} else {
$display .= '<option value=\\"' . $t->id . '\\"' . $selected . '>' . $ident . str_replace(array("&", '"'), array("&", """), $t->title) . '</option>';
}
$prev_level = $t->nlevel;
}
}
$display .= '</select></div>';
// Show results to user.
echo '[{"error":"no" , "output" : "' . $display . '"}]';
}
break;
//Insert into DB the items the user has selected
//Insert into DB the items the user has selected
case "import_items":
//decrypt and retreive data in JSON format
$dataReceived = Encryption\Crypt\aesctr::decrypt($_POST['data'], $_SESSION['key'], 256);
//Get some info about personal folder
if ($_POST['folder'] == $_SESSION['user_id']) {
$personalFolder = 1;
} else {
$personalFolder = 0;
}
$data_fld = DB::queryFirstRow("SELECT title FROM " . prefix_table("nested_tree") . " WHERE id = %i", intval($_POST['folder']));
//Prepare variables
$listItems = htmlspecialchars_decode($dataReceived);
$list = "";
foreach (explode('@_#sep#_@', mysqli_escape_string($link, stripslashes($listItems))) as $item) {
//For each item, insert into DB
$item = explode('@|@', $item);
//explode item to get all fields
//Encryption key
} else {
echo 'document.getElementById("but_next").disabled = "disabled";';
echo 'document.getElementById("res_step1").innerHTML = "Correct the shown ' . 'errors and click on button Launch to refresh";';
//echo 'gauge.modify($("pbar"),{values:[0.25,1]});';
}
echo 'document.getElementById("res_step1").innerHTML = "' . $txt . '";';
echo 'document.getElementById("loader").style.display = "none";';
break;
#==========================
#==========================
case "step2":
$res = "";
//decrypt the password
// AES Counter Mode implementation
require_once '../includes/libraries/Encryption/Crypt/aesctr.php';
$dbPassword = Encryption\Crypt\aesctr::decrypt($_POST['db_password'], "cpm", 128);
// connexion
if (mysqli_connect($_POST['db_host'], $_POST['db_login'], $dbPassword, $_POST['db_bdd'], $_POST['db_port'])) {
$dbTmp = mysqli_connect($_POST['db_host'], $_POST['db_login'], $dbPassword, $_POST['db_bdd'], $_POST['db_port']);
//echo 'gauge.modify($("pbar"),{values:[0.50,1]});';
$res = "Connection is successful";
echo 'document.getElementById("but_next").disabled = "";';
//What CPM version
if (@mysqli_query($dbTmp, "SELECT valeur FROM " . $_POST['tbl_prefix'] . "misc\n WHERE type='admin' AND intitule = 'cpassman_version'")) {
$tmpResult = mysqli_query($dbTmp, "SELECT valeur FROM " . $_POST['tbl_prefix'] . "misc\n WHERE type='admin' AND intitule = 'cpassman_version'");
$cpmVersion = mysqli_fetch_row($tmpResult);
echo 'document.getElementById("actual_cpm_version").value = "' . $cpmVersion[0] . '";';
} else {
echo 'document.getElementById("actual_cpm_version").value = "0";';
}
//Get some infos from DB
case "admin_action_backup_decrypt":
//get backups infos
$rows = DB::query("SELECT * FROM " . prefix_table("misc") . " WHERE type = %s", "settings");
foreach ($rows as $record) {
$settings[$record['intitule']] = $record['valeur'];
}
//read file
$return = "";
$Fnm = $settings['bck_script_path'] . '/' . $_POST['option'] . '.sql';
if (file_exists($Fnm)) {
