Check-in [322785403d]
Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Hash any literal passwords. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
322785403dd0049e0f64137f4324a97f |
User & Date: | mario 2016-11-03 21:29:35 |
Context
2017-01-31
| ||
18:42 | Recent updates to basic spam blacklist. check-in: 792720840e user: mario tags: trunk | |
2016-11-03
| ||
21:29 | Hash any literal passwords. check-in: 322785403d user: mario tags: trunk | |
16:58 | Fixed HTML escaping for password field. check-in: 453b4e3a7d user: mario tags: trunk | |
Changes
Added cron.daily/password_hash.php.
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | <?php /** * api: cli * title: Rehash plain password * description: Looks for unhashed password literals, and calculates hash * version: 0.1 * category: postprocessing * type: cron * x-cron: 9,17 20 * * * * * Fix for unhashed passwords. * */ chdir(dirname(__DIR__)); include("config.php"); /** * Scan each project, * split up `tags` as CSV and just fille up according tags table. * */ db("BEGIN IMMEDIATE TRANSACTION"); foreach (db("SELECT name, lock, MAX(t_changed) FROM release_versions GROUP BY name")->fetchAll() as $entry) { extract($entry); if (strlen(trim($lock))) { $tokens = p_csv($entry["lock"]); $updated = false; # find plain passwords foreach ($tokens as $i=>$pw) { if (strpos($pw, "://")) { continue; } elseif (strncmp($pw, '$2y$10$', 7) == 0) { continue; } else { $updated = 1; $tokens[$i] = password_hash($pw, PASSWORD_DEFAULT); print " ↓ $pw → $tokens[$i]\n"; } } # update record if ($updated and $tokens and $name=="un-applet") { $r = new release($name); $r->update( ["lock" => join(", ", $tokens)], [], [], TRUE ); $r->store(); #print_r($r); print "Hashin password for `$name`\n"; } } } db("END TRANSACTION"); |