|
dolibarr 24.0.0-beta
|
Set of function used for dolibarr security (not common functions). More...
Go to the source code of this file.
Functions | |
| isHTTPS () | |
| Return if we are using a HTTPS connection Check HTTPS (no way to be modified by user but may be empty or wrong if user is using a proxy) Take HTTP_X_FORWARDED_PROTO (defined when using proxy) Then HTTP_X_FORWARDED_SSL. | |
| dolEncrypt ($chain, $key='', $ciphering='', $forceseed='', $obfuscationmode='dolcrypt') | |
| Encode a string with a symmetric encryption. | |
| dolDecrypt ($chain, $key='', $patterntotest='') | |
| Decode a string with a symmetric encryption. | |
| dol_hash ($chain, $type='0', $nosalt=0, $mode=0) | |
| Returns a hash (non reversible encryption) of a string. | |
| dol_verifyHash ($chain, $hash, $type='0') | |
| Compute a hash and compare it to the given one For backward compatibility reasons, if the hash is not in the password_hash format, we will try to match against md5 and sha1md5 If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function. | |
Set of function used for dolibarr security (not common functions).
Warning, this file must not depends on other library files, except function.lib.php because it is used at low code level.
Definition in file securitycore.lib.php.
| dol_hash | ( | $chain, | |
| $type = '0', | |||
| $nosalt = 0, | |||
| $mode = 0 ) |
Returns a hash (non reversible encryption) of a string.
If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function (recommended value is 'password_hash') If constant MAIN_SECURITY_SALT is defined, we use it as a salt (used only if hashing algorithm is something else than 'password_hash').
| string | $chain | String to hash |
| 'auto'|'0'|'sha1'|'1'|'sha1md5'|'2'|'md5'|'3'|'openldap'|'4'|'sha256'|'5'|'password_hash'|'6'|'hash' | $type Type of hash: 'auto' or '0': will use MAIN_SECURITY_HASH_ALGO else md5 'sha1' or '1': sha1 'sha1md5' or '2': sha1md5 'md5' or '3': md5 'openldapxxx' or '4': for OpenLdap 'sha256' or '5': sha256 'password_hash' or '6': password_hash Use 'md5' if hash is not needed for security purpose. For security need, prefer 'auto'. | |
| int | $nosalt | Do not include any salt |
| int | $mode | 0=Return encoded password, 1=Return array with encoding password + encoding algorithm |
Definition at line 232 of file securitycore.lib.php.
References dolGetLdapPasswordHash(), and getDolGlobalString().
Referenced by Adherent\_load_ldap_info(), User\_load_ldap_info(), MailmanSpip\add_to_spip(), MailingTargets\addTargetsToDatabase(), ActionComm\build_exportfile(), BlockedLog\buildFinalSignatureHash(), EcmFiles\create(), CommonObject\createCommon(), dol_check_secure_access_document(), dol_verifyHash(), ConferenceOrBooth\fetch(), DiasporaHandler\fetch(), RedditHandler\fetch(), CMailFile\findHtmlImages(), getHashUniqueIdOfRegistration(), User\getOnlineVirtualCardUrl(), Login\index(), CommonObject\insertExtraFields(), RssParser\parser(), User\send_password(), SMTPs\setAttachment(), SMTPs\setBodyContent(), SMTPs\setImageInline(), Adherent\setPassword(), User\setPassword(), Form\showphoto(), EcmFiles\update(), CommonObject\updateCommon(), CommonObject\updateExtraField(), ActionsTicket\viewTicketMessages(), pdf_eagle\write_file(), pdf_espadon\write_file(), pdf_rouget\write_file(), pdf_squille\write_file(), modPhpbarcode\writeBarCode(), and modTcpdfbarcode\writeBarCode().
| dol_verifyHash | ( | $chain, | |
| $hash, | |||
| $type = '0' ) |
Compute a hash and compare it to the given one For backward compatibility reasons, if the hash is not in the password_hash format, we will try to match against md5 and sha1md5 If constant MAIN_SECURITY_HASH_ALGO is defined, we use this function as hashing function.
