PageRenderTime 1ms CodeModel.GetById 336ms app.highlight 5ms RepoModel.GetById 77ms app.codeStats 0ms

/WebCalendar-1.2.5/tools/convert_passwords.php

#
PHP | 95 lines | 62 code | 11 blank | 22 comment | 14 complexity | b049cc559cf1c949a28b7bf5769c291f MD5 | raw file
 1#!/usr/local/bin/php -q
 2<?php
 3/*
 4 * $Id: convert_passwords.php,v 1.8.2.6 2011/04/27 00:27:35 rjones6061 Exp $
 5 *
 6 * This script will alter the webcal_user table to allow 32 character passwords
 7 * and convert user passwords to PHP md5 passwords.
 8 *
 9 * It is necessary to run this to upgrade to version 0.9.43 from any version.
10 *
11 *
12 *   ** NOTE: This script should only be run ONCE and then be deleted!!
13 *
14 */
15
16/********************************************************************/
17
18define ( '__WC_BASEDIR', '..' ); // Points to the base WebCalendar directory
19                          // relative to current working directory.
20define ( '__WC_INCLUDEDIR', '../includes' );
21
22require_once  __WC_INCLUDEDIR . '/classes/WebCalendar.class';
23
24$WebCalendar = new WebCalendar ( __FILE__ );
25
26include __WC_INCLUDEDIR . '/config.php';
27include __WC_INCLUDEDIR . '/dbi4php.php';
28
29$WebCalendar->initializeFirstPhase();
30$WebCalendar->initializeSecondPhase();
31
32$c = dbi_connect ( $db_host, $db_login, $db_password, $db_database );
33if ( ! $c ) {
34  echo "Error connecting to database: " . dbi_error ();
35  exit;
36}
37
38// First, look at the passwords. If we find and md5 hash in there,
39// (it will have 32 chars instead of < 25 like in the old version),
40// then we know this script was already run.
41$sql = "SELECT cal_passwd FROM webcal_user";
42$res = dbi_execute ( $sql );
43$doneBefore = false;
44if ( $res ) {
45  if ( $row = dbi_fetch_row ( $res ) ) {
46    if ( strlen ( $row[0] ) > 30 )
47      $doneBefore = true;
48  }
49  dbi_free_result ( $res );
50} else {
51  echo "Database error: " . dbi_error ();
52  exit;
53}
54
55if ( $doneBefore ) {
56  echo "Passwords were already converted to md5!\n<br />\n";
57  exit;
58}
59
60// See if webcal_user.cal_passwd will allow 32 characters
61$sql = "DESC webcal_user";
62$res = dbi_execute ( $sql );
63while ( $row = dbi_fetch_row ( $res ) ) {
64  if ($row[Field] == 'cal_passwd') {
65    preg_match ( "/([0-9]+)/", $row[Type], $match );
66    if ($match[1] < 32) {
67      $sql = "ALTER TABLE webcal_user MODIFY cal_passwd VARCHAR(32) NULL";
68      // Use the following on older MySQL versions
69      //$sql = "ALTER TABLE webcal_user CHANGE cal_passwd cal_passwd VARCHAR(32) NULL";
70      $res = dbi_execute ( $sql );
71      if ($res) {
72        echo "Table webcal_user altered to allow 32 character passwords.\n" .
73          "<br />Converting passwords...\n<br /><br />\n";
74      }
75    }
76  }
77}
78dbi_free_result ( $res );
79
80// Convert the passwords
81$sql = "SELECT cal_login, cal_passwd FROM webcal_user";
82$res = dbi_execute ( $sql );
83if ( $res ) {
84  while ( $row = dbi_fetch_row ( $res ) ) {
85    $sql2 = "UPDATE webcal_user SET cal_passwd = ? WHERE cal_login = ?";
86    $res2 = dbi_execute ( $sql2, array ( md5 ( $row[1] ), $row[0] ) );
87    if ($res2)
88      echo "Password updated for: ".$row[0]."<br />\n";
89  }
90  dbi_free_result ( $res );
91  echo "Finished converting passwords\n<br />\n";
92  echo "<br /><br />\n<h1>DO NOT Run this script again!!!</h1>\n<br />\n";
93  echo '<h1>Delete this script if it ran successfully!!!</h1>';
94}
95?>