Added backend handling of overwriting on import pre-cracked hashes

Author: Eric-Wasson

src/inc/apiv2/helper/importCrackedHashes.routes.php

@@ -28,6 +28,7 @@ public function getFormFields(): array {
       Hashlist::HASHLIST_ID => ["type" => "int"],
       "sourceData" => ['type' => 'str'],
       "separator" => ['type' => 'str'],
+      "overwrite" => ['type' => 'int'],
     ];
   }
 
@@ -52,7 +53,7 @@ public function actionPost($data): object|array|null {
 
     $importData = base64_decode($data["sourceData"]);
 
-    $result = HashlistUtils::processZap($hashlist->getId(), $data["separator"], "paste", ["hashfield" => $importData], [], $this->getCurrentUser());
+    $result = HashlistUtils::processZap($hashlist->getId(), $data["separator"], "paste", ["hashfield" => $importData], [], $this->getCurrentUser(), (isset($data["overwrite"]) && intval($data["overwrite"]) == 1) ? true : false);
 
     return [
       "totalLines" => $result[0],

src/inc/handlers/HashlistHandler.class.php

@@ -49,7 +49,7 @@ public function handle($action) {
           break;
         case DHashlistAction::PROCESS_ZAP:
           AccessControl::getInstance()->checkPermission(DHashlistAction::PROCESS_ZAP_PERM);
-          $data = HashlistUtils::processZap($_POST['hashlist'], $_POST['separator'], $_POST['source'], $_POST, $_FILES, AccessControl::getInstance()->getUser());
+          $data = HashlistUtils::processZap($_POST['hashlist'], $_POST['separator'], $_POST['source'], $_POST, $_FILES, AccessControl::getInstance()->getUser(), (isset($_POST["overwrite"]) && intval($_POST["overwrite"]) == 1) ? true : false);
           UI::addMessage(UI::SUCCESS, "Processed pre-cracked hashes: " . $data[0] . " total lines, " . $data[1] . " new cracked hashes, " . $data[2] . " were already cracked, " . $data[3] . " invalid lines, " . $data[4] . " not matching entries (" . $data[5] . "s)!");
           if ($data[6] > 0) {
             UI::addMessage(UI::WARN, $data[6] . " entries with too long plaintext");

src/inc/user-api/UserAPIHashlist.class.php

@@ -182,7 +182,8 @@ private function importCracked($QUERY) {
       'paste',
       ['hashfield' => base64_decode($QUERY[UQueryHashlist::HASHLIST_DATA])],
       [],
-      $this->user
+      $this->user,
+      false
     );
     $response = [
       UResponseHashlist::SECTION => $QUERY[UQueryHashlist::SECTION],

src/inc/utils/HashlistUtils.class.php

@@ -303,10 +303,11 @@ public static function rename($hashlistId, $name, $user) {
    * @param array $post
    * @param array $files
    * @param User $user
+   * @param boolean $overwritePlaintext
    * @return int[]
    * @throws HTException
    */
-  public static function processZap($hashlistId, $separator, $source, $post, $files, $user) {
+  public static function processZap($hashlistId, $separator, $source, $post, $files, $user, $overwritePlaintext) {
     // pre-crack hashes processor
     $hashlist = HashlistUtils::getHashlist($hashlistId);
     if (!AccessUtils::userCanAccessHashlists($hashlist, $user)) {
@@ -427,16 +428,22 @@ public static function processZap($hashlistId, $separator, $source, $post, $file
         }
         else if ($hashEntry->getIsCracked() == 1) {
           $alreadyCracked++;
-          continue;
+          if (!$overwritePlaintext) {
+            continue;
+          }
         }
         $plain = str_replace($hash . $separator . $hashEntry->getSalt() . $separator, "", $data);
         if (strlen($plain) > SConfig::getInstance()->getVal(DConfig::PLAINTEXT_MAX_LENGTH)) {
           $tooLong++;
           continue;
         }
         $hashFactory->mset($hashEntry, [Hash::PLAINTEXT => $plain, Hash::IS_CRACKED => 1, Hash::TIME_CRACKED => time()]);
-        $newCracked++;
-        $crackedIn[$hashEntry->getHashlistId()]++;
+        
+        if ($hashEntry->getIsCracked() != 1) {
+          $newCracked++;
+          $crackedIn[$hashEntry->getHashlistId()]++;
+        }
+
         if ($hashlist->getFormat() == DHashlistFormat::PLAIN) {
           $zaps[] = new Zap(null, $hashEntry->getHash(), time(), null, $hashlist->getId());
         }
@@ -469,19 +476,28 @@ public static function processZap($hashlistId, $separator, $source, $post, $file
         foreach ($hashEntries as $hashEntry) {
           if ($hashEntry->getIsCracked() == 1) {
             $alreadyCracked++;
-            continue;
+            if (!$overwritePlaintext) {
+              continue;
+            }
           }
+          
           $plain = str_replace($hash . $separator, "", $data);
+          
           if (strlen($plain) > SConfig::getInstance()->getVal(DConfig::PLAINTEXT_MAX_LENGTH)) {
             $tooLong++;
             continue;
           }
+          
           $hashFactory->mset($hashEntry, [Hash::PLAINTEXT => $plain, Hash::IS_CRACKED => 1, Hash::TIME_CRACKED => time()]);
-          $crackedIn[$hashEntry->getHashlistId()]++;
+          
+          if ($hashEntry->getIsCracked() != 1) {
+            $newCracked++;
+            $crackedIn[$hashEntry->getHashlistId()]++;
+          }
+
           if ($hashlist->getFormat() == DHashlistFormat::PLAIN) {
             $zaps[] = new Zap(null, $hashEntry->getHash(), time(), null, $hashlist->getId());
           }
-          $newCracked++;
         }
       }
       $bufferCount++;