From ed4101210933bfe7af7de891b18b01ca2a6bee40 Mon Sep 17 00:00:00 2001
From: "Gergely Polonkai (W00d5t0ck)" <polesz@w00d5t0ck.info>
Date: Tue, 22 Feb 2011 15:00:48 +0100
Subject: [PATCH] Added ch

This script checks for passwords stored in clear text (e.g after a mass import), and encrypts them with the master key.
---
 class.db.php                    | 17 ++++++++++++++---
 scripts/checkclearpasswords.php | 21 +++++++++++++++++++++
 2 files changed, 35 insertions(+), 3 deletions(-)
 create mode 100644 scripts/checkclearpasswords.php

diff --git a/class.db.php b/class.db.php
index 6faf815..79a259d 100644
--- a/class.db.php
+++ b/class.db.php
@@ -290,17 +290,20 @@ if (!class_exists('PWSdb'))
 
 		function updatePassword($passwordId, $newPassword, $username = null)
 		{
+			$query = '';
+			$params = array();
 			if ($username === null)
 			{
-				$sth = $this->prepare('UPDATE passwords SET password = ? WHERE id = ?');
+				$query = 'UPDATE passwords SET password = ? WHERE id = ?';
 				$params = array($this->encryptPassword($newPassword), $passwordId);
 			}
 			else
 			{
-				$sth = $this->prepare('UPDATE passwords SET password = ?, modifiedby = ?, modifiedat = datetime(\'now\') WHERE id = ?');
+				$query = 'UPDATE passwords SET password = ?, modifiedby = ?, modifiedat = datetime(\'now\') WHERE id = ?';
 				$params = array($this->encryptPassword($newPassword), $username, $passwordId);
 			}
-			$sth->execute();
+			$sth = $this->prepare($query);
+			$sth->execute($params);
 		}
 
 		function updatePasswordAccess($passwordId)
@@ -391,6 +394,14 @@ if (!class_exists('PWSdb'))
 			$sth->execute(array(':querytext' => '%' . str_replace(array('%', '_'), array('~%', '~_'), $query) . '%'));
 			return $sth->fetchAll();
 		}
+
+		function getClearPasswords()
+		{
+			$sth = $this->prepare('SELECT id, password FROM passwords WHERE password LIKE ?');
+			$sth->execute(array('{CLEAR}%'));
+
+			return $sth->fetchAll();
+		}
 	}
 }
 
diff --git a/scripts/checkclearpasswords.php b/scripts/checkclearpasswords.php
new file mode 100644
index 0000000..de7cf0b
--- /dev/null
+++ b/scripts/checkclearpasswords.php
@@ -0,0 +1,21 @@
+<?php
+// Check and update clear text password in the database
+
+
+// OPTIONS
+$webDir = '/var/www/localhost/htdocs/passwordstore';
+
+require_once $webDir . '/config.php';
+require_once $webDir . '/class.db.php';
+
+pwsdbh($dbDSN)->setKey(file_get_contents($masterKey));
+
+$passwords = pwsdbh($dbDSN)->getClearPasswords();
+
+foreach ($passwords as $rec)
+{
+	echo "Updating password with ID " . $rec['id'] . "\n";
+	$rec['password'] = $rec[1] = substr($rec['password'], 7);
+	pwsdbh($dbDSN)->updatePassword($rec['id'], $rec['password']);
+}
+