$inF = fopen($Fnm, "r");
while (!feof($inF)) {
$return .= fgets($inF, 4096);
}
fclose($inF);
$return = Encryption\Crypt\aesctr::decrypt($return, $settings['bck_script_key'], 256);
//save the file
$handle = fopen($settings['bck_script_path'] . '/' . $_POST['option'] . '_DECRYPTED' . '.sql', 'w+');
fwrite($handle, $return);
fclose($handle);
}
break;
/*
* Change SALT Key START
*/
/*
* Change SALT Key START
*/
case "admin_action_change_salt_key___start":
$error = "";
require_once 'main.functions.php';
}
}
}
}
}
mysqli_close($dbTmp);
// Destroy session without writing to disk
define('NODESTROY_SESSION', 'true');
session_destroy();
break;
case "step_7":
//decrypt
require_once '../includes/libraries/Encryption/Crypt/aesctr.php';
// AES Counter Mode implementation
$activity = Encryption\Crypt\aesctr::decrypt($_POST['activity'], "cpm", 128);
$task = Encryption\Crypt\aesctr::decrypt($_POST['task'], "cpm", 128);
// launch
$dbTmp = @mysqli_connect($_SESSION['db_host'], $_SESSION['db_login'], $_SESSION['db_pw'], $_SESSION['db_bdd'], $_SESSION['db_port']);
if ($activity == "file") {
if ($task == "deleteInstall") {
function delTree($dir)
{
$files = array_diff(scandir($dir), array('.', '..'));
foreach ($files as $file) {
is_dir("{$dir}/{$file}") ? delTree("{$dir}/{$file}") : unlink("{$dir}/{$file}");
}
return rmdir($dir);
}
$result = true;
$errorMsg = "Cannot delete installation directory";
if (file_exists($_SESSION['abspath'] . '/install')) {
mysqli_query($dbTmp, "CREATE TABLE IF NOT EXISTS `" . $_SESSION['tbl_prefix'] . "export` (\n `id` int(12) NOT NULL,\n `label` varchar(255) NOT NULL,\n `login` varchar(100) NOT NULL,\n `description` text NOT NULL,\n `pw` text NOT NULL,\n `path` varchar(255) NOT NULL\n ) CHARSET=utf8;");
//CLEAN UP ITEMS TABLE
$allowedTags = '<b><i><sup><sub><em><strong><u><br><br /><a><strike><ul>' . '<blockquote><blockquote><img><li><h1><h2><h3><h4><h5><ol><small><font>';
$cleanRes = mysqli_query($dbTmp, "SELECT id,description FROM `" . $_SESSION['tbl_prefix'] . "items`");
while ($cleanData = mysqli_fetch_array($cleanRes)) {
mysqli_query($dbTmp, "UPDATE `" . $_SESSION['tbl_prefix'] . "items`\n SET description = '" . strip_tags($cleanData['description'], $allowedTags) . "' WHERE id = " . $cleanData['id']);
}
//Encrypt passwords in log_items
$resTmp = mysqli_fetch_row(mysqli_query($dbTmp, "SELECT COUNT(*) FROM " . $pre . "misc\n WHERE type = 'update' AND intitule = 'encrypt_pw_in_log_items'\n AND valeur = 1"));
if ($resTmp[0] == 0) {
// AES Counter Mode implementation
require_once '../includes/libraries/Encryption/Crypt/aesctr.php';
$tmpRes = mysqli_query($dbTmp, "SELECT * FROM " . $pre . "log_items\n WHERE action = 'at_modification' AND raison LIKE 'at_pw %'");
while ($tmpData = mysqli_fetch_array($tmpRes)) {
$reason = explode(':', $tmpData['raison']);
$text = Encryption\Crypt\aesctr::encrypt(trim($reason[1]), $_SESSION['encrypt_key'], 256);
}
mysqli_query($dbTmp, "INSERT INTO `" . $_SESSION['tbl_prefix'] . "misc`\n VALUES ('update', 'encrypt_pw_in_log_items',1)");
}
// Since 2.1.17, encrypt process is changed.
