[Sommaire] [Imprimer]

   1  <?
   2  /*
   3   * $Id: convert_passwords.php,v 1.2.4.1 2006/06/07 15:10:46 cknudsen Exp $
   4   *
   5   * This script will alter the webcal_user table to allow 32 character passwords
   6   * and convert user passwords to PHP md5 passwords.
   7   *
   8   * It is necessary to run this to upgrade to version 0.9.43 from any version.
   9   *
  10   *
  11   *   ** NOTE: This script should only be run ONCE and then be deleted!!
  12   *
  13   */
  14  
  15  /********************************************************************/
  16  
  17  $includedir = "../includes";
  18  include "$includedir/config.php";
  19  $includedir = "../includes";
  20  include "$includedir/php-dbi.php";
  21  
  22  $c = dbi_connect ( $db_host, $db_login, $db_password, $db_database );
  23  if ( ! $c ) {
  24    echo "Error connecting to database: " . dbi_error ();
  25    exit;
  26  }
  27  
  28  // First, look at the passwords.  If we find and md5 hash in there,
  29  // (it will have 32 chars instead of < 25 like in the old version),
  30  // then we know this script was already run.
  31  $sql = "SELECT cal_passwd FROM webcal_user";
  32  $res = dbi_query ( $sql );
  33  $doneBefore = false;
  34  if ( $res ) {
  35    if ( $row = dbi_fetch_row ( $res ) ) {
  36      if ( strlen ( $row[0] ) > 30 )
  37        $doneBefore = true;
  38    }
  39    dbi_free_result ( $res );
  40  } else {
  41    echo "Database error: " . dbi_error ();
  42    exit;
  43  }
  44  
  45  if ( $doneBefore ) {
  46    echo "Passwords were already converted to md5!\n<br />\n";
  47    exit;
  48  }
  49  
  50  // See if webcal_user.cal_passwd will allow 32 characters
  51  $sql = "DESC webcal_user";
  52  $res = dbi_query ( $sql );
  53  while ( $row = dbi_fetch_row ( $res ) ) {
  54    if ($row[Field] == 'cal_passwd') {
  55      preg_match ( "/([0-9]+)/", $row[Type], $match );
  56      if ($match[1] < 32) {
  57        $sql = "ALTER TABLE webcal_user MODIFY cal_passwd VARCHAR(32) NULL";
  58        // Use the following on older MySQL versions
  59        //$sql = "ALTER TABLE webcal_user CHANGE cal_passwd cal_passwd VARCHAR(32) NULL";
  60        $res = dbi_query ( $sql );
  61        if ($res) {
  62          echo "Table webcal_user altered to allow 32 character passwords.\n" .
  63            "<br />Converting passwords...\n<br /><br />\n";
  64        }
  65      }
  66    }
  67  }
  68  dbi_free_result ( $res );
  69  
  70  // Convert the passwords
  71  $sql = "SELECT cal_login, cal_passwd FROM webcal_user";
  72  $res = dbi_query ( $sql );
  73  if ( $res ) {
  74    while ( $row = dbi_fetch_row ( $res ) ) {
  75      $sql2 = "UPDATE webcal_user SET cal_passwd = '" .
  76        md5($row[1]) . "' WHERE cal_login = '".$row[0]."'";
  77      $res2 = dbi_query ( $sql2 );
  78      if ($res2)
  79        echo "Password updated for: ".$row[0]."<br />\n";
  80    }
  81    dbi_free_result ( $res );
  82    echo "Finished converting passwords\n<br />\n";
  83    echo "<br /><br />\n<h1>DO NOT Run this script again!!!</h1>\n<br />\n";
  84    echo '<h1>Delete this script if it ran successfully!!!</h1>';
  85  }
  86  ?>