Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix install #4491

Merged
merged 6 commits into from
Nov 29, 2024
Merged

Fix install #4491

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
aa37fa8
WIP fix installation process
nilsteampassnet Nov 25, 2024
b7ad280
Reworked the way SECUREPATH and SECUREFILE are generated and added s=…
nilsteampassnet Nov 25, 2024
9441c8d
Changed the way to initialize SECUREPATH et SECUREFILE
nilsteampassnet Nov 27, 2024
99eb560
Fixed the installation from scratch.
nilsteampassnet Nov 28, 2024
d69de4e
Fixed comments review
nilsteampassnet Nov 28, 2024
5529771
Merge branch 'master' into fix_install
nilsteampassnet Nov 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion includes/config/include.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

define('TP_VERSION', '3.1.2');
define("UPGRADE_MIN_DATE", "1732264740");
define('TP_VERSION_MINOR', '167');
define('TP_VERSION_MINOR', '170');
define('TP_TOOL_NAME', 'Teampass');
define('TP_ONE_DAY_SECONDS', 86400);
define('TP_ONE_WEEK_SECONDS', 604800);
Expand Down
2 changes: 0 additions & 2 deletions includes/config/settings.sample.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@
define("DB_CONNECT_OPTIONS", array(
MYSQLI_OPT_CONNECT_TIMEOUT => 10
));
define("SECUREPATH", "");
define("SECUREFILE", "");
define("IKEY", "");
define("SKEY", "");
define("HOST", "");
Expand Down
201 changes: 106 additions & 95 deletions install/install.queries.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
* @license GPL-3.0
* @see https://www.teampass.net
*/
require '../vendor/autoload.php';
use TiBeN\CrontabManager\CrontabJob;
use TiBeN\CrontabManager\CrontabAdapter;
use TiBeN\CrontabManager\CrontabRepository;
Expand Down Expand Up @@ -53,9 +54,46 @@
}
}


// Load settings
include_once '../includes/config/settings.php';

// Check if SECUREPATH and SECUREFILE are defined
if (defined('SECUREPATH') === false) {
define('SECUREPATH', __DIR__.'/../includes/config');
error_log("TEST1");
}
if (defined('SECUREFILE') === false) {
define('SECUREFILE', generateRandomKey());
error_log("TEST2");

// 1- generate saltkey
$key = Key::createNewRandomKey();
$new_salt = $key->saveToAsciiSafeString();

// 2- store key in file
file_put_contents(
SECUREPATH.'/'.SECUREFILE,
$new_salt
);

//3 - add to settings
$newLine = '
define("SECUREPATH", "' . SECUREPATH. '");
define("SECUREFILE", "' . SECUREFILE. '");
';
file_put_contents('../includes/config/settings.php', $newLine, FILE_APPEND);
}

if (session_status() === PHP_SESSION_ACTIVE) {
session_unset();
session_destroy();
}

// Load functions
require_once __DIR__.'/../sources/main.functions.php';


// init
loadClasses('DB');
$session = SessionManager::getSession();
Expand Down Expand Up @@ -185,26 +223,54 @@ function encryptFollowingDefuse($message, $ascii_key)
$session_abspath
);

// Prepare variables
$session_abspath = rtrim($inputData['data']['absolute_path'], '/');
$session_url_path = rtrim($inputData['data']['url_path'], '/');
$session_sk_path = rtrim($inputData['data']['sk_path'], '/');

if (null !== $inputData['type']) {
switch ($inputData['type']) {
case 'step_2':
$abspath = str_replace('\\', '/', $inputData['data']['absolute_path']);
if (substr($abspath, strlen($abspath) - 1) == '/') {
$abspath = substr($abspath, 0, strlen($abspath) - 1);
}
$session_abspath = $abspath;
$session_url_path = $inputData['data']['url_path'];

case 'step_2':
// Check FOLDERS
if (isset($inputData['activity']) && $inputData['activity'] === 'folder') {
$targetPath = $abspath . '/' . $inputData['task'] . '/';
if (is_writable($targetPath) === true) {
// Handle specific case of "secure path"
if ($inputData['task'] === 'secure') {
// Is SK path a folder?
if (!is_dir($session_sk_path)) {
echo '[{"error" : " Path ' . $session_sk_path . ' is not a folder!", "index" : "' . $inputData['index'] . '", "multiple" : "' . $inputData['multiple'] . '"}]';
break;
}

