I solved issues with Cryptographic Issues

2015-03-26 10:19:43 -04:00
parent f402d00446
commit ef261316b0
7 changed files with 13 additions and 13 deletions
--- a/gulliver/system/class.headPublisher.php
+++ b/gulliver/system/class.headPublisher.php
@@ -536,7 +536,7 @@ class headPublisher
            $cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $cacheName . '.js';
            file_put_contents($cacheFilename, file_get_contents($jsFilename));
        } else {
-            $cacheName = md5($mtime . $jsFilename);
+            $cacheName = G::encryptOld($mtime . $jsFilename);
            $cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $cacheName . '.js';

            if (!file_exists($cacheFilename)) {
@@ -581,7 +581,7 @@ class headPublisher
                    }
                    if (file_exists(PATH_PLUGINS . $pluginJsFile)) {
                        $mtime = filemtime(PATH_PLUGINS . $pluginJsFile);
-                        $jsPluginCacheName = md5($mtime . $pluginJsFile);
+                        $jsPluginCacheName = G::encryptOld($mtime . $pluginJsFile);
                        $cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $jsPluginCacheName . '.js';

                        if (!file_exists($cacheFilename)) {
--- a/gulliver/system/class.rbac.php
+++ b/gulliver/system/class.rbac.php
@@ -320,7 +320,7 @@ class RBAC
            G::LoadClass('pmLicenseManager');
        }
        $licenseManager =& pmLicenseManager::getSingleton();
-        if (in_array(md5($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) {
+        if (in_array(G::encryptOld($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) {
            return -7;
        }
        /*----------------------------------********---------------------------------*/
--- a/gulliver/thirdparty/pear/class.soap_transport_http.php
+++ b/gulliver/thirdparty/pear/class.soap_transport_http.php
@@ -317,13 +317,13 @@ class soap_transport_http extends nusoap_base {
 				$A1 = $username. ':' . (isset($digestRequest['realm']) ? $digestRequest['realm'] : '') . ':' . $password;
 	
 				// H(A1) = MD5(A1)
-				$HA1 = md5($A1);
+				$HA1 = G::encryptOld($A1);
 	
 				// A2 = Method ":" digest-uri-value
 				$A2 = 'POST:' . $this->digest_uri;
 	
 				// H(A2)
-				$HA2 =  md5($A2);
+				$HA2 =  G::encryptOld($A2);
 	
 				// KD(secret, data) = H(concat(secret, ":", data))
 				// if qop == auth:
@@ -345,7 +345,7 @@ class soap_transport_http extends nusoap_base {
 					$unhashedDigest = $HA1 . ':' . $nonce . ':' . $HA2;
 				}
 	
-				$hashedDigest = md5($unhashedDigest);
+				$hashedDigest = G::encryptOld($unhashedDigest);
 	
 				$this->outgoing_headers['Authorization'] = 'Digest username="' . $username . '", realm="' . $digestRequest['realm'] . '", nonce="' . $nonce . '", uri="' . $this->digest_uri . '", cnonce="' . $cnonce . '", nc=' . sprintf("%08x", $digestRequest['nc']) . ', qop="' . $digestRequest['qop'] . '", response="' . $hashedDigest . '"';
 			}
--- a/workflow/engine/classes/class.Installer.php
+++ b/workflow/engine/classes/class.Installer.php
@@ -443,12 +443,12 @@ class Installer
        //  The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0.
        //  $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1',
        //    "Add 'admin' user in ProcessMaker (wf)");
-        $this->run_query('UPDATE USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . '  `USR_PASSWORD` = \'' . md5($this->options['admin']['password']) . '\' ' . '  WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (wf)");
+        $this->run_query('UPDATE USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . '  `USR_PASSWORD` = \'' . G::encryptOld($this->options['admin']['password']) . '\' ' . '  WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (wf)");
        mysql_select_db($this->rbac_site_name, $this->connection_database);
        // The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0.
        // $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1',
        //   "Add 'admin' user in ProcessMaker (rb)");
-        $this->run_query('UPDATE RBAC_USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . '  `USR_PASSWORD` = \'' . md5($this->options['admin']['password']) . '\' ' . '  WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (rb)");
+        $this->run_query('UPDATE RBAC_USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . '  `USR_PASSWORD` = \'' . G::encryptOld($this->options['admin']['password']) . '\' ' . '  WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (rb)");
    }

    /**
--- a/workflow/engine/classes/class.license.app.php
+++ b/workflow/engine/classes/class.license.app.php
@@ -420,7 +420,7 @@ class license_application extends padl
            $DATA = $this->_unwrap_license($dat_str);
            if (is_array($DATA)) {
                # missing / incorrect id therefore it has been tampered with
-                if ($DATA['ID'] != md5($this->ID1)) {
+                if ($DATA['ID'] != G::encryptOld($this->ID1)) {
                    $DATA['RESULT'] = 'CORRUPT';
                }
                if ($this->USE_TIME) {
@@ -463,7 +463,7 @@ class license_application extends padl
                        # create the details to send to the home server
                        $stuff_to_send = array();
                        $stuff_to_send['LICENSE_DATA'] = $DATA;
-                        $stuff_to_send['LICENSE_DATA']['KEY'] = md5($dat_str);
+                        $stuff_to_send['LICENSE_DATA']['KEY'] = G::encryptOld($dat_str);
                        # dial home
                        $DATA['RESULT'] = $this->_call_home($stuff_to_send, $dialhost, $dialpath, $dialport);
                    } else {
--- a/workflow/engine/classes/class.pmFunctions.php
+++ b/workflow/engine/classes/class.pmFunctions.php
@@ -2234,7 +2234,7 @@ function setCaseTrackerCode ($sApplicationUID, $sCode, $sPIN = '')
        $aFields['APP_PROC_CODE'] = $sCode;
        if ($sPIN != '') {
            $aFields['APP_DATA']['PIN'] = $sPIN;
-            $aFields['APP_PIN'] = md5( $sPIN );
+            $aFields['APP_PIN'] = G::encryptOld( $sPIN );
        }
        $oCase->updateCase( $sApplicationUID, $aFields );
        if (isset($_SESSION['APPLICATION'])) {
--- a/workflow/engine/classes/triggers/class.pmSugarFunctions.php
+++ b/workflow/engine/classes/triggers/class.pmSugarFunctions.php
@@ -1,4 +1,4 @@
-<?php
+<?php

 /**
 * class.pmSugar.pmFunctions.php
@@ -51,7 +51,7 @@ function getSoapClientOptions ()
 function sugarLogin ($sugarSoap, $user, $password)
 {
    $client = new SoapClient( $sugarSoap, getSoapClientOptions() );
-    $auth_array = array ('user_auth' => array ('user_name' => $user,'password' => md5( $password ),'version' => '1.0') );
+    $auth_array = array ('user_auth' => array ('user_name' => $user,'password' => G::encryptOld( $password ),'version' => '1.0') );
    $login_results = $client->__SoapCall( 'login', $auth_array );
    $session_id = $login_results->id;
    $user_guid = $client->__SoapCall( 'get_user_id', array ($session_id) );