Change email en/decryption to use crypto class

Drop old mcrypt class

Change email en/decryption to use crypto class
Drop old mcrypt class
2b1e9606 · Peter Rotich · 8354062f · 2b1e9606 · 8354062f · 2b1e9606
Commit 2b1e9606 authored 11 years ago by Peter Rotich
--- a/include/class.email.php
+++ b/include/class.email.php
@@ -87,7 +87,7 @@ class Email {
    }

    function getPasswd() {
-        return $this->ht['userpass']?Mcrypt::decrypt($this->ht['userpass'],SECRET_SALT):'';
+        return $this->ht['userpass']?Crypto::decrypt($this->ht['userpass'], SECRET_SALT, $this->ht['userid']):'';
    }

    function getHashtable() {
@@ -108,7 +108,7 @@ class Email {
                'protocol'  => $this->ht['mail_protocol'],
                'encryption' => $this->ht['mail_encryption'],
                'username'  => $this->ht['userid'],
-                'password' => Mcrypt::decrypt($this->ht['userpass'], SECRET_SALT),
+                'password' => Crypto::decrypt($this->ht['userpass'], SECRET_SALT, $this->ht['userid']),
                //osTicket specific
                'email_id'  => $this->getId(), //Required for email routing to work.
                'max_fetch' => $this->ht['mail_fetchmax'],
@@ -134,7 +134,7 @@ class Email {
                'port' => $this->ht['smtp_port'],
                'auth' => (bool) $this->ht['smtp_auth'],
                'username' => $this->ht['userid'],
-                'password' => Mcrypt::decrypt($this->ht['userpass'], SECRET_SALT)
+                'password' => Crypto::decrypt($this->ht['userpass'], SECRET_SALT, $this->ht['userid'])
                );

        return $info;
@@ -367,7 +367,7 @@ class Email {
            $sql.=',mail_delete=0,mail_archivefolder=NULL';

        if($vars['passwd']) //New password - encrypt.
-            $sql.=',userpass='.db_input(Mcrypt::encrypt($vars['passwd'],SECRET_SALT));
+            $sql.=',userpass='.db_input(Crypto::encrypt($vars['passwd'],SECRET_SALT, $vars['userid']));

        if($id) { //update
            $sql='UPDATE '.EMAIL_TABLE.' SET '.$sql.' WHERE email_id='.db_input($id);

--- a/include/class.mcrypt.php
+++ b/include/class.mcrypt.php
-<?php
-/*********************************************************************
-    class.mcrypt.php
-
-    Mcrypt wrapper.... nothing special at all.
-
-    Peter Rotich <peter@osticket.com>
-    Copyright (c)  2006-2013 osTicket
-    http://www.osticket.com
-
-    Released under the GNU General Public License WITHOUT ANY WARRANTY.
-    See LICENSE.TXT for details.
-
-    vim: expandtab sw=4 ts=4 sts=4:
-**********************************************************************/
-class Mcrypt {
-    
-    function encrypt($text, $salt) {
-        global $ost;
-        
-        //if mcrypt extension is not installed--simply return unencryted text and log a warning (if enabled).
-        if(!function_exists('mcrypt_encrypt') || !function_exists('mcrypt_decrypt')) {
-            if($ost) {
-                $msg='Cryptography extension mcrypt is not enabled or installed. Important text/data is being stored as plain text in database.';
-                $ost->logWarning('mcrypt module missing', $msg);
-            }
-
-            return $text;
-        }
-
-        return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $salt, $text, MCRYPT_MODE_ECB,
-                         mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
-    }
-
-    function decrypt($text, $salt) {
-
-        if(!function_exists('mcrypt_encrypt') || !function_exists('mcrypt_decrypt'))
-            return $text;
-
-        return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $salt, base64_decode($text), MCRYPT_MODE_ECB,
-                        mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
-    }
-
-    function exists(){
-        return (function_exists('mcrypt_encrypt') && function_exists('mcrypt_decrypt'));
-    }
-}
-?>
--- a/main.inc.php
+++ b/main.inc.php
@@ -113,7 +113,7 @@
    require(INCLUDE_DIR.'class.usersession.php');
    require(INCLUDE_DIR.'class.pagenate.php'); //Pagenate helper!
    require(INCLUDE_DIR.'class.log.php');
-    require(INCLUDE_DIR.'class.mcrypt.php');
+    require(INCLUDE_DIR.'class.crypto.php');
    require(INCLUDE_DIR.'class.misc.php');
    require(INCLUDE_DIR.'class.timezone.php');
    require(INCLUDE_DIR.'class.http.php');

--- a/setup/inc/install-prereq.inc.php
+++ b/setup/inc/install-prereq.inc.php
@@ -22,7 +22,6 @@ if(!defined('SETUPINC')) die('Kwaheri!');
            <h3>Recommended:</h3>
            You can use osTicket without these, but you may not be able to use all features.
            <ul class="progress">
-                <li class="<?php echo extension_loaded('mcrypt')?'yes':'no'; ?>">Mcrypt extension</li>
                <li class="<?php echo extension_loaded('gd')?'yes':'no'; ?>">Gdlib extension</li>
                <li class="<?php echo extension_loaded('imap')?'yes':'no'; ?>">PHP IMAP extension</li>
            </ul>