// Is SK path writable?
if (is_writable($session_sk_path) === false) {
echo '[{"error" : " Path ' . $session_sk_path . ' is not writable!", "index" : "' . $inputData['index'] . '", "multiple" : "' . $inputData['multiple'] . '"}]';
break;
}

// Handle the SK file to correct folder
$filename_seckey = $session_sk_path . '/' . SECUREFILE;

if (!file_exists($filename_seckey)) {
// Move file
if (!copy(__DIR__.'/../includes/config/'.SECUREFILE, $filename_seckey)) {
echo '[{"error" : "File `'.__DIR__.'/../includes/config/'.SECUREFILE.'` could not be copied to `'.$filename_seckey.'`. Please check the path and the rights", "result":"", "index" : "' . $inputData['index'] . '", "multiple" : "' . $inputData['multiple'] . '"}]';
break;
}
}
echo '[{"error" : "", "index" : "' . $inputData['index'] . '", "multiple" : "' . $inputData['multiple'] . '"}]';
} else {
echo '[{"error" : " Path ' . $targetPath . ' is not writable!", "index" : "' . $inputData['index'] . '", "multiple" : "' . $inputData['multiple'] . '"}]';
$targetPath = $session_abspath . '/' . $inputData['task'] . '/';
error_log("PATH: ".$targetPath);
if (is_writable($targetPath) === true) {
echo '[{"error" : "", "index" : "' . $inputData['index'] . '", "multiple" : "' . $inputData['multiple'] . '"}]';
} else {
echo '[{"error" : " Path ' . $targetPath . ' is not writable!", "index" : "' . $inputData['index'] . '", "multiple" : "' . $inputData['multiple'] . '"}]';
}
}
break;
}

// Check EXTENSIONS
if (isset($inputData['activity']) && $inputData['activity'] === 'extension') {
if (extension_loaded($inputData['task'])) {
echo '[{"error" : "", "index" : "' . $inputData['index'] . '", "multiple" : "' . $inputData['multiple'] . '"}]';
Expand All @@ -214,6 +280,7 @@ function encryptFollowingDefuse($message, $ascii_key)
break;
}

// Check FUNCTION
if (isset($inputData['activity']) && $inputData['activity'] === 'function') {
if (function_exists($inputData['task'])) {
echo '[{"error" : "", "index" : "' . $inputData['index'] . '", "multiple" : "' . $inputData['multiple'] . '"}]';
Expand All @@ -223,6 +290,7 @@ function encryptFollowingDefuse($message, $ascii_key)
break;
}

// Check VERSIONS
if (isset($inputData['activity']) && $inputData['activity'] === 'version') {
if (version_compare(phpversion(), MIN_PHP_VERSION, '>=')) {
echo '[{"error" : "", "index" : "' . $inputData['index'] . '", "multiple" : "' . $inputData['multiple'] . '"}]';
Expand All @@ -232,6 +300,7 @@ function encryptFollowingDefuse($message, $ascii_key)
break;
}

// Check INI
if (isset($inputData['activity']) && $inputData['activity'] === 'ini') {
if (ini_get($inputData['task']) >= 30) {
echo '[{"error" : "", "index" : "' . $inputData['index'] . '"}]';
Expand All @@ -243,12 +312,7 @@ function encryptFollowingDefuse($message, $ascii_key)

break;

case 'step_3':
$post_abspath = str_replace('\\', '/', $inputData['data']['absolute_path']);
if (substr($abspath, strlen($post_abspath) - 1) == '/') {
$post_abspath = substr($post_abspath, 0, strlen($post_abspath) - 1);
}

case 'step_3':
// launch
try {
$dbTmp = mysqli_connect(
Expand Down Expand Up @@ -290,17 +354,14 @@ function encryptFollowingDefuse($message, $ascii_key)
}

