Merge branch 'master' into techbar

functions.php

@@ -271,7 +271,7 @@ function setupFirstUserSpecificKey($user_password, $site_encryption_master_key)
 }
 
 /*
- * For additional users / password changes
+ * For additional users / password changes (and now the API)
  * New Users: Requires the admin setting up their account have a Specific/Session key configured
  * Password Changes: Will use the current info in the session.
 */
@@ -282,7 +282,7 @@ function encryptUserSpecificKey($user_password)
 
     // Get the session info.
     $user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
-    $user_encryption_session_iv =  $_SESSION['user_encryption_session_iv'];
+    $user_encryption_session_iv = $_SESSION['user_encryption_session_iv'];
     $user_encryption_session_key = $_COOKIE['user_encryption_session_key'];
 
     // Decrypt the session key to get the master key
@@ -297,7 +297,7 @@ function encryptUserSpecificKey($user_password)
     return $salt . $iv . $ciphertext;
 }
 
-// Given a ciphertext (incl. IV) and the user's password, returns the site master key
+// Given a ciphertext (incl. IV) and the user's (or API key) password, returns the site master key
 // Ran at login, to facilitate generateUserSessionKey
 function decryptUserSpecificKey($user_encryption_ciphertext, $user_password)
 {
@@ -380,6 +380,32 @@ function encryptLoginEntry($login_password_cleartext)
     return $iv . $ciphertext;
 }
 
+function apiDecryptLoginEntry($login_ciphertext, $api_key_decrypt_hash, #[\SensitiveParameter]$api_key_decrypt_password)
+{
+    // Split the login entry (username/password) into IV and Ciphertext
+    $login_iv =  substr($login_ciphertext, 0, 16);
+    $login_ciphertext = $salt = substr($login_ciphertext, 16);
+
+    // Decrypt the api hash to get the master key
+    $site_encryption_master_key = decryptUserSpecificKey($api_key_decrypt_hash, $api_key_decrypt_password);
+
+    // Decrypt the login password using the master key
+    return openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv);
+}
+
+function apiEncryptLoginEntry(#[\SensitiveParameter]$credential_cleartext, $api_key_decrypt_hash, #[\SensitiveParameter]$api_key_decrypt_password)
+{
+    $iv = randomString();
+
+    // Decrypt the api hash to get the master key
+    $site_encryption_master_key = decryptUserSpecificKey($api_key_decrypt_hash, $api_key_decrypt_password);
+
+    // Encrypt the credential using the master key
+    $ciphertext = openssl_encrypt($credential_cleartext, 'aes-128-cbc', $site_encryption_master_key, 0, $iv);
+
+    return $iv . $ciphertext;
+}
+
 // Get domain general info (whois + NS/A/MX records)
 function getDomainRecords($name)
 {
@@ -738,6 +764,10 @@ function sanitizeForEmail($data)
 
 function timeAgo($datetime)
 {
+    if (is_null($datetime)) {
+        return "-";
+    }
+
     $time = strtotime($datetime);
     $difference = $time - time(); // Changed to handle future dates
 
@@ -1193,36 +1223,6 @@ function fetchUpdates() {
 
 }
 
-// Get domain expiration date -- Remove in the future Replace with PHP function
-function getDomainExpirationDateOLD($name)
-{
-
-    // Only run if we think the domain is valid
-    if (!filter_var($name, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
-        return "NULL";
-    }
-
-    $ch = curl_init();
-    curl_setopt($ch, CURLOPT_URL, "http://lookup.itflow.org:8080/$name");
-    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
-    $response = json_decode(curl_exec($ch), 1);
-
-    if ($response) {
-        if (is_array($response['expiration_date'])) {
-            $expiry = new DateTime($response['expiration_date'][1]);
-        } elseif (isset($response['expiration_date'])) {
-            $expiry = new DateTime($response['expiration_date']);
-        } else {
-            return "NULL";
-        }
-
-        return $expiry->format('Y-m-d');
-    }
-
-    // Default return
-    return "NULL";
-}
-
 function getDomainExpirationDate($domain) {
     // Execute the whois command
     $result = shell_exec("whois " . escapeshellarg($domain));