From 2bfd9f9d87cee6a7b9ed0739cf12d1350b47f0fe Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 20 Jan 2018 22:37:13 -0500 Subject: [PATCH] Add database update function to use new hashes --- update.php | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/update.php b/update.php index 3cfc39e192..00b8d890ec 100644 --- a/update.php +++ b/update.php @@ -5,8 +5,7 @@ use Friendica\Core\Config; use Friendica\Core\PConfig; use Friendica\Core\Worker; use Friendica\Database\DBM; -use Friendica\Model\Photo; -use Friendica\Object\Image; +use Friendica\Model\User; /** * @@ -146,3 +145,19 @@ function update_1203() { $r = q("UPDATE `user` SET `account-type` = %d WHERE `page-flags` IN (%d, %d)", dbesc(ACCOUNT_TYPE_COMMUNITY), dbesc(PAGE_COMMUNITY), dbesc(PAGE_PRVGROUP)); } + +function update_1244() { + // Sets legacy_password for all legacy hashes + dba::update('user', ['legacy_password' => true], ['SUBSTR(password, 1, 4) != "$2y$"']); + + // All legacy hashes are re-hashed using the new secure hashing function + $stmt = dba::select('user', ['uid', 'password'], ['legacy_password' => true]); + while($user = dba::fetch($stmt)) { + dba::update('user', ['password' => User::hashPassword($user['password'])], ['uid' => $user['uid']]); + } + + // Logged in users are forcibly logged out + dba::delete('session', ['1 = 1']); + + return UPDATE_SUCCESS; +} -- 2.39.5