Encrypt email and sms passwords before saving to MySQL (#963)

It also automatically generates an encryption key if not existing storing it in config/config.php in order to enable encryption.

application/config/autoload.php

@@ -58,7 +58,7 @@ $autoload['packages'] = array();
 |
 |	$autoload['libraries'] = array('user_agent' => 'ua');
 */
-$autoload['libraries'] = array('database', 'form_validation', 'session', 'user_agent', 'pagination');
+$autoload['libraries'] = array('database', 'form_validation', 'session', 'user_agent', 'pagination', 'encryption');
 
 /*
 | -------------------------------------------------------------------

application/controllers/Config.php

@@ -183,7 +183,9 @@ class Config extends Secure_Controller
 				$themes[$dirinfo->getFileName()] = $dirinfo->getFileName();
 			}
 		}
+
 		asort($themes);
+
 		return $themes;
 	}
 	
@@ -313,12 +315,19 @@ class Config extends Secure_Controller
 
 	public function save_email()
 	{
+		$password = '';
+
+		if($this->_check_encryption())
+		{
+			$password = $this->encryption->encrypt($this->input->post('smtp_pass'));
+		}
+		
 		$batch_save_data = array(
 			'protocol' => $this->input->post('protocol'),
 			'mailpath' => $this->input->post('mailpath'),
 			'smtp_host' => $this->input->post('smtp_host'),
 			'smtp_user' => $this->input->post('smtp_user'),
-			'smtp_pass' => $this->input->post('smtp_pass'),
+			'smtp_pass' => $password,
 			'smtp_port' => $this->input->post('smtp_port'),
 			'smtp_timeout' => $this->input->post('smtp_timeout'),
 			'smtp_crypto' => $this->input->post('smtp_crypto')
@@ -332,10 +341,17 @@ class Config extends Secure_Controller
 
 	public function save_message()
 	{
+		$password = '';
+
+		if($this->_check_encryption())
+		{
+			$password = $this->encryption->encrypt($this->input->post('msg_pwd'));
+		}
+
 		$batch_save_data = array(	
 			'msg_msg' => $this->input->post('msg_msg'),
 			'msg_uid' => $this->input->post('msg_uid'),
-			'msg_pwd' => $this->input->post('msg_pwd'),
+			'msg_pwd' => $password,
 			'msg_src' => $this->input->post('msg_src')
 		);
 	
@@ -484,7 +500,62 @@ class Config extends Secure_Controller
     	$this->upload->do_upload('company_logo');
 
     	return strlen($this->upload->display_errors()) == 0 || !strcmp($this->upload->display_errors(), '<p>'.$this->lang->line('upload_no_file_selected').'</p>');
-    }
+	}
+	
+	private function _check_encryption()
+	{
+		$encryption_key = $this->config->item('encryption_key');
+		
+		// check if the encryption_key config item is the default one
+		if($encryption_key == '' || $encryption_key == 'YOUR KEY')
+		{
+			// Config path
+			$config_path = APPPATH . 'config/config.php';
+			
+			// Open the file
+			$config = file_get_contents($config_path);
+			
+			// $key will be assigned a 32-byte (256-bit) hex-encoded random key
+			$key = bin2hex($this->encryption->create_key(32));
+			
+			// replace the empty placeholder with a real randomly generated encryption key
+			if($encryption_key == '')
+			{
+				$config = str_replace("['encryption_key'] = '';", "['encryption_key'] = '" . $key . "';", $config);
+			}
+			else
+			{
+				$config = str_replace("['encryption_key'] = 'YOUR KEY';", "['encryption_key'] = '" . $key . "';", $config);				
+			}
+
+			// set the encryption key in the config item
+			$this->config->set_item('encryption_key', $key);
+
+			// Write the new config.php file
+			$handle = fopen($config_path, 'w+');
+
+			// Chmod the file
+			@chmod($config_path, 0777);
+			
+			$result = FALSE;
+
+			// Verify file permissions
+			if(is_writable($config_path))
+			{
+				// Write the file
+				$result = (fwrite($handle, $config) === FALSE) ? FALSE : TRUE;
+			}
+			
+			// Chmod the file
+			@chmod($config_path, 0444);
+			
+			fclose($handle);
+
+			return $result;
+		}
+		
+		return TRUE;
+	}
     
     public function backup_db()
     {

application/controllers/Home.php

@@ -16,9 +16,9 @@ class Home extends Secure_Controller
 
 	public function logout()
 	{
-		$this->Employee->logout();
-
 		$this->track_page('logout', 'logout');
+
+		$this->Employee->logout();
 	}
 }
 ?>

application/libraries/Email_lib.php

@@ -18,7 +18,7 @@ class Email_lib
 			'mailpath' => $this->CI->config->item('mailpath'),
 			'smtp_host' => $this->CI->config->item('smtp_host'),
 			'smtp_user' => $this->CI->config->item('smtp_user'),
-			'smtp_pass' => $this->CI->config->item('smtp_pass'),
+			'smtp_pass' => $this->CI->encryption->decrypt($this->CI->config->item('smtp_pass')),
 			'smtp_port' => $this->CI->config->item('smtp_port'),
 			'smtp_timeout' => $this->CI->config->item('smtp_timeout'),
 			'smtp_crypto' => $this->CI->config->item('smtp_crypto')

application/libraries/Sms_lib.php

@@ -16,7 +16,7 @@ class Sms_lib
 	public function sendSMS($phone, $message)
 	{
 		$username   = $this->CI->config->item('msg_uid');
-		$password   = $this->CI->config->item('msg_pwd');
+		$password   = $this->CI->encryption->decrypt($this->CI->config->item('msg_pwd'));
 		$originator = $this->CI->config->item('msg_src');
 		
 		$response = FALSE;
@@ -27,7 +27,7 @@ class Sms_lib
 			//echo $username . ' ' . $password . ' ' . $phone . ' ' . $message . ' ' . $originator;
 		}
 		else
-		{
+		{	
 			$response = TRUE;
 			
 			// make sure passed string is url encoded

application/models/Employee.php

@@ -298,7 +298,6 @@ class Employee extends Person
 	*/
 	public function login($username, $password)
 	{
-
 		$query = $this->db->get_where('employees', array('username' => $username, 'deleted' => 0), 1);
 
 		if($query->num_rows() == 1)
@@ -332,6 +331,7 @@ class Employee extends Person
 	public function logout()
 	{
 		$this->session->sess_destroy();
+
 		redirect('login');
 	}