Revert "Remove SQL column legacy_password"
This reverts commit 82f1f2f00e.
	
	
This commit is contained in:
		
					parent
					
						
							
								e860cdf6a8
							
						
					
				
			
			
				commit
				
					
						991a3d959e
					
				
			
		
					 5 changed files with 12 additions and 5 deletions
				
			
		|  | @ -1019,6 +1019,7 @@ CREATE TABLE IF NOT EXISTS `user` ( | |||
| 	`guid` varchar(64) NOT NULL DEFAULT '' COMMENT '', | ||||
| 	`username` varchar(255) NOT NULL DEFAULT '' COMMENT '', | ||||
| 	`password` varchar(255) NOT NULL DEFAULT '' COMMENT '', | ||||
| 	`legacy_password` boolean NOT NULL DEFAULT '0' COMMENT 'Is the password hash double-hashed?', | ||||
| 	`nickname` varchar(255) NOT NULL DEFAULT '' COMMENT '', | ||||
| 	`email` varchar(255) NOT NULL DEFAULT '' COMMENT '', | ||||
| 	`openid` varchar(255) NOT NULL DEFAULT '' COMMENT '', | ||||
|  |  | |||
|  | @ -1726,6 +1726,7 @@ class DBStructure | |||
| 						"guid" => ["type" => "varchar(64)", "not null" => "1", "default" => "", "comment" => ""], | ||||
| 						"username" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""], | ||||
| 						"password" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""], | ||||
| 						"legacy_password" => ["type" => "boolean", "not null" => "1", "default" => "0", "comment" => "Is the password hash double-hashed?"], | ||||
| 						"nickname" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""], | ||||
| 						"email" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""], | ||||
| 						"openid" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""], | ||||
|  |  | |||
|  | @ -170,12 +170,13 @@ class User | |||
| 
 | ||||
| 			if (!isset($user['uid']) | ||||
| 				|| !isset($user['password']) | ||||
| 				|| !isset($user['legacy_password']) | ||||
| 			) { | ||||
| 				throw new Exception(L10n::t('Not enough information to authenticate')); | ||||
| 			} | ||||
| 		} elseif (is_int($user_info) || is_string($user_info)) { | ||||
| 			if (is_int($user_info)) { | ||||
| 				$user = dba::selectFirst('user', ['uid', 'password'], | ||||
| 				$user = dba::selectFirst('user', ['uid', 'password', 'legacy_password'], | ||||
| 					[ | ||||
| 						'uid' => $user_info, | ||||
| 						'blocked' => 0, | ||||
|  | @ -185,7 +186,7 @@ class User | |||
| 					] | ||||
| 				); | ||||
| 			} else { | ||||
| 				$user = dba::fetch_first('SELECT `uid`, `password` | ||||
| 				$user = dba::fetch_first('SELECT `uid`, `password`, `legacy_password` | ||||
| 					FROM `user` | ||||
| 					WHERE (`email` = ? OR `username` = ? OR `nickname` = ?) | ||||
| 					AND `blocked` = 0 | ||||
|  | @ -276,6 +277,7 @@ class User | |||
| 			'password' => $pasword_hashed, | ||||
| 			'pwdreset' => null, | ||||
| 			'pwdreset_time' => null, | ||||
| 			'legacy_password' => false | ||||
| 		]; | ||||
| 		return dba::update('user', $fields, ['uid' => $uid]); | ||||
| 	} | ||||
|  |  | |||
|  | @ -226,7 +226,7 @@ class ExAuth | |||
| 		if ($a->get_hostname() == $aCommand[2]) { | ||||
| 			$this->writeLog(LOG_INFO, 'internal auth for ' . $sUser . '@' . $aCommand[2]); | ||||
| 
 | ||||
| 			$aUser = dba::selectFirst('user', ['uid', 'password'], ['nickname' => $sUser]); | ||||
| 			$aUser = dba::selectFirst('user', ['uid', 'password', 'legacy_password'], ['nickname' => $sUser]); | ||||
| 			if (DBM::is_result($aUser)) { | ||||
| 				$uid = $aUser['uid']; | ||||
| 				$success = User::authenticate($aUser, $aCommand[3]); | ||||
|  |  | |||
|  | @ -149,9 +149,12 @@ function update_1203() { | |||
| } | ||||
| 
 | ||||
| function update_1244() { | ||||
| 	// Sets legacy_password for all legacy hashes
 | ||||
| 	dba::update('user', ['legacy_password' => true], ['SUBSTR(password, 1, 4) != "$2y$"']); | ||||
| 
 | ||||
| 	// All legacy hashes are re-hashed using the new secure hashing function
 | ||||
| 	$stmt = dba::select('user', ['uid', 'password'], ['password NOT LIKE "$%"']); | ||||
| 	while ($user = dba::fetch($stmt)) { | ||||
| 	$stmt = dba::select('user', ['uid', 'password'], ['legacy_password' => true]); | ||||
| 	while($user = dba::fetch($stmt)) { | ||||
| 		dba::update('user', ['password' => User::hashPassword($user['password'])], ['uid' => $user['uid']]); | ||||
| 	} | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue