From 50f466ec44ecbdfecd4166f76c149b922c77d6b6 Mon Sep 17 00:00:00 2001 From: nuxsmin Date: Thu, 27 Oct 2016 17:18:58 +0200 Subject: [PATCH] * [DEV] WORK IN PROGRESS: Fixed installer --- ajax/{ajax_acctSave.php => ajax_accSave.php} | 0 ajax/ajax_doLogin.php | 2 +- inc/Base.php | 2 + inc/SP/Auth/Auth.class.php | 2 +- inc/SP/Controller/MainController.class.php | 3 +- inc/SP/Core/CryptMasterPass.class.php | 2 +- inc/SP/Core/Init.class.php | 13 ++--- inc/SP/Core/Installer.class.php | 10 ++-- inc/SP/Util/Util.class.php | 50 ++++++++++++++++--- .../material-blue/views/main/body-end.inc | 19 ++++--- .../material-blue/views/main/install.inc | 19 ++----- js/app-triggers.js | 3 ++ 12 files changed, 81 insertions(+), 44 deletions(-) rename ajax/{ajax_acctSave.php => ajax_accSave.php} (100%) diff --git a/ajax/ajax_acctSave.php b/ajax/ajax_accSave.php similarity index 100% rename from ajax/ajax_acctSave.php rename to ajax/ajax_accSave.php diff --git a/ajax/ajax_doLogin.php b/ajax/ajax_doLogin.php index 3941011e..0887e229 100644 --- a/ajax/ajax_doLogin.php +++ b/ajax/ajax_doLogin.php @@ -200,7 +200,7 @@ if (!$masterPass // Comprobar si se ha forzado un cambio de clave if ($User->getItemData()->isUserIsChangePass()) { - $hash = \SP\Util\Util::generate_random_bytes(); + $hash = \SP\Util\Util::generateRandomBytes(); $UserPassRecoverData = new UserPassRecoverData(); $UserPassRecoverData->setUserpassrUserId($User->getItemData()->getUserId()); diff --git a/inc/Base.php b/inc/Base.php index 88f06f79..4bfc171b 100644 --- a/inc/Base.php +++ b/inc/Base.php @@ -35,6 +35,8 @@ define('CONTROLLER_PATH', __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPAR define('VIEW_PATH', __DIR__ . DIRECTORY_SEPARATOR . 'themes'); define('EXTENSIONS_PATH', __DIR__ . DIRECTORY_SEPARATOR . 'Exts'); define('LOCALES_PATH', __DIR__ . DIRECTORY_SEPARATOR . 'locales'); +define('SQL_PATH', __DIR__ . DIRECTORY_SEPARATOR . 'sql'); + define('DEBUG', true); diff --git a/inc/SP/Auth/Auth.class.php b/inc/SP/Auth/Auth.class.php index 680b0168..18632814 100644 --- a/inc/SP/Auth/Auth.class.php +++ b/inc/SP/Auth/Auth.class.php @@ -210,7 +210,7 @@ class Auth && !$UserData->isUserIsLdap() && !UserPassRecover::checkPassRecoverLimit($UserData) ) { - $hash = Util::generate_random_bytes(); + $hash = Util::generateRandomBytes(); $Log = new Log(_('Cambio de Clave')); diff --git a/inc/SP/Controller/MainController.class.php b/inc/SP/Controller/MainController.class.php index 662605ea..8c5c7aeb 100644 --- a/inc/SP/Controller/MainController.class.php +++ b/inc/SP/Controller/MainController.class.php @@ -27,6 +27,7 @@ namespace SP\Controller; defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo')); +use SP\Config\Config; use SP\Core\ActionsInterface; use SP\Core\Init; use SP\Core\Installer; @@ -67,6 +68,7 @@ class MainController extends ControllerBase implements ActionsInterface $this->view->addTemplate('header'); $this->view->addTemplate('body-start'); + $this->view->assign('isInstalled', Config::getConfig()->isInstalled()); $this->view->assign('sk', SessionUtil::getSessionKey(true)); $this->view->assign('appInfo', Util::getAppInfo()); $this->view->assign('appVersion', Util::getVersionString()); @@ -279,7 +281,6 @@ class MainController extends ControllerBase implements ActionsInterface $InstallData->setHostingMode(Request::analyze('hostingmode', false)); $this->view->assign('isCompleted', false); - $this->view->assign('InstallData', $InstallData); $errors = array_merge(Checks::checkPhpVersion(), Checks::checkModules()); diff --git a/inc/SP/Core/CryptMasterPass.class.php b/inc/SP/Core/CryptMasterPass.class.php index 98cc9133..4ad57b0a 100644 --- a/inc/SP/Core/CryptMasterPass.class.php +++ b/inc/SP/Core/CryptMasterPass.class.php @@ -46,7 +46,7 @@ class CryptMasterPass public static function setTempMasterPass($maxTime = 14400) { // Encriptar la clave maestra con hash aleatorio generado - $randomKey = Crypt::generateAesKey(Util::generate_random_bytes()); + $randomKey = Crypt::generateAesKey(Util::generateRandomBytes()); $pass = Crypt::mkCustomMPassEncrypt($randomKey, SessionUtil::getSessionMPass()); if (!is_array($pass)) { diff --git a/inc/SP/Core/Init.class.php b/inc/SP/Core/Init.class.php index e8d38f7e..1cb1b60d 100644 --- a/inc/SP/Core/Init.class.php +++ b/inc/SP/Core/Init.class.php @@ -29,6 +29,7 @@ use SP\Auth\Auth; use SP\Config\Config; use SP\Config\ConfigDB; use SP\Controller; +use SP\Controller\MainController; use SP\Core\Exceptions\SPException; use SP\Http\Request; use SP\Log\Email; @@ -289,7 +290,7 @@ class Init { $Tpl = new Template(); $Tpl->append('errors', array('type' => SPException::SP_CRITICAL, 'description' => $str, 'hint' => $hint)); - $Controller = new Controller\MainController($Tpl); + $Controller = new MainController($Tpl); $Controller->getError(true); $Controller->view(); exit; @@ -455,7 +456,7 @@ class Init exit(); } else { // Comprobar si sysPass está instalada o en modo mantenimiento - $Controller = new Controller\MainController(); + $Controller = new MainController(); $Controller->getInstaller(); $Controller->view(); exit(); @@ -537,7 +538,7 @@ class Init */ private static function goLogin() { - $Controller = new Controller\MainController(null, 'login'); + $Controller = new MainController(null, 'login'); $Controller->getLogin(); $Controller->view(); exit; @@ -583,7 +584,7 @@ class Init Config::saveConfig(); } } else { - $controller = new Controller\MainController(); + $controller = new MainController(); $controller->getUpgrade(); $controller->view(); exit(); @@ -667,7 +668,7 @@ class Init } $action = Request::analyze('a'); - $Controller = new Controller\MainController(); + $Controller = new MainController(); switch ($action) { case 'passreset': @@ -744,7 +745,7 @@ class Init } $action = Request::analyze('a'); - $Controller = new Controller\MainController(null, 'main'); + $Controller = new MainController(null, 'main'); switch ($action) { case 'accView': diff --git a/inc/SP/Core/Installer.class.php b/inc/SP/Core/Installer.class.php index 5ae4593b..a24b4cbf 100644 --- a/inc/SP/Core/Installer.class.php +++ b/inc/SP/Core/Installer.class.php @@ -83,7 +83,7 @@ class Installer $Config = Config::getConfig(); // Generate a random salt that is used to salt the local user passwords - $Config->setPasswordSalt(Util::generate_random_bytes(30)); + $Config->setPasswordSalt(Util::generateRandomBytes(30)); $Config->setConfigVersion(implode(Util::getVersion(true))); if (preg_match('/(.*):(\d{1,5})/', $this->InstallData->getDbHost(), $match)) { @@ -95,6 +95,8 @@ class Installer if (!preg_match('/(localhost|127.0.0.1)/', $this->InstallData->getDbHost())) { $this->InstallData->setDbAuthHost($_SERVER['SERVER_ADDR']); + } else { + $this->InstallData->setDbAuthHost('localhost'); } // Save DB connection info @@ -203,9 +205,11 @@ class Installer { // Si no es modo hosting se crea un hash para la clave y un usuario con prefijo "sp_" para la DB if (!$this->InstallData->isHostingMode()) { - $this->InstallData->setDbPass(md5(time() . $this->InstallData->getDbPass())); + $this->InstallData->setDbPass(Util::randomPassword()); $this->InstallData->setDbUser(substr('sp_' . $this->InstallData->getAdminLogin(), 0, 16)); + error_log($this->InstallData->getDbPass()); + // Comprobar si el usuario sumistrado existe $query = sprintf(/** @lang SQL */ 'SELECT COUNT(*) FROM mysql.user @@ -333,7 +337,7 @@ class Installer */ private function createDBStructure() { - $fileName = Init::$SERVERROOT . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR . 'dbstructure.sql'; + $fileName = SQL_PATH . DIRECTORY_SEPARATOR . 