// For other queries with `url_path` and `absolute_path`
$escapedUrlPath = mysqli_real_escape_string($dbTmp, empty($post_urlpath) ? $inputData['db']['url_path'] : $post_urlpath);
$escapedAbsPath = mysqli_real_escape_string($dbTmp, empty($post_abspath) ? $inputData['data']['absolute_path'] : $post_abspath);

$tmp = mysqli_num_rows(mysqli_query($dbTmp, "SELECT * FROM `_install` WHERE `key` = 'url_path'"));
if (intval($tmp) === 0) {
mysqli_query($dbTmp, "INSERT INTO `_install` (`key`, `value`) VALUES ('url_path', '" . $escapedUrlPath . "');");
mysqli_query($dbTmp, "INSERT INTO `_install` (`key`, `value`) VALUES ('url_path', '" . $session_url_path . "');");
}

$tmp = mysqli_num_rows(mysqli_query($dbTmp, "SELECT * FROM `_install` WHERE `key` = 'absolute_path'"));
if (intval($tmp) === 0) {
mysqli_query($dbTmp, "INSERT INTO `_install` (`key`, `value`) VALUES ('absolute_path', '" . $escapedAbsPath . "');");
mysqli_query($dbTmp, "INSERT INTO `_install` (`key`, `value`) VALUES ('absolute_path', '" . $session_abspath . "');");
nilsteampassnet marked this conversation as resolved.
Show resolved Hide resolved
}

echo '[{"error" : "", "result" : "Connection is successful", "multiple" : ""}]';
Expand All @@ -311,55 +372,33 @@ function encryptFollowingDefuse($message, $ascii_key)
break;

case 'step_4':
$dbTmp = mysqli_connect(
$inputData['db']['db_host'],
$inputData['db']['db_login'],
$inputData['db']['db_pw'],
$inputData['db']['db_bdd'],
$inputData['db']['db_port']
);


// prepare data
foreach ($inputData['data'] as $key => $value) {
$escapedKey = mysqli_real_escape_string($dbTmp, $key);
$escapedValue = mysqli_real_escape_string($dbTmp, str_replace(array('"', '\'), array('""', '\\\\'), $value));
$inputData['data'][$escapedKey] = $escapedValue;
}

// check skpath
if (empty($inputData['data']['sk_path'])) {
$inputData['data']['sk_path'] = $session_abspath . '/includes';
} else {
$inputData['data']['sk_path'] = str_replace('\', '/', $inputData['data']['sk_path']);
}
if (substr($inputData['data']['sk_path'], strlen($inputData['data']['sk_path']) - 1) == '/' || substr($inputData['data']['sk_path'], strlen($inputData['data']['sk_path']) - 1) == '"') {
$inputData['data']['sk_path'] = substr($inputData['data']['sk_path'], 0, strlen($inputData['data']['sk_path']) - 1);
}
if (is_dir($inputData['data']['sk_path'])) {
if (is_writable($inputData['data']['sk_path'])) {
// store all variables in SESSION
foreach ($inputData['data'] as $key => $value) {
$superGlobal->put($key, $value, 'SESSION');

// Use mysqli_real_escape_string to escape keys and values
$escapedKey = mysqli_real_escape_string($dbTmp, $key);
$escapedValue = mysqli_real_escape_string($dbTmp, $value);
// store all variables in SESSION
foreach ($inputData['data'] as $key => $value) {
$superGlobal->put($key, $value, 'SESSION');

// Use mysqli_real_escape_string to escape keys and values
$escapedKey = mysqli_real_escape_string($dbTmp, $key);
$escapedValue = mysqli_real_escape_string($dbTmp, $value);

