From afe6f30b3d9be12c58f8d59f4483deb441f95c08 Mon Sep 17 00:00:00 2001 From: Collin Date: Fri, 15 Mar 2024 10:46:39 +0000 Subject: [PATCH] Add encryption, fix table deleting --- src/LonaDB/Actions/check_password.php | 8 +++++++- src/LonaDB/Actions/create_user.php | 8 +++++++- src/LonaDB/Actions/delete_table.php | 2 +- src/LonaDB/Tables/TableManager.php | 2 +- 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/LonaDB/Actions/check_password.php b/src/LonaDB/Actions/check_password.php index aa31f82..4306d83 100644 --- a/src/LonaDB/Actions/check_password.php +++ b/src/LonaDB/Actions/check_password.php @@ -9,6 +9,12 @@ return new class { return; } + $key = hash('sha256', $data['process'], true); + $parts = explode(':', $data['checkPass']['pass']); + $iv = hex2bin($parts[0]); + $ciphertext = hex2bin($parts[1]); + $password = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); + if(!$lona->UserManager->CheckPermission($data['login']['name'], "password_check")) { $lona->Logger->Error("User '".$data['login']['name']."' tried to check a password without permission"); $response = json_encode(["success" => false, "err" => "no_permission", "process" => $data['process']]); @@ -17,7 +23,7 @@ return new class { return; } - $checkPassword = $lona->UserManager->CheckPassword($data['checkPass']['name'], $data['checkPass']['pass']); + $checkPassword = $lona->UserManager->CheckPassword($data['checkPass']['name'], $password); $response = json_encode(["success" => true, "passCheck" => $checkPassword, "process" => $data['process']]); socket_write($client, $response); diff --git a/src/LonaDB/Actions/create_user.php b/src/LonaDB/Actions/create_user.php index 12777eb..fdb7e77 100644 --- a/src/LonaDB/Actions/create_user.php +++ b/src/LonaDB/Actions/create_user.php @@ -9,6 +9,12 @@ return new class { return; } + $key = hash('sha256', $data['process'], true); + $parts = explode(':', $data['user']['password']); + $iv = hex2bin($parts[0]); + $ciphertext = hex2bin($parts[1]); + $password = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); + if(!$lona->UserManager->CheckPermission($data['login']['name'], "user_create")){ $lona->Logger->Error("User '".$data['login']['name']."' tried to create a user without permission"); $response = json_encode(["success" => false, "err" => "no_permission", "process" => $data['process']]); @@ -25,7 +31,7 @@ return new class { return; } - $result = $lona->UserManager->CreateUser($data['user']['name'], $data['user']['password']); + $result = $lona->UserManager->CreateUser($data['user']['name'], $password); $response = json_encode(["success" => $result, "process" => $data['process']]); diff --git a/src/LonaDB/Actions/delete_table.php b/src/LonaDB/Actions/delete_table.php index 7bced70..9a84f9c 100644 --- a/src/LonaDB/Actions/delete_table.php +++ b/src/LonaDB/Actions/delete_table.php @@ -24,7 +24,7 @@ return new class { return; } - if($lona->TableManager->GetTable($data['table']['name'])->GetOwner() !== $data['login']['name']) { + if($lona->TableManager->GetTable($data['table']['name'])->GetOwner() !== $data['login']['name'] && $lona->UserManager->GetRole($data['login']['name']) !== "Administrator" && $lona->UserManager->GetRole($data['login']['name']) !== "Superuser") { $response = json_encode(["success" => false, "err" => "not_table_owner", "process" => $data['process']]); socket_write($client, $response); socket_close($client); diff --git a/src/LonaDB/Tables/TableManager.php b/src/LonaDB/Tables/TableManager.php index 519c72f..922b239 100644 --- a/src/LonaDB/Tables/TableManager.php +++ b/src/LonaDB/Tables/TableManager.php @@ -71,7 +71,7 @@ class TableManager{ return false; } - if($user !== $this->Tables[$name]->GetOwner()) { + if($user !== $this->Tables[$name]->GetOwner() && $this->LonaDB->UserManager->GetRole($user) !== "Administrator" && $this->LonaDB->UserManager->GetRole($user) !== "Superuser") { $this->LonaDB->Logger->Table("Not the owner! Trying to delete table '" . $name . "', requested by user '" . $user . "'"); return false; }