nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2026-01-06 11:43:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Modify en/decryption functions to be openssl-based - mcrypt_* functions are now deprecated as of PHP 7.1.0

Browse Source
This commit is contained in:
Nate
2019-02-28 18:22:34 -07:00
parent 36b32599f1
commit d799d42e1f
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/default_settings/app_config.php
View File

@@ -209,7 +209,7 @@
$apps[$x]['default_settings'][$y]['default_setting_category'] = "login"; $apps[$x]['default_settings'][$y]['default_setting_category'] = "login";
$apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "password_reset_key"; $apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "password_reset_key";
$apps[$x]['default_settings'][$y]['default_setting_name'] = "text"; $apps[$x]['default_settings'][$y]['default_setting_name'] = "text";
$apps[$x]['default_settings'][$y]['default_setting_value'] = generate_password('20', '4'); $apps[$x]['default_settings'][$y]['default_setting_value'] = base64_encode(openssl_random_pseudo_bytes(32));
$apps[$x]['default_settings'][$y]['default_setting_enabled'] = "false"; $apps[$x]['default_settings'][$y]['default_setting_enabled'] = "false";
$apps[$x]['default_settings'][$y]['default_setting_description'] = "Display a Reset Password link on the login box (requires smtp_host be defined)."; $apps[$x]['default_settings'][$y]['default_setting_description'] = "Display a Reset Password link on the login box (requires smtp_host be defined).";
$y++; $y++;

13
resources/functions.php
View File

@@ -1548,15 +1548,20 @@ function number_pad($number,$n) {
//encrypt a string //encrypt a string
if (!function_exists('encrypt')) { if (!function_exists('encrypt')) {
function encrypt($key, $str_to_enc) { function encrypt($key, $data) {
return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $str_to_enc, MCRYPT_MODE_CBC, md5(md5($key)))); $encryption_key = base64_decode($key);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
return base64_encode($encrypted.'::'.$iv);
} }
} }
//decrypt a string //decrypt a string
if (!function_exists('decrypt')) { if (!function_exists('decrypt')) {
function decrypt($key, $str_to_dec) { function decrypt($key, $data) {
return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($str_to_dec), MCRYPT_MODE_CBC, md5(md5($key))), "\0"); $encryption_key = base64_decode($key);
list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);
return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
} }
} }

2
resources/login.php
View File

@@ -241,7 +241,7 @@
} }
echo "<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-login']."'>\n"; echo "<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-login']."'>\n";
if ( if (
function_exists('mcrypt_encrypt') && function_exists('openssl_encrypt') &&
$_SESSION['login']['password_reset_key']['text'] != '' && $_SESSION['login']['password_reset_key']['text'] != '' &&
$_SESSION['email']['smtp_host']['text'] != '' $_SESSION['email']['smtp_host']['text'] != ''
) { ) {