Added ch
This script checks for passwords stored in clear text (e.g after a mass import), and encrypts them with the master key.
This commit is contained in:
Gergely Polonkai (W00d5t0ck)
17
class.db.php
17
class.db.php
@@ -290,17 +290,20 @@ if (!class_exists('PWSdb'))
|
||||
|
||||
function updatePassword($passwordId, $newPassword, $username = null)
|
||||
{
|
||||
$query = '';
|
||||
$params = array();
|
||||
if ($username === null)
|
||||
{
|
||||
$sth = $this->prepare('UPDATE passwords SET password = ? WHERE id = ?');
|
||||
$query = 'UPDATE passwords SET password = ? WHERE id = ?';
|
||||
$params = array($this->encryptPassword($newPassword), $passwordId);
|
||||
}
|
||||
else
|
||||
{
|
||||
$sth = $this->prepare('UPDATE passwords SET password = ?, modifiedby = ?, modifiedat = datetime(\'now\') WHERE id = ?');
|
||||
$query = 'UPDATE passwords SET password = ?, modifiedby = ?, modifiedat = datetime(\'now\') WHERE id = ?';
|
||||
$params = array($this->encryptPassword($newPassword), $username, $passwordId);
|
||||
}
|
||||
$sth->execute();
|
||||
$sth = $this->prepare($query);
|
||||
$sth->execute($params);
|
||||
}
|
||||
|
||||
function updatePasswordAccess($passwordId)
|
||||
@@ -391,6 +394,14 @@ if (!class_exists('PWSdb'))
|
||||
$sth->execute(array(':querytext' => '%' . str_replace(array('%', '_'), array('~%', '~_'), $query) . '%'));
|
||||
return $sth->fetchAll();
|
||||
}
|
||||
|
||||
function getClearPasswords()
|
||||
{
|
||||
$sth = $this->prepare('SELECT id, password FROM passwords WHERE password LIKE ?');
|
||||
$sth->execute(array('{CLEAR}%'));
|
||||
|
||||
return $sth->fetchAll();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user