Added ch
This script checks for passwords stored in clear text (e.g after a mass import), and encrypts them with the master key.
This commit is contained in:
parent
9bb6cb927e
commit
ed41012109
17
class.db.php
17
class.db.php
@ -290,17 +290,20 @@ if (!class_exists('PWSdb'))
|
|||||||
|
|
||||||
function updatePassword($passwordId, $newPassword, $username = null)
|
function updatePassword($passwordId, $newPassword, $username = null)
|
||||||
{
|
{
|
||||||
|
$query = '';
|
||||||
|
$params = array();
|
||||||
if ($username === null)
|
if ($username === null)
|
||||||
{
|
{
|
||||||
$sth = $this->prepare('UPDATE passwords SET password = ? WHERE id = ?');
|
$query = 'UPDATE passwords SET password = ? WHERE id = ?';
|
||||||
$params = array($this->encryptPassword($newPassword), $passwordId);
|
$params = array($this->encryptPassword($newPassword), $passwordId);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$sth = $this->prepare('UPDATE passwords SET password = ?, modifiedby = ?, modifiedat = datetime(\'now\') WHERE id = ?');
|
$query = 'UPDATE passwords SET password = ?, modifiedby = ?, modifiedat = datetime(\'now\') WHERE id = ?';
|
||||||
$params = array($this->encryptPassword($newPassword), $username, $passwordId);
|
$params = array($this->encryptPassword($newPassword), $username, $passwordId);
|
||||||
}
|
}
|
||||||
$sth->execute();
|
$sth = $this->prepare($query);
|
||||||
|
$sth->execute($params);
|
||||||
}
|
}
|
||||||
|
|
||||||
function updatePasswordAccess($passwordId)
|
function updatePasswordAccess($passwordId)
|
||||||
@ -391,6 +394,14 @@ if (!class_exists('PWSdb'))
|
|||||||
$sth->execute(array(':querytext' => '%' . str_replace(array('%', '_'), array('~%', '~_'), $query) . '%'));
|
$sth->execute(array(':querytext' => '%' . str_replace(array('%', '_'), array('~%', '~_'), $query) . '%'));
|
||||||
return $sth->fetchAll();
|
return $sth->fetchAll();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function getClearPasswords()
|
||||||
|
{
|
||||||
|
$sth = $this->prepare('SELECT id, password FROM passwords WHERE password LIKE ?');
|
||||||
|
$sth->execute(array('{CLEAR}%'));
|
||||||
|
|
||||||
|
return $sth->fetchAll();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
21
scripts/checkclearpasswords.php
Normal file
21
scripts/checkclearpasswords.php
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
<?php
|
||||||
|
// Check and update clear text password in the database
|
||||||
|
|
||||||
|
|
||||||
|
// OPTIONS
|
||||||
|
$webDir = '/var/www/localhost/htdocs/passwordstore';
|
||||||
|
|
||||||
|
require_once $webDir . '/config.php';
|
||||||
|
require_once $webDir . '/class.db.php';
|
||||||
|
|
||||||
|
pwsdbh($dbDSN)->setKey(file_get_contents($masterKey));
|
||||||
|
|
||||||
|
$passwords = pwsdbh($dbDSN)->getClearPasswords();
|
||||||
|
|
||||||
|
foreach ($passwords as $rec)
|
||||||
|
{
|
||||||
|
echo "Updating password with ID " . $rec['id'] . "\n";
|
||||||
|
$rec['password'] = $rec[1] = substr($rec['password'], 7);
|
||||||
|
pwsdbh($dbDSN)->updatePassword($rec['id'], $rec['password']);
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user