Wireless support - allow initial plain username and password

When user name and password are stored in plain text, these will be encrypted at start up.

emhttp/plugins/dynamix/include/update.wireless.php

@@ -11,12 +11,11 @@
  */
 ?>
 <?
-$ssl = '/etc/rc.d/rc.ssl.input';
-if (is_readable($ssl)) extract(parse_ini_file($ssl));
+$open_ssl = "/usr/local/emhttp/webGui/scripts/open_ssl";
 
 // encrypt username and password before saving (if existing)
-if (!empty($_POST['USERNAME']) && isset($cipher,$key,$iv)) $_POST['USERNAME'] = openssl_encrypt($_POST['USERNAME'],$cipher,$key,0,$iv);
-if (!empty($_POST['PASSWORD']) && isset($cipher,$key,$iv)) $_POST['PASSWORD'] = openssl_encrypt($_POST['PASSWORD'],$cipher,$key,0,$iv);
+if (!empty($_POST['USERNAME'])) $_POST['USERNAME'] = exec("$open_ssl encrypt \"{$_POST['USERNAME']}\"");
+if (!empty($_POST['PASSWORD'])) $_POST['PASSWORD'] = exec("$open_ssl encrypt \"{$_POST['PASSWORD']}\"");
 
 // update active wifi selection
 foreach ($keys as $key => $val) if (isset($val['GROUP'])) $keys[$key]['GROUP'] = 'saved';

emhttp/plugins/dynamix/scripts/open_ssl

@@ -0,0 +1,28 @@
+#!/usr/bin/php -q
+<?PHP
+/* Copyright 2005-2025, Lime Technology
+ * Copyright 2012-2025, Bergware International.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ */
+?>
+<?
+$ssl_input = '/etc/rc.d/rc.ssl.input';
+if (is_readable($ssl_input)) extract(parse_ini_file($ssl_input));
+
+switch ($argv[1]) {
+case 'encrypt':
+  if (!empty($argv[2]) && isset($cipher,$key,$iv)) $encrypt = openssl_encrypt($argv[2],$cipher,$key,0,$iv);
+  if (!empty($encrypt)) echo "$encrypt";
+  break;
+case 'decrypt':
+  if (!empty($argv[2]) && isset($cipher,$key,$iv)) $decrypt = openssl_decrypt($argv[2],$cipher,$key,0,$iv);
+  if (!empty($decrypt)) echo "$decrypt";
+  break;
+}
+?>

etc/rc.d/rc.wireless

@@ -11,6 +11,7 @@ CALLER="wifi"
 INI="/var/local/emhttp/wireless.ini"
 CFG="/boot/config/wireless.cfg"
 SSLINPUT="/etc/rc.d/rc.ssl.input"
+OPENSSL="/usr/local/emhttp/webGui/scripts/open_ssl"
 STARTWIFI="/usr/local/emhttp/webGui/scripts/wireless"
 WPA="/etc/wpa_supplicant.conf"
 
@@ -233,10 +234,20 @@ wifi_join(){
     return
   fi
   [[ -e $SSLINPUT ]] || ssl_init
-# get SSL keys
-  . $SSLINPUT
-  [[ -n $USERNAME ]] && USERNAME=$(echo $USERNAME | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
-  [[ -n $PASSWORD ]] && PASSWORD=$(echo $PASSWORD | openssl $cipher -a -d -K $(hex $key) -iv $(hex $iv) 2>/dev/null)
+  [[ -n $USERNAME ]] && DECRYPT1=$($OPENSSL decrypt "$USERNAME")
+  [[ -n $DECRYPT1 ]] && USERNAME=$DECRYPT1
+  [[ -n $PASSWORD ]] && DECRYPT2=$($OPENSSL decrypt "$PASSWORD")
+  [[ -n $DECRYPT2 ]] && PASSWORD=$DECRYPT2
+# plain username, encrypt username in settings file
+  if [[ -n $USERNAME && -z $DECRYPT1 ]]; then
+    ENCRYPT1=$($OPENSSL encrypt "$USERNAME")
+    sed -ri "s/^(USERNAME=\").+$/\1$ENCRYPT1\"/" $CFG
+  fi
+# plain password, encrypt password in settings file
+  if [[ -n $PASSWORD && -z $DECRYPT2 ]]; then
+    ENCRYPT2=$($OPENSSL encrypt "$PASSWORD")
+    sed -ri "s/^(PASSWORD=\").+$/\1$ENCRYPT2\"/" $CFG
+  fi
   SECURITY=${SECURITY:-$ATTR3}
   if [[ -z $SECURITY || ${SECURITY^^} == "OPEN" ]]; then
     # open network