This script checks for passwords stored in clear text (e.g after a mass import), and encrypts them with the master key.
This commit is contained in:
Gergely Polonkai (W00d5t0ck) 2011-02-22 15:00:48 +01:00
parent 9bb6cb927e
commit ed41012109
2 changed files with 35 additions and 3 deletions

View File

@ -290,17 +290,20 @@ if (!class_exists('PWSdb'))
function updatePassword($passwordId, $newPassword, $username = null) function updatePassword($passwordId, $newPassword, $username = null)
{ {
$query = '';
$params = array();
if ($username === null) if ($username === null)
{ {
$sth = $this->prepare('UPDATE passwords SET password = ? WHERE id = ?'); $query = 'UPDATE passwords SET password = ? WHERE id = ?';
$params = array($this->encryptPassword($newPassword), $passwordId); $params = array($this->encryptPassword($newPassword), $passwordId);
} }
else else
{ {
$sth = $this->prepare('UPDATE passwords SET password = ?, modifiedby = ?, modifiedat = datetime(\'now\') WHERE id = ?'); $query = 'UPDATE passwords SET password = ?, modifiedby = ?, modifiedat = datetime(\'now\') WHERE id = ?';
$params = array($this->encryptPassword($newPassword), $username, $passwordId); $params = array($this->encryptPassword($newPassword), $username, $passwordId);
} }
$sth->execute(); $sth = $this->prepare($query);
$sth->execute($params);
} }
function updatePasswordAccess($passwordId) function updatePasswordAccess($passwordId)
@ -391,6 +394,14 @@ if (!class_exists('PWSdb'))
$sth->execute(array(':querytext' => '%' . str_replace(array('%', '_'), array('~%', '~_'), $query) . '%')); $sth->execute(array(':querytext' => '%' . str_replace(array('%', '_'), array('~%', '~_'), $query) . '%'));
return $sth->fetchAll(); return $sth->fetchAll();
} }
function getClearPasswords()
{
$sth = $this->prepare('SELECT id, password FROM passwords WHERE password LIKE ?');
$sth->execute(array('{CLEAR}%'));
return $sth->fetchAll();
}
} }
} }

View File

@ -0,0 +1,21 @@
<?php
// Check and update clear text password in the database
// OPTIONS
$webDir = '/var/www/localhost/htdocs/passwordstore';
require_once $webDir . '/config.php';
require_once $webDir . '/class.db.php';
pwsdbh($dbDSN)->setKey(file_get_contents($masterKey));
$passwords = pwsdbh($dbDSN)->getClearPasswords();
foreach ($passwords as $rec)
{
echo "Updating password with ID " . $rec['id'] . "\n";
$rec['password'] = $rec[1] = substr($rec['password'], 7);
pwsdbh($dbDSN)->updatePassword($rec['id'], $rec['password']);
}