⌈⌋ branch:  freshcode


Check-in [322785403d]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Hash any literal passwords.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:322785403dd0049e0f64137f4324a97f37fd1322
User & Date: mario 2016-11-03 21:29:35
Context
2017-01-31
18:42
Recent updates to basic spam blacklist. check-in: 792720840e user: mario tags: trunk
2016-11-03
21:29
Hash any literal passwords. check-in: 322785403d user: mario tags: trunk
16:58
Fixed HTML escaping for password field. check-in: 453b4e3a7d user: mario tags: trunk
Changes

Added cron.daily/password_hash.php.

            1  +<?php
            2  +/**
            3  + * api: cli
            4  + * title: Rehash plain password
            5  + * description: Looks for unhashed password literals, and calculates hash
            6  + * version: 0.1
            7  + * category: postprocessing
            8  + * type: cron
            9  + * x-cron: 9,17 20 * * *
           10  + *
           11  + * Fix for unhashed passwords.
           12  + *
           13  + */
           14  +
           15  +chdir(dirname(__DIR__)); 
           16  +include("config.php");
           17  +
           18  +/**
           19  + * Scan each project,
           20  + * split up `tags` as CSV and just fille up according tags table.
           21  + *
           22  + */
           23  +db("BEGIN IMMEDIATE TRANSACTION");
           24  +foreach (db("SELECT name, lock, MAX(t_changed) FROM release_versions GROUP BY name")->fetchAll() as $entry) {
           25  +
           26  +    extract($entry);
           27  +    if (strlen(trim($lock))) {
           28  +        $tokens = p_csv($entry["lock"]);
           29  +        $updated = false;
           30  +        
           31  +        # find plain passwords
           32  +        foreach ($tokens as $i=>$pw) {
           33  +            if (strpos($pw, "://")) {
           34  +                continue;
           35  +            }
           36  +            elseif (strncmp($pw, '$2y$10$', 7) == 0) {
           37  +                continue;
           38  +            }
           39  +            else {
           40  +                $updated = 1;
           41  +                $tokens[$i] = password_hash($pw, PASSWORD_DEFAULT);
           42  +                print " ↓ $pw → $tokens[$i]\n";
           43  +            }
           44  +        }
           45  +        
           46  +        # update record
           47  +        if ($updated and $tokens and $name=="un-applet") {
           48  +            $r = new release($name);
           49  +            $r->update(
           50  +                ["lock" => join(", ", $tokens)],
           51  +                [], [], TRUE
           52  +            );
           53  +            $r->store();
           54  +            #print_r($r);
           55  +            print "Hashin password for `$name`\n";
           56  +        }
           57  +    }
           58  +}
           59  +db("END TRANSACTION");
           60  +