If constant MAIN_SECURITY_SALT is defined, we use it as a salt.
| string | $chain | String to hash (not hashed string) |
| string | $hash | hash to compare |
| 'auto'|'0'|'sha1'|'1'|'sha1md5'|'2'|'md5'|'3'|'openldap'|'4'|'sha256'|'5'|'password_hash'|'6'|'hash' | $type Type of hash ('0':auto, '1':sha1, '2':sha1+md5, '3':md5, '4': for OpenLdap, '5':sha256, 'hash'). Use '3' here, if hash is not needed for security purpose, for security need, prefer '0'. |
Definition at line 328 of file securitycore.lib.php.
References dol_hash(), dol_strlen(), dol_verifyHash(), and getDolGlobalString().
Referenced by check_user_password_dolibarr(), check_user_password_googleoauth(), dol_verifyHash(), Context\getMemberAccountFromLogin(), Context\getThirdPartyAccountFromLogin(), and User\update().
| dolDecrypt | ( | $chain, | |
| $key = '', | |||
| $patterntotest = '' ) |
Decode a string with a symmetric encryption.
Used to decrypt sensitive data saved into database. Note: If a backup is restored onto another instance with a different $conf->file->instance_unique_id, then decoded value will differ.
| string | $chain | Encrypted string to decode |
| string | $key | Key to use to decode. It can be a list of keys separated by ','. |
| string | $patterntotest | Pattern to test if decoing is ok. |
Definition at line 132 of file securitycore.lib.php.
References $conf, ascii_check(), dol_decode(), dol_syslog(), and string.
Referenced by DolibarrApiAccess\__isAllowed(), pdf_standard_supplierpayment\_pagehead(), BlockedLog\create(), EmailCollector\create(), dol_getcache(), dolibarr_get_const(), encodedecode_dbpassconf(), CompanyBankAccount\fetch(), CompanyPaymentMode\fetch(), EmailCollector\fetch(), Facture\fetch(), FactureLigne\fetch(), User\fetch(), UserBankAccount\fetch(), Facture\fetch_lines(), CommonObject\fetch_optionals(), BonPrelevement\generate(), BlockedLog\getClearHMACSecretKey(), Thirdparties\getCompanyBankAccount(), pdf_standard_supplierpayment\getDefaultThirdpartyIban(), migrate_apiresttokens(), migrate_blockedlog_add_hmac_key(), Form\selectRib(), Stripe\sepaStripe(), Conf\setValues(), and EmailCollector\update().
| dolEncrypt | ( | $chain, | |
| $key = '', | |||
| $ciphering = '', | |||
| $forceseed = '', | |||
| $obfuscationmode = 'dolcrypt' ) |
Encode a string with a symmetric encryption.
Used to encrypt sensitive data into database. Note: If a backup is restored onto another instance with a different $conf->file->instance_unique_id, then decoded value will differ. This function is called for example by dol_set_const() when saving a sensible data into database, like into configuration table llx_const, or societe_rib, ...
| string | $chain | String to encode |
| string | $key | Key to use to decode. It can be a list of keys separated by ','. |
| string | $ciphering | Default ciphering algorithm |
| string | $forceseed | To force the seed. Keep always empty on new versions. |
| string | $obfuscationmode | 'dolcrypt' or 'dolobfuscatev1' |
Definition at line 63 of file securitycore.lib.php.
References $conf, dol_substr(), and dolGetRandomBytes().
Referenced by DolibarrApiAccess\__isAllowed(), BlockedLog\create(), EmailCollector\create(), dol_setcache(), dolibarr_set_const(), encodedecode_dbpassconf(), Login\index(), CommonObject\insertExtraFields(), migrate_apiresttokens(), migrate_blockedlog_add_end_file(), BlockedLog\saveHMACSecretKey(), CompanyBankAccount\update(), EmailCollector\update(), User\update(), and CommonObject\updateExtraField().
| isHTTPS | ( | ) |
Return if we are using a HTTPS connection Check HTTPS (no way to be modified by user but may be empty or wrong if user is using a proxy) Take HTTP_X_FORWARDED_PROTO (defined when using proxy) Then HTTP_X_FORWARDED_SSL.
Definition at line 38 of file securitycore.lib.php.
Referenced by BlockedLog\canBeEnabled().