// Previous PW need to be re-encrypted
if (@mysqli_query($dbTmp, "SELECT valeur FROM " . $_SESSION['tbl_prefix'] . "misc\n WHERE type='admin' AND intitule = 'encryption_protocol'")) {
$tmpResult = mysqli_query($dbTmp, "SELECT valeur FROM " . $_SESSION['tbl_prefix'] . "misc\n WHERE type='admin' AND intitule = 'encryption_protocol'");
$tmp = mysqli_fetch_row($tmpResult);
if ($tmp[0] != "ctr") {
//count elem
$res = mysqli_query($dbTmp, "SELECT COUNT(*) FROM " . $_SESSION['tbl_prefix'] . "items\n WHERE perso = '0'");
$data = mysqli_fetch_row($res);
if ($data[0] > 0) {
echo '$("#change_pw_encryption, #change_pw_encryption_progress").show();';
echo '$("#change_pw_encryption_progress").html(' . '"Number of Passwords to re-encrypt: ' . $data[0] . '");';
function prepareExchangedData($data, $type)
{
//Load AES
$aes = new SplClassLoader('Encryption\\Crypt', '../includes/libraries');
$aes->register();
if ($type == "encode") {
if (isset($_SESSION['settings']['encryptClientServer']) && $_SESSION['settings']['encryptClientServer'] == 0) {
return json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP);
} else {
return Encryption\Crypt\aesctr::encrypt(json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP), $_SESSION['key'], 256);
}
} elseif ($type == "decode") {
if (isset($_SESSION['settings']['encryptClientServer']) && $_SESSION['settings']['encryptClientServer'] == 0) {
return json_decode($data, true);
} else {
return json_decode(Encryption\Crypt\aesctr::decrypt($data, $_SESSION['key'], 256), true);
}
}
}
function prepareExchangedData($data, $type)
{
if ($type == "encode") {
if (isset($_SESSION['settings']['encryptClientServer']) && $_SESSION['settings']['encryptClientServer'] == 0) {
return json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP);
} else {
return Encryption\Crypt\aesctr::encrypt(json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP), $_SESSION['key'], 256);
}
} elseif ($type == "decode") {
if (isset($_SESSION['settings']['encryptClientServer']) && $_SESSION['settings']['encryptClientServer'] == 0) {
return json_decode($data, true);
} else {
return json_decode(Encryption\Crypt\aesctr::decrypt($data, $_SESSION['key'], 256), true);
}
}
}
}
break;
/*
* Change SALT Key
*/
/*
* Change SALT Key
*/
case "admin_action_change_salt_key":
$error = "";
require_once 'main.functions.php';
//put tool in maintenance.
DB::update(prefix_table("misc"), array('valeur' => '1'), "intitule = %s AND type= %s", "maintenance_mode", "admin");
//log
DB::insert(prefix_table("log_system"), array('type' => 'system', 'date' => time(), 'label' => 'change_salt_key', 'qui' => $_SESSION['user_id']));
$new_salt_key = htmlspecialchars_decode(Encryption\Crypt\aesctr::decrypt($_POST['option'], SALT, 256));
//change all passwords in DB
$rows = DB::query("SELECT id, pw, pw_iv FROM " . prefix_table("items") . " WHERE perso = %s", "0");
foreach ($rows as $record) {
$pw = cryption($record['pw'], SALT, $record['pw_iv'], "decrypt");
//encrypt with new SALT
DB::update(prefix_table("items"), array('pw' => encrypt($pw, $new_salt_key)), "id = %i", $record['id']);
}
//change all users password in DB
$rows = DB::query("SELECT id, pw, pw_iv FROM " . prefix_table("users"));
foreach ($rows as $record) {
$pw = cryption($record['pw'], SALT, $record['pw_iv'], "decrypt");
//encrypt with new SALT
DB::update(prefix_table("users"), array('pw' => encrypt($pw, $new_salt_key)), "id = %i", $record['id']);
}
// get path to sk.php
$f->title = $_SESSION['login'];
}
$arrOutput[$f->id] = $f->title;
}
}
}
echo json_encode($arrOutput, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_HEX_AMP);
break;
/**
* Store the personal saltkey
*/
/**
* Store the personal saltkey
*/
case "store_personal_saltkey":
$dataReceived = json_decode(Encryption\Crypt\aesctr::decrypt(urldecode($_POST['sk']), $_SESSION['key'], 256), true);
if ($dataReceived['psk'] != "**************************") {
$_SESSION['my_sk'] = str_replace(" ", "+", urldecode($dataReceived['psk']));
setcookie("TeamPass_PFSK_" . md5($_SESSION['user_id']), encrypt($_SESSION['my_sk'], ""), time() + 60 * 60 * 24 * $_SESSION['settings']['personal_saltkey_cookie_duration'], '/');
}
break;
/**
* Change the personal saltkey
*/
/**
* Change the personal saltkey
*/
case "change_personal_saltkey":
//decrypt and retreive data in JSON format
$dataReceived = prepareExchangedData($_POST['data'], "decode");
//Prepare variables