'dbstructure.sql'; if (!file_exists($fileName)) { throw new SPException(SPException::SP_CRITICAL, diff --git a/inc/SP/Util/Util.class.php b/inc/SP/Util/Util.class.php index eaecdc59..b67af879 100644 --- a/inc/SP/Util/Util.class.php +++ b/inc/SP/Util/Util.class.php @@ -39,13 +39,46 @@ defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo' */ class Util { + /** + * Generar una clave aleatoria + * + * @param int $length Longitud de la clave + * @param bool $useNumbers Usar números + * @param bool $useSpecial Usar carácteres especiales + * @return string + */ + public static function randomPassword($length = 16, $useNumbers = true, $useSpecial = true) + { + $special = "@#$%&/()=?¿!_-:.;,{}[]*^"; + $numbers = "0123456789"; + $alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ"; + + if ($useSpecial === true) { + $alphabet .= $special; + } + + if ($useNumbers === true) { + $alphabet .= $numbers; + } + + $pass = []; + $alphaLength = strlen($alphabet) - 1; //put the length -1 in cache + + for ($i = 0; $i < $length; $i++) { + $n = rand(0, $alphaLength); + $pass[] = $alphabet[$n]; + } + + return implode($pass); //turn the array into a string + } + /** * Generar una cadena aleatoria usuando criptografía. * * @param int $length opcional, con la longitud de la cadena * @return string */ - public static function generate_random_bytes($length = 30) + public static function generateRandomBytes($length = 30) { // Try to use openssl_random_pseudo_bytes if (function_exists('openssl_random_pseudo_bytes')) { @@ -65,8 +98,9 @@ class Util // Fallback to mt_rand() $characters = '0123456789'; $characters .= 'abcdefghijklmnopqrstuvwxyz'; + $characters .= strtoupper('abcdefghijklmnopqrstuvwxyz'); $charactersLength = strlen($characters) - 1; - $pseudo_byte = ""; + $pseudo_byte = ''; // Select some random characters for ($i = 0; $i < $length; $i++) { @@ -167,7 +201,7 @@ class Util * Obtener datos desde una URL usando CURL * * @param $url string La URL - * @param array $data + * @param array $data * @param bool|null $useCookie * @return bool|string * @throws SPException @@ -347,8 +381,8 @@ class Util * such as 'false','N','yes','on','off', etc. * * @author Samuel Levy - * @param mixed $in The variable to check - * @param bool $strict If set to false, consider everything that is not false to + * @param mixed $in The variable to check + * @param bool $strict If set to false, consider everything that is not false to * be true. * @return bool The boolean equivalent or null (if strict, and no exact equivalent) */ @@ -431,7 +465,7 @@ class Util { return unserialize(preg_replace('/^O:\d+:"[^"]++"/', 'O:' . strlen($class) . ':"' . $class . '"', serialize($object))); } - + /** * Devuelve la última función llamada tras un error * @@ -463,8 +497,8 @@ class Util */ public static function checkInObjectArray(array $objectArray, $method, $value) { - foreach ($objectArray as $object){ - if ($object->$method() === $value){ + foreach ($objectArray as $object) { + if ($object->$method() === $value) { return true; } } diff --git a/inc/themes/material-blue/views/main/body-end.inc b/inc/themes/material-blue/views/main/body-end.inc index 751b54b7..aa336a0d 100644 --- a/inc/themes/material-blue/views/main/body-end.inc +++ b/inc/themes/material-blue/views/main/body-end.inc @@ -2,16 +2,19 @@ - - - + + sysPassApp.triggers().views.install(); + + }); + + diff --git a/inc/themes/material-blue/views/main/install.inc b/inc/themes/material-blue/views/main/install.inc index ccdbc26d..cd01aeb2 100644 --- a/inc/themes/material-blue/views/main/install.inc +++ b/inc/themes/material-blue/views/main/install.inc @@ -24,7 +24,7 @@ -
+
@@ -46,8 +46,7 @@
+ value="" maxlength="255" autocomplete="off">
@@ -58,8 +57,7 @@
+ value="" maxlength="255" autocomplete="off">
@@ -146,13 +144,4 @@ - - \ No newline at end of file + \ No newline at end of file diff --git a/js/app-triggers.js b/js/app-triggers.js index 6853a4bf..be6559de 100644 --- a/js/app-triggers.js +++ b/js/app-triggers.js @@ -339,6 +339,9 @@ sysPass.Triggers = function (Common) { if ($form.length > 0) { $form.attr("data-hash", SparkMD5.hash($form.serialize(), false)); } + }, + install: function() { + Common.appTheme().passwordDetect($("#frmInstall")); } };