsa->loadKey($privateKey, phpseclib\Crypt\RSA::PRIVATE_FORMAT_PKCS1);
$time_start = microtime(true);
echo "<tr><td>Decrypted message</td><td>" . $rsa->decrypt($ciphertext) . '</td></tr>';
$time_end = microtime(true);
$time = $time_end - $time_start;
echo "<tr><td>Decryption speed</td><td>" . $time . '</td></tr>';
//Generate public and private keys for a single usage
extract($rsa->createKey(KEY_SIZE));
?>
</tbody>
</table>
/**
* Desencriptar datos cifrados con la clave pública
*
* @param string $data los datos a desencriptar
* @return string
*/
public function decryptRSA($data)
{
$Rsa = new \phpseclib\Crypt\RSA();
$Rsa->setEncryptionMode(\phpseclib\Crypt\RSA::ENCRYPTION_PKCS1);
$Rsa->loadKey($this->getPrivateKey());
return $Rsa->decrypt($data);
}
static function encryptResponse($handshake, $response)
{
//setup encryption engine with servers keys
$privateKey = Session::get("serverPrivate");
$serverAES = Session::get('serverAES');
$rsa = new \phpseclib\Crypt\RSA();
$rsa->setEncryptionMode($rsa::ENCRYPTION_PKCS1);
//decrypt the clients AESkey from the
$rsa->loadKey($privateKey);
$clientAESkey = $rsa->decrypt(base64_decode($handshake));
//use AES to encrypt the data
$AESEncrypted = cryptAES::enc($response, $clientAESkey);
return $AESEncrypted;
}
/**
* Update a given user in the database. Update data are coming from an
* HTML form
* @return type
* @author Benjamin BALET <*****@*****.**>
*/
public function reset_password($id, $CipheredNewPassword)
{
//log_message('debug', '{models/users_model/reset_password} Entering function id=' . $id . ' / Ciphered password='******'bcrypt');
//Decipher the password value (RSA encoded -> base64 -> decode -> decrypt)
require_once APPPATH . 'third_party/phpseclib/vendor/autoload.php';
$rsa = new phpseclib\Crypt\RSA();
$private_key = file_get_contents('./assets/keys/private.pem', true);
$rsa->setEncryptionMode(phpseclib\Crypt\RSA::ENCRYPTION_PKCS1);
$rsa->loadKey($private_key, phpseclib\Crypt\RSA::PRIVATE_FORMAT_PKCS1);
$password = $rsa->decrypt(base64_decode($CipheredNewPassword));
log_message('debug', '{models/users_model/reset_password} Password='******'debug', '{models/users_model/reset_password} Hash=' . $hash);
$data = array('password' => $hash);
$this->db->where('id', $id);
$result = $this->db->update('users', $data);
return $result;
}
