Commit fc0f63f4 authored by arildb's avatar arildb

[MOD] Mail-in passwords are now encoded, thus no longer stored in cleartext

[ENH] Renamed button "Edit" to "Save". Pressing the button saves the account
[FIX] Improved detection of inlined attachments
[FIX] Log correct user when categorizing mail-in page
[FIX] Hide options when related feature is not active
parent 67bf2426
......@@ -2088,6 +2088,7 @@ installer/schema/20130530_category_log_tiki.sql -text
installer/schema/20130530_tracker_modification_log_tiki.sql -text
installer/schema/20130605_mailin_show_inline_tiki.sql -text
installer/schema/20130606_mailin_add_categoryId_tiki.sql -text
installer/schema/20130608_convert_mailin_pwd_tiki.php -text
installer/schema/999999991_decode_pages_sources_tiki.php -text
installer/schema/99999999_image_plugins_kill_tiki.php -text
installer/schema/index.php -text
......
<?php
function upgrade_20130608_convert_mailin_pwd_tiki($installer)
{
require('lib/mailin/mailinlib.php');
$fields = $installer->fetchAll('SELECT accountId, pass FROM tiki_mailin_accounts ');
foreach ($fields as $field) {
$accountId = $field['accountId'];
$pass = $field['pass'];
$crypt = $mailinlib->encryptPassword($pass);
$query = 'update tiki_mailin_accounts set pass=? where accountId=?';
$params = array($crypt, $accountId);
$installer->query($query, $params);
}
}
......@@ -319,7 +319,7 @@ class CategLib extends ObjectLib
* @return nothing
*
*/
function categorizePage($pageName, $categId)
function categorizePage($pageName, $categId, $user = '')
{
global $objectlib;
......@@ -332,10 +332,10 @@ class CategLib extends ObjectLib
$checkHandled = true;
$this->add_categorized_object('wiki page', $pageName, $description, $name, $href, $checkHandled);
$this->categorize($objectId, $categId);
$this->categorize($objectId, $categId, $user);
}
function categorize($catObjectId, $categId)
function categorize($catObjectId, $categId, $user = '')
{
global $prefs;
if (empty($categId)) {
......@@ -352,7 +352,7 @@ class CategLib extends ObjectLib
$info = TikiLib::lib('object')->get_object_via_objectid($catObjectId);
if ($prefs['feature_actionlog'] == 'y') {
global $logslib; include_once('lib/logs/logslib.php');
$logslib->add_action('Categorized', $info['itemId'], $info['type'], "categId=$categId");
$logslib->add_action('Categorized', $info['itemId'], $info['type'], "categId=$categId", $user);
}
require_once 'lib/search/refresh-functions.php';
refresh_index($info['type'], $info['itemId']);
......
......@@ -43,6 +43,10 @@ class MailinLib extends TikiLib
$ret = array();
while ($res = $result->fetchRow(DB_FETCHMODE_ASSOC)) {
// Decrypt the password
$pwd = $this->decryptPassword($res['pass']);
$res['pass'] = $pwd;
$ret[] = $res;
}
......@@ -78,6 +82,10 @@ class MailinLib extends TikiLib
$ret = array();
while ($res = $result->fetchRow(DB_FETCHMODE_ASSOC)) {
// Decrypt the password
$pwd = $this->decryptPassword($res['pass']);
$res['pass'] = $pwd;
$ret[] = $res;
}
......@@ -108,8 +116,11 @@ class MailinLib extends TikiLib
* @param 0 $categoryId
* @return bool
*/
function replace_mailin_account($accountId, $account, $pop, $port, $username, $pass, $smtp, $useAuth, $smtpPort, $type, $active, $anonymous, $attachments, $article_topicId = NULL, $article_type = NULL, $discard_after=NULL, $show_inlineImages='n', $categoryId = 0)
function replace_mailin_account($accountId, $account, $pop, $port, $username, $clearpass, $smtp, $useAuth, $smtpPort, $type, $active, $anonymous, $attachments, $article_topicId = NULL, $article_type = NULL, $discard_after=NULL, $show_inlineImages='n', $categoryId = 0)
{
// Encrypt password
$pass = $this->encryptPassword($clearpass);
if ($accountId) {
$bindvars = array($account,$pop,(int)$port,(int)$smtpPort,$username,$pass,$smtp,$useAuth,$type,$active,$anonymous,$attachments,(int)$article_topicId,$article_type,$discard_after,$show_inlineImages, $categoryId, (int)$accountId);
$query = "update `tiki_mailin_accounts` set `account`=?, `pop`=?, `port`=?, `smtpPort`=?, `username`=?, `pass`=?, `smtp`=?, `useAuth`=?, `type`=?, `active`=?, `anonymous`=?, `attachments`=?, `article_topicId`=?, `article_type`=? , `discard_after`=?, `show_inlineImages`=?, `categoryId`=? where `accountId`=?";
......@@ -147,7 +158,36 @@ class MailinLib extends TikiLib
return false;
}
$res = $result->fetchRow(DB_FETCHMODE_ASSOC);
// Decrypt the password
$pwd = $this->decryptPassword($res['pass']);
$res['pass'] = $pwd;
return $res;
}
/**
* encryptPassword the email account password
*
* @param string $pwd Password in clear-text
* @return crypt Encoded password
*
*/
function encryptPassword($pwd) {
$encoded = base64_encode($pwd);
return $encoded;
}
/**
* decryptPassword the email account password
*
* @param crypt $$encrypted Encoded password
* @return string Return clear text password
*
*/
function decryptPassword($encoded) {
$plaintext = base64_decode($encoded);
return $plaintext;
}
}
$mailinlib = new MailinLib;
......@@ -617,6 +617,9 @@ function prefs_feature_list($partial = false)
'description' => tra('Populate wiki pages and articles by email'),
'help' => 'Mail-in',
'keywords' => 'inbound email',
'dependencies' => array(
'feature_wiki',
),
'type' => 'flag',
'default' => 'n',
'view' => 'tiki-admin_mailin.php',
......