$tmp = mysqli_num_rows(mysqli_query($dbTmp, "SELECT * FROM `_install` WHERE `key` = '" . $escapedKey . "'"));
if (intval($tmp) === 0) {
mysqli_query($dbTmp, "INSERT INTO `_install` (`key`, `value`) VALUES ('" . $escapedKey . "', '" . $escapedValue . "');");
} else {
mysqli_query($dbTmp, "UPDATE `_install` SET `value` = '" . $escapedValue . "' WHERE `key` = '" . $escapedKey . "';");
}
}
echo '[{"error" : "", "result" : "Information stored", "multiple" : ""}]';
$tmp = mysqli_num_rows(mysqli_query($dbTmp, "SELECT * FROM `_install` WHERE `key` = '" . $escapedKey . "'"));
if (intval($tmp) === 0) {
mysqli_query($dbTmp, "INSERT INTO `_install` (`key`, `value`) VALUES ('" . $escapedKey . "', '" . $escapedValue . "');");
} else {
echo '[{"error" : "The Directory must be writable!", "result" : "Information stored", "multiple" : ""}]';
mysqli_query($dbTmp, "UPDATE `_install` SET `value` = '" . $escapedValue . "' WHERE `key` = '" . $escapedKey . "';");
}
} else {
echo '[{"error" : "' . $inputData['data']['sk_path'] . ' is not a Directory!", "result" : "Information stored", "multiple" : ""}]';
}
mysqli_close($dbTmp);

echo '[{"error" : "", "result" : "Information stored", "multiple" : ""}]';

break;

case 'step_5':
Expand Down Expand Up @@ -1416,43 +1455,10 @@ function encryptFollowingDefuse($message, $ascii_key)
}

// launch
if (empty($var['sk_path'])) {
$securePath = $var['absolute_path'];
} else {
//ensure $var['sk_path'] has no trailing slash
$var['sk_path'] = rtrim(str_replace('\/', '//', $var['sk_path']), '/\\');
$securePath = $var['sk_path'];
}

$events = '';

if ($inputData['activity'] === 'file') {
if ($inputData['task'] === 'settings.php') {
// first is to create teampass-seckey.txt
// 0- check if exists
$filesecure = generateRandomKey();
define('SECUREFILE', $filesecure);
$filename_seckey = $securePath . '/' . $filesecure;

if (file_exists($filename_seckey)) {
if (!copy($filename_seckey, $filename_seckey . '.' . date('Y_m_d', mktime(0, 0, 0, (int) date('m'), (int) date('d'), (int) date('y'))))) {
echo '[{"error" : "File `'.$filename_seckey.'` already exists and cannot be renamed. Please do it by yourself and click on button Launch.", "result":"", "index" : "' . $inputData['index'] . '", "multiple" : "' . $inputData['multiple'] . '"}]';
break;
} else {
unlink($filename);
}
}

// 1- generate saltkey
$key = Key::createNewRandomKey();
$new_salt = $key->saveToAsciiSafeString();

// 2- store key in file
file_put_contents(
$filename_seckey,
$new_salt
);

// Now create settings file
$filename = '../includes/config/settings.php';

Expand All @@ -1464,7 +1470,12 @@ function encryptFollowingDefuse($message, $ascii_key)
unlink($filename);
}
}
//echo ">". $inputData['db']['db_pw']." -- ".$new_salt." ;; ";

//
nilsteampassnet marked this conversation as resolved.
Show resolved Hide resolved
if (file_exists(__DIR__.'/../includes/config/'.SECUREFILE)) {
unlink(__DIR__.'/../includes/config/'.SECUREFILE);
}

// Encrypt the DB password
$encrypted_text = encryptFollowingDefuse(
$inputData['db']['db_pw'],
Expand Down Expand Up @@ -1497,8 +1508,8 @@ function encryptFollowingDefuse($message, $ascii_key)
define("DB_CONNECT_OPTIONS", array(
MYSQLI_OPT_CONNECT_TIMEOUT => 10
));
define("SECUREPATH", "' . $securePath . '");
define("SECUREFILE", "' . $filesecure. '");
define("SECUREPATH", "' . $session_sk_path . '");
nilsteampassnet marked this conversation as resolved.
Show resolved Hide resolved
define("SECUREFILE", "' . SECUREFILE. '");

if (isset($_SESSION[\'settings\'][\'timezone\']) === true) {
date_default_timezone_set($_SESSION[\'settings\'][\'timezone\']);
Expand Down