From e75661c073c7bef6bcfa9ec9a4e89d1949035099 Mon Sep 17 00:00:00 2001
From: cdujeu <charles@ajaxplorer.info>
Date: Fri, 27 Mar 2015 20:41:53 +0100
Subject: [PATCH] Move decypher function in AJXP_Utils instead of
 AbstractAjxpUser. Do not override __AJXP_VALUE_SET__ when parsing standard
 form. New parameter $complexChars in generateRandomString function.

---
 core/src/core/classes/class.AJXP_Safe.php  |  8 +++++---
 core/src/core/classes/class.AJXP_Utils.php | 22 +++++++++++++++++-----
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/core/src/core/classes/class.AJXP_Safe.php b/core/src/core/classes/class.AJXP_Safe.php
index e76738eee5..a0e84c0d39 100644
--- a/core/src/core/classes/class.AJXP_Safe.php
+++ b/core/src/core/classes/class.AJXP_Safe.php
@@ -110,9 +110,11 @@ public function store()
     {
         $_SESSION["AJXP_SAFE_CREDENTIALS"] = base64_encode($this->user.$this->separator.$this->encodedPassword);
     }
+
     /**
      * Load the credentials from session
-     * @return
+     * @param string $encodedString
+     * @return void
      */
     public function load($encodedString = "")
     {
@@ -235,7 +237,7 @@ public static function tryLoadingCredentialsFromSources($parsedUrl, $repository)
                 $wallet = $loggedUser->getPref("AJXP_WALLET");
                 if (is_array($wallet) && isSet($wallet[$repository->getId()][$optionsPrefix."USER"])) {
                     $user = $wallet[$repository->getId()][$optionsPrefix."USER"];
-                    $password = $loggedUser->decodeUserPassword($wallet[$repository->getId()][$optionsPrefix."PASS"]);
+                    $password = AJXP_Utils::decypherStandardFormPassword($loggedUser->getId(), $wallet[$repository->getId()][$optionsPrefix."PASS"]);
                 }
             }
         }
@@ -247,7 +249,7 @@ public static function tryLoadingCredentialsFromSources($parsedUrl, $repository)
                 $p = $loggedUser->mergedRole->filterParameterValue("access.".$repository->getAccessType(), $optionsPrefix."PASS", $repository->getId(), "");
                 if (!empty($u) && !empty($p)) {
                     $user = $u;
-                    $password = $loggedUser->decodeUserPassword($p);
+                    $password = AJXP_Utils::decypherStandardFormPassword($loggedUser->getId(), $p);
                 }
             }
         }
diff --git a/core/src/core/classes/class.AJXP_Utils.php b/core/src/core/classes/class.AJXP_Utils.php
index b305232517..fd64bac497 100644
--- a/core/src/core/classes/class.AJXP_Utils.php
+++ b/core/src/core/classes/class.AJXP_Utils.php
@@ -1628,7 +1628,15 @@ public static function getRemoteContent($url)
         }
     }
 
-    public static function parseStandardFormParameters(&$repDef, &$options, $userId = null, $prefix = "DRIVER_OPTION_", $binariesContext = null)
+    public static function decypherStandardFormPassword($userId, $password){
+        if (function_exists('mcrypt_decrypt')) {
+            // We have encoded as base64 so if we need to store the result in a database, it can be stored in text column
+            $password = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($userId."\1CDAFx¨op#"), base64_decode($password), MCRYPT_MODE_ECB), "\0");
+        }
+        return $password;
+    }
+
+    public static function parseStandardFormParameters(&$repDef, &$options, $userId = null, $prefix = "DRIVER_OPTION_", $binariesContext = null, $cypheredPassPrefix = "")
     {
         if ($binariesContext === null) {
             $binariesContext = array("USER" => (AuthService::getLoggedUser()!= null)?AuthService::getLoggedUser()->getId():"shared");
@@ -1650,9 +1658,9 @@ public static function parseStandardFormParameters(&$repDef, &$options, $userId
                     } else if ($type == "array") {
                         $value = explode(",", $value);
                     } else if ($type == "password" && $userId!=null) {
-                        if (trim($value) != "" && function_exists('mcrypt_encrypt')) {
+                        if (trim($value) != "" && $value != "__AJXP_VALUE_SET__" && function_exists('mcrypt_encrypt')) {
                             // We encode as base64 so if we need to store the result in a database, it can be stored in text column
-                            $value = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,  md5($userId."\1CDAFx¨op#"), $value, MCRYPT_MODE_ECB));
+                            $value = $cypheredPassPrefix . base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,  md5($userId."\1CDAFx¨op#"), $value, MCRYPT_MODE_ECB));
                         }
                     } else if ($type == "binary" && $binariesContext !== null) {
                         if (!empty($value)) {
@@ -1929,11 +1937,12 @@ public static function pbkdf2_create_hash($password)
     /**
      * generates a random password, uses base64: 0-9a-zA-Z
      * @param int [optional] $length length of password, default 24 (144 Bit)
+     * @param bool $complexChars
      * @return string password
      */
-    public static function generateRandomString($length = 24)
+    public static function generateRandomString($length = 24, $complexChars = false)
     {
-        if (function_exists('openssl_random_pseudo_bytes') && USE_OPENSSL_RANDOM) {
+        if (function_exists('openssl_random_pseudo_bytes') && USE_OPENSSL_RANDOM && !$complexChars) {
             $password = base64_encode(openssl_random_pseudo_bytes($length, $strong));
             if($strong == TRUE)
                 return substr(str_replace(array("/","+"), "", $password), 0, $length); //base64 is about 33% longer, so we need to truncate the result
@@ -1942,6 +1951,9 @@ public static function generateRandomString($length = 24)
         //fallback to mt_rand if php < 5.3 or no openssl available
         $characters = '0123456789';
         $characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+        if($complexChars){
+            $characters .= "!@#$%&*?";
+        }
         $charactersLength = strlen($characters)-1;
         $password = '';