......@@ -81,7 +81,9 @@
<td>{tr}Type{/tr}</td>
<td colspan="3">
<select name="type" id='mailin_type' onchange='javascript:chgMailinType();'>
<option value="article-put" {if $info.type eq 'article-put'}selected="selected"{/if}>{tr}article-put{/tr}</option>
{if $prefs.feature_articles eq 'y'}
<option value="article-put" {if $info.type eq 'article-put'}selected="selected"{/if}>{tr}article-put{/tr}</option>
{/if}
<option value="wiki-get" {if $info.type eq 'wiki-get'}selected="selected"{/if}>{tr}wiki-get{/tr}</option>
<option value="wiki-put" {if $info.type eq 'wiki-put'}selected="selected"{/if}>{tr}wiki-put{/tr}</option>
<option value="wiki-append" {if $info.type eq 'wiki-append'}selected="selected"{/if}>{tr}wiki-append{/tr}</option>
......@@ -90,6 +92,7 @@
</td>
</tr>
{if $prefs.feature_articles eq 'y'}
<tr id='article_topic' {if $info.type ne 'article-put'}style="display:none;"{/if}><td>{tr}Article Topic{/tr}</td><td>
<select name="article_topicId">
{section name=t loop=$topics}
......@@ -108,7 +111,7 @@
</select>
{if $tiki_p_admin_cms eq 'y'}<a href="tiki-article_types.php" class="link">{tr}Admin Types{/tr}</a>{/if}
</td><td></td><td></td></tr>
{/if}
<tr>
<td>{tr}Active{/tr}</td>
<td colspan="3">
......@@ -127,6 +130,7 @@
<input type="radio" name="anonymous" {if $info.anonymous eq 'n'}checked="checked"{/if} value="n">
</td>
</tr>
{if $prefs.feature_wiki_attachments eq 'y'}
<tr>
<td>{tr}Allow attachments{/tr}</td>
<td colspan="3">
......@@ -145,21 +149,24 @@
<input type="radio" name="show_inlineImages" {if $info.show_inlineImages eq 'n' || $info.show_inlineImages eq '' }checked="checked"{/if} value="n">
</td>
</tr>
{/if}
<tr>
<td>{tr}Discard to the end from{/tr}</td>
<td colspan="3">
<input type="text" name="discard_after" value="{$info.discard_after|escape}">
</td>
</tr>
{if $prefs.feature_categories eq 'y'}
<tr>
<td>{tr}Auto-assign categoryId{/tr}</td>
<td colspan="3">
<input type="text" size="10" name="categoryId" value="{$info.categoryId}" />
</td>
</tr>
{/if}
<tr>
<td>&nbsp;</td>
<td colspan="3"><input type="submit" name="new_acc" value="{if $accountId eq 0}{tr}Add{/tr}{else}{tr}Edit{/tr}{/if}"></td>
<td colspan="3"><input type="submit" name="new_acc" value="{if $accountId eq 0}{tr}Add{/tr}{else}{tr}Save{/tr}{/if}"></td>
</tr>
</table>
</form>
......
