makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/15219] Add console command for updating hashes to bcrypt

Browse source 
PHPBB3-15219
This commit is contained in:
Marc Alexander 2017-06-03 11:07:34 +02:00
parent 7034986427
commit 170613848a
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
3 changed files with 131 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
phpBB/config/console.yml
View file

@ -139,3 +139,15 @@ services:
- @dbal.conn - @dbal.conn
tags: tags:
- { name: console.command } - { name: console.command }
console.command.fixup.update_hashes:
class: phpbb\console\command\fixup\update_hashes
arguments:
- @config
- @user
- @dbal.conn
- @passwords.manager
- @passwords.driver_collection
- %passwords.algorithms%
tags:
- { name: console.command }

2
phpBB/language/en/cli.php
View file

@ -64,6 +64,7 @@ $lang = array_merge($lang, array(
'CLI_DESCRIPTION_RECALCULATE_EMAIL_HASH' => 'Recalculates the user_email_hash column of the users table.', 'CLI_DESCRIPTION_RECALCULATE_EMAIL_HASH' => 'Recalculates the user_email_hash column of the users table.',
'CLI_DESCRIPTION_SET_ATOMIC_CONFIG' => 'Sets a configuration options value only if the old matches the current value', 'CLI_DESCRIPTION_SET_ATOMIC_CONFIG' => 'Sets a configuration options value only if the old matches the current value',
'CLI_DESCRIPTION_SET_CONFIG' => 'Sets a configuration options value', 'CLI_DESCRIPTION_SET_CONFIG' => 'Sets a configuration options value',
'CLI_DESCRIPTION_UPDATE_HASH_BCRYPT' => 'Updates outdated password hashes to be hashed with bcrypt.',
'CLI_EXTENSION_DISABLE_FAILURE' => 'Could not disable extension %s', 'CLI_EXTENSION_DISABLE_FAILURE' => 'Could not disable extension %s',
'CLI_EXTENSION_DISABLE_SUCCESS' => 'Successfully disabled extension %s', 'CLI_EXTENSION_DISABLE_SUCCESS' => 'Successfully disabled extension %s',
@ -78,6 +79,7 @@ $lang = array_merge($lang, array(
'CLI_EXTENSIONS_ENABLED' => 'Enabled', 'CLI_EXTENSIONS_ENABLED' => 'Enabled',
'CLI_FIXUP_RECALCULATE_EMAIL_HASH_SUCCESS' => 'Successfully recalculated all email hashes.', 'CLI_FIXUP_RECALCULATE_EMAIL_HASH_SUCCESS' => 'Successfully recalculated all email hashes.',
'CLI_FIXUP_UPDATE_HASH_BCRYPT_SUCCESS' => 'Successfully updated outdated password hashes to bcrypt.'
)); ));
// Additional help for commands. // Additional help for commands.

117
phpBB/phpbb/console/command/fixup/update_hashes.php Normal file
View file

@ -0,0 +1,117 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\console\command\fixup;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Helper\ProgressBar;
class update_hashes extends \phpbb\console\command\command
{
/** @var \phpbb\config\config */
protected $config;
/** @var \phpbb\db\driver\driver_interface */
protected $db;
/** @var \phpbb\passwords\manager */
protected $passwords_manager;
/** @var string Default hashing type */
protected $default_type;
/**
* Update_hashes constructor
*
* @param \phpbb\config\config $config
* @param \phpbb\user $user
* @param \phpbb\db\driver\driver_interface $db
* @param \phpbb\passwords\manager $passwords_manager
* @param array $hashing_algorithms Hashing driver
* service collection
* @param array $defaults Default password types
*/
public function __construct(\phpbb\config\config $config, \phpbb\user $user,
\phpbb\db\driver\driver_interface $db, \phpbb\passwords\manager $passwords_manager,
$hashing_algorithms, $defaults)
{
$this->config = $config;
$this->db = $db;
$this->passwords_manager = $passwords_manager;
foreach ($defaults as $type)
{
if ($hashing_algorithms[$type]->is_supported())
{
$this->default_type = $type;
break;
}
}
parent::__construct($user);
}
/**
* {@inheritdoc}
*/
protected function configure()
{
$this
->setName('fixup:update-hashes')
->setDescription($this->user->lang('CLI_DESCRIPTION_UPDATE_HASH_BCRYPT'))
;
}
/**
* {@inheritdoc}
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
// Get count to be able to display progress
$sql = 'SELECT COUNT(user_id) AS count
FROM ' . USERS_TABLE . '
WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
$result = $this->db->sql_query($sql);
$total_update_passwords = $this->db->sql_fetchfield('count');
$this->db->sql_freeresult($result);
// Create progress bar
$progress_bar = new ProgressBar($output, $total_update_passwords);
$progress_bar->start();
$sql = 'SELECT user_id, user_password
FROM ' . USERS_TABLE . '
WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result))
{
$new_hash = $this->passwords_manager->hash($row['user_password'], array($this->default_type));
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = "' . $this->db->sql_escape($new_hash) . '"
WHERE user_id = ' . (int) $row['user_id'];
$this->db->sql_query($sql);
$progress_bar->advance();
}
$this->config->set('update_hashes_last_cron', time());
$progress_bar->finish();
$output->writeln('<info>' . $this->user->lang('CLI_FIXUP_UPDATE_HASH_BCRYPT_SUCCESS') . '</info>');
}
}