} if (!$table_is_here) { $pdo->q("CREATE TABLE IF NOT EXISTS `items_revisions` (\n `id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,\n `item_id` int(10) unsigned NOT NULL,\n `body` text NOT NULL,\n `savedate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n `userid` int(11) NOT NULL\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;"); } // 20150324 : adding secret key used to encrypt the SMTP password // first we check if we can write the config file if (!is_writable('config.php')) { // check that there is no secret key already if (!defined('SECRET_KEY')) { $msg_arr[] = "[ERROR] Please allow webserver to write config file, or add SECRET_KEY yourself to config.php. <a href='doc/_build/html/common-errors.html#add-the-secret-key'>Link to documentation</a>"; $_SESSION['errors'] = $msg_arr; header('Location: sysconfig.php'); exit; } } elseif (is_writable('config.php') && !defined('SECRET_KEY')) { $crypto = new \Elabftw\Elabftw\LegacyCrypto(); // add generated strings to config file // the IV is stored in hex $data_to_add = "\ndefine('SECRET_KEY', '" . $crypto->secretKey . "');\ndefine('IV', '" . bin2hex($crypto->iv) . "');\n"; try { file_put_contents('config.php', $data_to_add, FILE_APPEND); } catch (Exception $e) { $msg_arr[] = "[ERROR] " . $e->getMessage(); $_SESSION['errors'] = $msg_arr; header('Location: sysconfig.php'); exit; } // ok so now we have a secret key, an IV and we want to convert our old cleartext SMTP password to an encrypted one $config_arr = array(); // if there is a password in cleartext in the database, we encrypt it if (strlen(get_config('smtp_password')) > 0) {
/** * Switch the crypto lib to defuse/php-encryption * * @throws Exception */ private function schema5() { if (!is_writable(ELAB_ROOT . 'config.php')) { throw new Exception('Please make your config file writable by server for this update.'); } $legacy = new \Elabftw\Elabftw\LegacyCrypto(); // our new key (raw binary string) try { $new_secret_key = Crypto::CreateNewRandomKey(); } catch (Exception $e) { die($e->getMessage()); } $new_smtp_password = ''; $new_stamp_password = ''; if (strlen(get_config('smtp_password')) > 0) { $old_smtp_password = $legacy->decrypt(get_config('smtp_password')); $new_smtp_password = Crypto::binTohex(Crypto::encrypt($old_smtp_password, $new_secret_key)); } if (strlen(get_config('stamppass')) > 0) { // get the old passwords $old_stamp_password = $legacy->decrypt(get_config('stamppass')); $new_stamp_password = Crypto::binTohex(Crypto::encrypt($old_stamp_password, $new_secret_key)); } $updates = array('smtp_password' => $new_smtp_password, 'stamppass' => $new_stamp_password); if (!update_config($updates)) { throw new Exception('Error updating config with new passwords!'); } // we will rewrite the config file with the new key $contents = "<?php\ndefine('DB_HOST', '" . DB_HOST . "');\ndefine('DB_NAME', '" . DB_NAME . "');\ndefine('DB_USER', '" . DB_USER . "');\ndefine('DB_PASSWORD', '" . DB_PASSWORD . "');\ndefine('ELAB_ROOT', '" . ELAB_ROOT . "');\ndefine('SECRET_KEY', '" . Crypto::binTohex($new_secret_key) . "');\n"; if (file_put_contents('config.php', $contents) == 'false') { throw new Exception('There was a problem writing the file!'); } }