// add generated strings to config file // the IV is stored in hex $data_to_add = "\ndefine('SECRET_KEY', '" . $crypto->getSecretKey() . "');\ndefine('IV', '" . bin2hex($crypto->getIv()) . "');\n"; try { file_put_contents('config.php', $data_to_add, FILE_APPEND); } catch (Exception $e) { $msg_arr[] = "[ERROR] " . $e->getMessage(); $_SESSION['errors'] = $msg_arr; header('Location: sysconfig.php'); exit; } // ok so now we have a secret key, an IV and we want to convert our old cleartext SMTP password to an encrypted one $config_arr = array(); // if there is a password in cleartext in the database, we encrypt it if (strlen(get_config('smtp_password')) > 0) { $config_arr['smtp_password'] = $crypto->encrypt(get_config('smtp_password')); } if (strlen(get_config('stamppass')) > 0) { $config_arr['stamppass'] = $crypto->encrypt(get_config('stamppass')); } try { update_config($config_arr); } catch (Exception $e) { $msg_arr[] = "[ERROR] " . $e->getMessage(); $_SESSION['errors'] = $msg_arr; header('Location: sysconfig.php'); exit; } // now we update the stamppass in the `teams` table // first get the list of teams with a stamppass $sql = "SELECT * FROM teams WHERE CHAR_LENGTH(stamppass) > 0";
/** * Validate POST variables containing login/validation data for the TSP; * Substitute missing values with empty strings and return as array * * @return array */ function processTimestampPost() { $crypto = new \Elabftw\Elabftw\Crypto(); if (isset($_POST['stampprovider'])) { $stampprovider = filter_var($_POST['stampprovider'], FILTER_VALIDATE_URL); } else { $stampprovider = ''; } if (isset($_POST['stampcert'])) { $cert_chain = filter_var($_POST['stampcert'], FILTER_SANITIZE_STRING); if (is_file(realpath(ELAB_ROOT . $cert_chain)) || realpath($cert_chain)) { $stampcert = $cert_chain; } else { $stampcert = ''; } } else { $stampcert = ''; } if (isset($_POST['stampshare'])) { $stampshare = $_POST['stampshare']; } else { $stampshare = 0; } if (isset($_POST['stamplogin'])) { $stamplogin = filter_var($_POST['stamplogin'], FILTER_SANITIZE_STRING); } else { $stamplogin = ''; } if (isset($_POST['stamppass'])) { $stamppass = $crypto->encrypt(filter_var($_POST['stamppass'], FILTER_SANITIZE_STRING)); } else { $stamppass = ''; } return array('stampprovider' => $stampprovider, 'stampcert' => $stampcert, 'stampshare' => $stampshare, 'stamplogin' => $stamplogin, 'stamppass' => $stamppass); }
} else { $smtp_encryption = ''; } if (isset($_POST['smtp_port']) && is_pos_int($_POST['smtp_port'])) { $smtp_port = $_POST['smtp_port']; } else { $smtp_port = ''; } if (isset($_POST['smtp_username'])) { $smtp_username = filter_var($_POST['smtp_username'], FILTER_SANITIZE_STRING); } else { $smtp_username = ''; } if (isset($_POST['smtp_password'])) { // the password is stored encrypted in the SQL $smtp_password = $crypto->encrypt(filter_var($_POST['smtp_password'], FILTER_SANITIZE_STRING)); } else { $smtp_password = ''; } // SQL $updates = array('smtp_address' => $smtp_address, 'smtp_encryption' => $smtp_encryption, 'smtp_port' => $smtp_port, 'smtp_username' => $smtp_username, 'smtp_password' => $smtp_password, 'mail_method' => $mail_method, 'mail_from' => $mail_from, 'sendmail_path' => $sendmail_path); if (update_config($updates)) { $msg_arr[] = _('Configuration updated successfully.'); $_SESSION['infos'] = $msg_arr; header('Location: ../sysconfig.php?tab=5'); exit; } else { $msg_arr[] = sprintf(_("There was an unexpected problem! Please %sopen an issue on GitHub%s if you think this is a bug.") . "<br>E#9", "<a href='https://github.com/elabftw/elabftw/issues/'>", "</a>"); $_SESSION['errors'] = $msg_arr; header('Location: ../sysconfig.php?tab=5'); exit;