You are here

function aes_config in AES encryption 7

Same name and namespace in other branches
  1. 5 aes.module \aes_config()
  2. 6 aes.module \aes_config()

Inits aes_config form.

1 string reference to 'aes_config'
aes_menu in ./aes.module
Implements hook_menu().

File

./aes.admin.inc, line 12
AES encryption module administration settings.

Code

function aes_config() {
  $phpseclib_error_msg = "";
  $phpsec_load_result = aes_load_phpsec();
  $phpsec_loaded = FALSE;
  if ($phpsec_load_result > 0) {
    $phpsec_loaded = TRUE;
  }
  elseif ($phpsec_load_result == -1) {

    // Missing set_include_path.
    $phpseclib_error_msg = " <span style=\"color:#f00;\">" . t("Warning: phpseclib was found but can't be loaded since this sever doesn't allow setting the PHP include path.") . "</span>";
  }
  elseif ($phpsec_load_result == -2) {

    // Couldn't find phpseclib - don't output anything since this is perfectly
    // normal if using mcrypt.
  }
  elseif ($phpsec_load_result == -3) {

    // Found phpseclib, but couldn't read its files.
    $phpseclib_error_msg = " <span style=\"color:#f00;\">" . t("Warning: phpseclib was found but couldn't be read, check permissions.") . "</span>";
  }
  if (file_exists(variable_get("aes_key_path", "")) && is_writable(variable_get("aes_key_path", "")) == FALSE && variable_get("aes_key_storage_method", "Database") == "File") {
    drupal_set_message(t("The keyfile %keyfile_path is not writable. This module needs to be able to write to this file to update the encryption key.", array(
      '%keyfile_path' => variable_get("aes_key_path", ""),
    )), "warning");
  }
  $form = array();
  $form['aes_convert'] = array(
    '#type' => 'checkbox',
    '#title' => t('Create AES passwords'),
    '#default_value' => variable_get("aes_convert", FALSE),
    '#description' => t('Check this box if you would like for AES to start encrypting user passwords (and make them viewable to the roles with permission to do so). This is a process which normally will make more and more passwords AES-encrypted/readable over time since the AES module only can get an existing users password in plain text at certain moments, one such moment being when the user logs in. So you won\'t be able to view an existing users password until that user has logged in at least once after you checked this box. You may test this on yourself by logging out and in again, which should make your password appear on your user page.'),
  );
  $encryption_implementations = array();
  if ($phpsec_loaded) {
    $encryption_implementations["phpseclib"] = t("PHP Secure Communications Library (phpseclib)");
  }
  if (extension_loaded("mcrypt")) {
    $encryption_implementations["mcrypt"] = t("Mcrypt extension");
  }
  if (!empty($encryption_implementations["mcrypt"]) && !empty($encryption_implementations["phpseclib"])) {
    $implementations_description = t("The Mcrypt implementation is the (only) implementation this module used until support for phpseclib was added. The Mcrypt implementation is faster than phpseclib and also lets you define the cipher to be used, other than that, the two implementations are equivalent.");
  }
  elseif (!empty($encryption_implementations["mcrypt"]) && empty($encryption_implementations["phpseclib"])) {
    $implementations_description = t("The Mcrypt extension is the only installed implementation.") . $phpseclib_error_msg;
  }
  elseif (empty($encryption_implementations["mcrypt"]) && !empty($encryption_implementations["phpseclib"])) {
    $implementations_description = t("PHP Secure Communications Library is the only installed implementation.");
  }
  if (empty($encryption_implementations)) {
    $encryption_implementations = array(
      t('None!'),
    );
    drupal_set_message(t("You do not have an AES implementation installed!"), "error");
  }
  $form['aes_implementation'] = array(
    '#type' => 'select',
    '#title' => t('AES implementation'),
    '#options' => $encryption_implementations,
    '#default_value' => variable_get("aes_implementation", "mcrypt"),
    '#description' => $implementations_description,
  );
  $form['view_method'] = array(
    '#type' => 'select',
    '#title' => t('Method for viewing passwords'),
    '#options' => array(
      'inplace' => t('In place'),
      'page' => t('Own page'),
      'both' => t('Both'),
      'neither' => t('Neither'),
    ),
    '#default_value' => variable_get("aes_viewing_method", "page"),
    '#description' => t('Whether to show the password as an in-place AJAX field on the user info page or on a separate page with a tab on the user page, both, or neither.'),
  );
  $form['aes_cipher'] = array(
    '#type' => 'select',
    '#title' => t('Cipher'),
    '#options' => array(
      'rijndael-128' => 'Rijndael 128',
      'rijndael-192' => 'Rijndael 192',
      'rijndael-256' => 'Rijndael 256',
    ),
    '#default_value' => variable_get("aes_cipher", "rijndael-128"),
    '#states' => array(
      'invisible' => array(
        ':input[name="aes_implementation"]' => array(
          'value' => 'phpseclib',
        ),
      ),
    ),
  );
  $form['aes_cipher_notice'] = array(
    '#type' => 'item',
    '#title' => t('Cipher'),
    '#markup' => t("Is locked to Rijndael 128 when using the phpseclib implementation.") . "<br/>",
    '#states' => array(
      'visible' => array(
        ':input[name="aes_implementation"]' => array(
          'value' => 'phpseclib',
        ),
      ),
    ),
  );
  $iv = base64_decode(variable_get("aes_encryption_iv", ""));
  $iv = empty($iv) ? 'Not defined' : 'Base64: ' . variable_get("aes_encryption_iv") . "\r\nHex: 0x" . strtoupper(bin2hex($iv));
  $form['iv'] = array(
    '#type' => 'textarea',
    '#title' => t('Initialization vector'),
    '#description' => t("The value used to encrypt and decrypt message. Less secure than key. Should be exposed among with encoded data when encoding is passed to an external system. Currently fully supported by MCrypt mode, with PHPSecLib used only for custom calls."),
    '#disabled' => TRUE,
    '#default_value' => $iv,
    '#rows' => 2,
  );
  $form['aes_key_storage_method'] = array(
    '#type' => 'select',
    '#title' => t('Key storage method'),
    '#options' => array(
      'Database' => 'Database',
      'File' => 'File',
    ),
    '#default_value' => variable_get("aes_key_storage_method", "Database"),
    '#description' => t('If possible, you should use the file storage method and assign a path below.'),
  );
  $form['aes_key_path'] = array(
    '#type' => 'textfield',
    '#title' => t('Path to keyfile'),
    '#default_value' => variable_get("aes_key_path", ""),
    '#description' => t('The path, including the filename, of the file in which to store your key. The access restrictions on this file should be set as high as possible while still allowing webserver read/write access.'),
  );
  $form['aes_key'] = array(
    '#type' => 'password',
    '#title' => t('Key'),
    '#description' => t("The key for your encryption system. You normally don't need to worry about this since this module will generate a key for you if none is specified. However you have the option of using your own custom key here."),
  );
  $form['aes_key_c'] = array(
    '#type' => 'password',
    '#title' => t('Confirm key'),
  );
  $form['submit'] = array(
    '#type' => 'submit',
    '#value' => t('Save'),
  );
  return $form;
}