PHPXRef 0.7.1 : phpBB-3.3.14-deutsch : /phpbb/cron/task/core/update

[Summary view] [Print] [Text view]
   1  <?php
   2  /**
   3   *
   4   * This file is part of the phpBB Forum Software package.
   5   *
   6   * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7   * @license GNU General Public License, version 2 (GPL-2.0)
   8   *
   9   * For full copyright and license information, please see
  10   * the docs/CREDITS.txt file.
  11   *
  12   */
  13  
  14  namespace phpbb\cron\task\core;
  15  
  16  /**
  17   * Update old hashes to the current default hashing algorithm
  18   *
  19   * It is intended to gradually update all "old" style hashes to the
  20   * current default hashing algorithm.
  21   */
  22  class update_hashes extends \phpbb\cron\task\base
  23  {
  24      /** @var \phpbb\config\config */
  25      protected $config;
  26  
  27      /** @var \phpbb\db\driver\driver_interface */
  28      protected $db;
  29  
  30      /** @var \phpbb\lock\db */
  31      protected $update_lock;
  32  
  33      /** @var \phpbb\passwords\manager */
  34      protected $passwords_manager;
  35  
  36      /** @var string Default hashing type */
  37      protected $default_type;
  38  
  39      /**
  40       * Constructor.
  41       *
  42       * @param \phpbb\config\config $config
  43       * @param \phpbb\db\driver\driver_interface $db
  44       * @param \phpbb\lock\db $update_lock
  45       * @param \phpbb\passwords\manager $passwords_manager
  46       * @param array $hashing_algorithms Hashing driver
  47       *            service collection
  48       * @param array $defaults Default password types
  49       */
  50  	public function __construct(\phpbb\config\config $config, \phpbb\db\driver\driver_interface $db, \phpbb\lock\db $update_lock, \phpbb\passwords\manager $passwords_manager, $hashing_algorithms, $defaults)
  51      {
  52          $this->config = $config;
  53          $this->db = $db;
  54          $this->passwords_manager = $passwords_manager;
  55          $this->update_lock = $update_lock;
  56  
  57          foreach ($defaults as $type)
  58          {
  59              if ($hashing_algorithms[$type]->is_supported() && !$hashing_algorithms[$type] instanceof \phpbb\passwords\driver\base_native)
  60              {
  61                  $this->default_type = $type;
  62                  break;
  63              }
  64          }
  65      }
  66  
  67      /**
  68       * {@inheritdoc}
  69       */
  70  	public function is_runnable()
  71      {
  72          return !$this->config['use_system_cron'];
  73      }
  74  
  75      /**
  76       * {@inheritdoc}
  77       */
  78  	public function should_run()
  79      {
  80          if (!empty($this->config['update_hashes_lock']))
  81          {
  82              $last_run = explode(' ', $this->config['update_hashes_lock']);
  83              if ($last_run[0] + 60 >= time())
  84              {
  85                  return false;
  86              }
  87          }
  88  
  89          return $this->config['enable_update_hashes'] && $this->config['update_hashes_last_cron'] < (time() - 60);
  90      }
  91  
  92      /**
  93       * {@inheritdoc}
  94       */
  95  	public function run()
  96      {
  97          if ($this->update_lock->acquire())
  98          {
  99              $sql = 'SELECT user_id, user_password
 100                  FROM ' . USERS_TABLE . '
 101                  WHERE user_password ' . $this->db->sql_like_expression('$H$' . $this->db->get_any_char()) . '
 102                  OR user_password ' . $this->db->sql_like_expression('$CP$' . $this->db->get_any_char());
 103              $result = $this->db->sql_query_limit($sql, 20);
 104  
 105              $affected_rows = 0;
 106  
 107              while ($row = $this->db->sql_fetchrow($result))
 108              {
 109                  $old_hash = preg_replace('/^\$CP\$/', '', $row['user_password']);
 110  
 111                  // If stored hash type is unknown then it's md5 hash with no prefix
 112                  // First rehash it using $H$ as hash type identifier (salted_md5)
 113                  if (!$this->passwords_manager->detect_algorithm($old_hash))
 114                  {
 115                      $old_hash = $this->passwords_manager->hash($old_hash, '$H$');
 116                  }
 117  
 118                  $new_hash = $this->passwords_manager->hash($old_hash, [$this->default_type]);
 119  
 120                  // Increase number so we know that users were selected from the database
 121                  $affected_rows++;
 122  
 123                  $sql = 'UPDATE ' . USERS_TABLE . "
 124                      SET user_password = '" . $this->db->sql_escape($new_hash) . "'
 125                      WHERE user_id = " . (int) $row['user_id'];
 126                  $this->db->sql_query($sql);
 127              }
 128  
 129              $this->config->set('update_hashes_last_cron', time());
 130              $this->update_lock->release();
 131  
 132              // Stop cron for good once all hashes are converted
 133              if ($affected_rows === 0)
 134              {
 135                  $this->config->set('enable_update_hashes', '0');
 136              }
 137          }
 138      }
 139  }
PHP Cross Reference of phpBB-3.3.14-deutsch

/phpbb/cron/task/core/ -> update_hashes.php (source)