......@@ -156,12 +156,15 @@ function mailin_extract_inline_images($pageName, $output, &$body, &$out, $user)
$is_html = true;
// Locate the page with inline attachments
// Check deep level first, to avoid detecting extra, non-inlined attachments
$activeParts = array();
if (isset($output["parts"][1]) && isset($output["parts"][1]['ctype_parameters']['name'])) {
$activeParts = $output["parts"];
if (isset($output["parts"][0]["parts"][0]['parts'][1]["type"]) && $output["parts"][0]["parts"][0]['parts'][1]["type"] == 'text/html') {
$activeParts = $output["parts"][0]["parts"];
} elseif (isset($output["parts"][0]['parts'][1]["type"]) && $output["parts"][0]['parts'][1]["type"] == 'text/html') {
$activeParts = $output["parts"][0]['parts'][1];
}
} elseif (isset($output["parts"][1]) && isset($output["parts"][1]['ctype_parameters']['name'])) {
$activeParts = $output["parts"];
}
// Scroll the page attachments
for ($it = 0, $count_outputparts = count($activeParts); $it < $count_outputparts; $it++) {
......@@ -239,6 +242,10 @@ foreach ($accs['data'] as $acc) {
$can_addAttachment = $acc['attachments'];
}
if (empty($acc['account'])) {
continue;
}
$content.= "<b>Processing account</b><br />";
$content.= "Account :" . $acc['account'] . "<br />";
$content.= "Type :" . $acc['type'] . "<br />";
......@@ -249,6 +256,8 @@ foreach ($accs['data'] as $acc) {
if ($pop3->connect($acc["pop"], $acc["port"])) {
$content.= "OK.<br />";
$content.= "Logging in...";
// Login
if ($status = ($pop3->login($acc["username"], $acc["pass"], "USER")) !== FALSE) {
$content.= "OK (" . $status . ").<br />";
if (defined($debugger)) $debugger->msg("Logged in, status " . $status);
......@@ -283,7 +292,7 @@ foreach ($accs['data'] as $acc) {
$message = $pop3->getMsg($i);
$output = mime::decode($message);
$content.= "Reading a request.<br />From: " . $aux["From"] . "<br />Subject: " . $output['header']['subject'] . "<br />";
$content.= "<br />Reading a request.<br />From: " . $aux["From"] . "<br />Subject: " . $output['header']['subject'] . "<br />";
$content.= "sender email: " . $email_from . "<br />";
$aux["sender"]["user"] = $userlib->get_user_by_email($email_from);
$content.= "sender user: " . $aux["sender"]["user"] . "<br />";
......@@ -306,7 +315,7 @@ foreach ($accs['data'] as $acc) {
$aux["sender"]["name"] = $email_from;
}
if ($acc['type'] == 'article-put') {
if ($prefs['prefs.feature_articles'] && $acc['type'] == 'article-put') {
// This is used to CREATE articles
$title = trim($output['header']['subject']);
$msgbody = mailin_get_body($output);
......@@ -439,14 +448,16 @@ foreach ($accs['data'] as $acc) {
$body = preg_replace("/" . $acc['discard_after'] . ".*$/s", "", $body);
}
if (!empty($body)) {
mailin_extract_inline_images($page, $output, $body, $content, $aux["sender"]["user"]);
mailin_check_attachments($output, $content, $page, $aux["sender"]["user"], $body);
if ($prefs['feature_wiki_attachments'] === 'y') {
mailin_extract_inline_images($page, $output, $body, $content, $aux["sender"]["user"]);
mailin_check_attachments($output, $content, $page, $aux["sender"]["user"], $body);
}
if (!$tikilib->page_exists($page)) {
$content.= "Page: $page has been created<br />";
$tikilib->create_page($page, 0, $body, $tikilib->now, "Created from " . $acc["account"], $aux["sender"]["user"], '0.0.0.0', '');
$content.= "Page: $page has been created<br />";
// Assign category, if specified
if (isset($acc['categoryId'])) {
if ($prefs['feature_categories'] && isset($acc['categoryId'])) {
try {
$categoryId = intval($acc['categoryId']);
if ($categoryId > 0) {
......@@ -454,7 +465,7 @@ foreach ($accs['data'] as $acc) {
$categlib = TikiLib::lib('categ');
$categories = $categlib->get_category($categoryId);
if ($categories !== false && !empty($categories)) {
$categlib->categorizePage($page, $categoryId);
$categlib->categorizePage($page, $categoryId, $aux["sender"]["user"]);
$content.= "Page: $page categorized. Id: ".$categoryId."<br />";
} else {
$content.= "Page: $page not categorized. Invalid categoryId: ".$categoryId."<br />";
......@@ -495,11 +506,13 @@ foreach ($accs['data'] as $acc) {
$body = preg_replace("/" . $acc['discard_after'] . ".*$/s", "", $body);
}
if (isset($body)) {
mailin_extract_inline_images($page, $output, $body, $content, $aux["sender"]["user"]);
mailin_check_attachments($output, $content, $page, $aux["sender"]["user"], $body);
if ($prefs['feature_wiki_attachments'] === 'y') {
mailin_extract_inline_images($page, $output, $body, $content, $aux["sender"]["user"]);
mailin_check_attachments($output, $content, $page, $aux["sender"]["user"], $body);
}
if (!$tikilib->page_exists($page)) {
$content.= "Page: $page has been created<br />";
$tikilib->create_page($page, 0, $body, $tikilib->now, "Created from " . $acc["account"], $aux["sender"]["user"], '0.0.0.0', '');
$content.= "Page: $page has been created<br />";
} else {
$info = $tikilib->get_page_info($page);
if ($acc['type'] == 'wiki-append' || $acc['type'] == 'wiki' && $method == "APPEND") $body = $info['data'] . $body;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment