equal
deleted
inserted
replaced
|
1 <?php |
|
2 |
|
3 // Migrate passwords to the new encryption scheme |
|
4 |
|
5 global $db, $session, $paths, $template, $plugins; // Common objects |
|
6 require_once(ENANO_ROOT . '/includes/hmac.php'); |
|
7 |
|
8 @set_time_limit(0); |
|
9 |
|
10 $q = $db->sql_query('UPDATE ' . table_prefix . "users SET old_encryption = 2 WHERE user_id > 1 AND old_encryption = 0;"); |
|
11 if ( !$q ) |
|
12 $db->_die(); |
|
13 |
|
14 $q = $db->sql_query('SELECT user_id, password FROM ' . table_prefix . "users WHERE user_id > 1 AND old_encryption = 2;"); |
|
15 if ( !$q ) |
|
16 $db->_die(); |
|
17 |
|
18 while ( $row = $db->fetchrow($q) ) |
|
19 { |
|
20 $password = $session->pk_decrypt($row['password']); |
|
21 if ( empty($password) ) |
|
22 { |
|
23 global $ui; |
|
24 echo '<p>1.1.5-1.1.6 migration script: ERROR: bad password returned from $session->pk_decrypt()</p>'; |
|
25 $ui->show_footer(); |
|
26 exit; |
|
27 } |
|
28 $hmac_secret = hexencode(AESCrypt::randkey(20), '', ''); |
|
29 $password = hmac_sha1($password, $hmac_secret); |
|
30 $e = $db->sql_query('UPDATE ' . table_prefix . "users SET password = '{$password}', password_salt = '{$hmac_secret}', old_encryption = 0 WHERE user_id = {$row['user_id']};"); |
|
31 if ( !$e ) |
|
32 $db->_die(); |
|
33 } |
|
34 |
|
35 |