install/schemas/upgrade/1.1.5-1.1.6.php
changeset 1259 49db7495f6b8
parent 1258 d972b1276d95
child 1260 cd72bcd83401
equal deleted inserted replaced
1258:d972b1276d95 1259:49db7495f6b8
     1 <?php
       
     2 
       
     3 // Migrate passwords to the new encryption scheme
       
     4 
       
     5 global $db, $session, $paths, $template, $plugins; // Common objects
       
     6 require_once(ENANO_ROOT . '/includes/hmac.php');
       
     7 
       
     8 @set_time_limit(0);
       
     9 
       
    10 $q = $db->sql_query('UPDATE ' . table_prefix . "users SET old_encryption = 2 WHERE user_id > 1 AND old_encryption = 0;");
       
    11 if ( !$q )
       
    12 	$db->_die();
       
    13 
       
    14 $q = $db->sql_query('SELECT user_id, password FROM ' . table_prefix . "users WHERE user_id > 1 AND old_encryption = 2;");
       
    15 if ( !$q )
       
    16 	$db->_die();
       
    17 
       
    18 while ( $row = $db->fetchrow($q) )
       
    19 {
       
    20 	$password = $session->pk_decrypt($row['password']);
       
    21 	if ( empty($password) )
       
    22 	{
       
    23 		global $ui;
       
    24 		echo '<p>1.1.5-1.1.6 migration script: ERROR: bad password returned from $session->pk_decrypt()</p>';
       
    25 		$ui->show_footer();
       
    26 		exit;
       
    27 	}
       
    28 	$hmac_secret = hexencode(AESCrypt::randkey(20), '', '');
       
    29 	$password = hmac_sha1($password, $hmac_secret);
       
    30 	$e = $db->sql_query('UPDATE ' . table_prefix . "users SET password = '{$password}', password_salt = '{$hmac_secret}', old_encryption = 0 WHERE user_id = {$row['user_id']};");
       
    31 	if ( !$e )
       
    32 		$db->_die();
       
    33 }
       
    34 
       
    35