Bug #24028 » 16360_v1.diff
typo3/sysext/saltedpasswords/ext_localconf.php (working copy) | ||
---|---|---|
// Use popup window to refresh login instead of the AJAX relogin:
|
||
$TYPO3_CONF_VARS['BE']['showRefreshLoginPopup'] = 1;
|
||
?>
|
||
// Register bulk update task
|
||
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['scheduler']['tasks']['tx_saltedpasswords_Tasks_BulkUpdate'] = array(
|
||
'extension' => $_EXTKEY,
|
||
'title' => 'LLL:EXT:' . $_EXTKEY . '/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.name',
|
||
'description' => 'LLL:EXT:' . $_EXTKEY . '/locallang.xml:ext.saltedpasswords.tasks.bulkupdate.description',
|
||
'additionalFields' => '',
|
||
);
|
||
?>
|
typo3/sysext/saltedpasswords/locallang.xml (working copy) | ||
---|---|---|
<label index="ext.saltedpasswords.title.tx_saltedpasswords_salts_phpass">Portable PHP password hashing (phpass)</label>
|
||
<label index="ext.saltedpasswords.title.tx_saltedpasswords_salts_md5">MD5 salted hashing (secure)</label>
|
||
<label index="ext.saltedpasswords.title.tx_saltedpasswords_salts_blowfish">Blowfish salted hashing (advanced)</label>
|
||
<label index="ext.saltedpasswords.tasks.bulkupdate.name">Convert user passwords to salted hashes</label>
|
||
<label index="ext.saltedpasswords.tasks.bulkupdate.description">Update all frontend and backend user passwords to salted hashes. This task deactivates itself when completed.</label>
|
||
</languageKey>
|
||
</data>
|
||
</T3locallang>
|
||
</T3locallang>
|
typo3/sysext/saltedpasswords/classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php (revision 0) | ||
---|---|---|
<?php
|
||
/***************************************************************
|
||
* Copyright notice
|
||
*
|
||
* (c) 2010 Christian Kuhn <lolli@schwarzbu.ch>
|
||
* Marcus Krause <marcus#exp2010@t3sec.info>
|
||
*
|
||
* All rights reserved
|
||
*
|
||
* This script is part of the TYPO3 project. The TYPO3 project is
|
||
* free software; you can redistribute it and/or modify
|
||
* it under the terms of the GNU General Public License as published by
|
||
* the Free Software Foundation; either version 2 of the License, or
|
||
* (at your option) any later version.
|
||
*
|
||
* The GNU General Public License can be found at
|
||
* http://www.gnu.org/copyleft/gpl.html.
|
||
*
|
||
* This script is distributed in the hope that it will be useful,
|
||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
* GNU General Public License for more details.
|
||
*
|
||
* This copyright notice MUST APPEAR in all copies of the script!
|
||
***************************************************************/
|
||
/**
|
||
* Update plaintext and hashed passwords of existing users
|
||
* to salted passwords.
|
||
*
|
||
* @author Christian Kuhn <lolli@schwarzbu.ch>
|
||
* @author Marcus Krause <marcus#exp2010@t3sec.info>
|
||
* @package TYPO3
|
||
* @subpackage saltedpasswords
|
||
*/
|
||
class tx_saltedpasswords_Tasks_BulkUpdate extends tx_scheduler_Task {
|
||
/**
|
||
* @var boolean Whether or not the task should be deactivated after processing all existing user records
|
||
* @TODO: This could be set by an additional field later on.
|
||
* The idea is to recall this task if it should re-run automatically
|
||
* if new users are imported.
|
||
*/
|
||
protected $deactivateSelf = TRUE;
|
||
/**
|
||
* @var integer Number of records in one execution
|
||
* @TODO: This could be set by an additional field later on
|
||
*/
|
||
protected $numberOfRecords = 42; // 23 is too low ^^
|
||
/**
|
||
* @var integer Pointer to last handled frontend and backend user row
|
||
*/
|
||
protected $userRecordPointer = array();
|
||
/**
|
||
* