diff --git a/class.db.php b/class.db.php index 6faf815..79a259d 100644 --- a/class.db.php +++ b/class.db.php @@ -290,17 +290,20 @@ if (!class_exists('PWSdb')) function updatePassword($passwordId, $newPassword, $username = null) { + $query = ''; + $params = array(); if ($username === null) { - $sth = $this->prepare('UPDATE passwords SET password = ? WHERE id = ?'); + $query = 'UPDATE passwords SET password = ? WHERE id = ?'; $params = array($this->encryptPassword($newPassword), $passwordId); } else { - $sth = $this->prepare('UPDATE passwords SET password = ?, modifiedby = ?, modifiedat = datetime(\'now\') WHERE id = ?'); + $query = 'UPDATE passwords SET password = ?, modifiedby = ?, modifiedat = datetime(\'now\') WHERE id = ?'; $params = array($this->encryptPassword($newPassword), $username, $passwordId); } - $sth->execute(); + $sth = $this->prepare($query); + $sth->execute($params); } function updatePasswordAccess($passwordId) @@ -391,6 +394,14 @@ if (!class_exists('PWSdb')) $sth->execute(array(':querytext' => '%' . str_replace(array('%', '_'), array('~%', '~_'), $query) . '%')); return $sth->fetchAll(); } + + function getClearPasswords() + { + $sth = $this->prepare('SELECT id, password FROM passwords WHERE password LIKE ?'); + $sth->execute(array('{CLEAR}%')); + + return $sth->fetchAll(); + } } } diff --git a/scripts/checkclearpasswords.php b/scripts/checkclearpasswords.php new file mode 100644 index 0000000..de7cf0b --- /dev/null +++ b/scripts/checkclearpasswords.php @@ -0,0 +1,21 @@ +setKey(file_get_contents($masterKey)); + +$passwords = pwsdbh($dbDSN)->getClearPasswords(); + +foreach ($passwords as $rec) +{ + echo "Updating password with ID " . $rec['id'] . "\n"; + $rec['password'] = $rec[1] = substr($rec['password'], 7); + pwsdbh($dbDSN)->updatePassword($rec['id'], $rec['password']); +} +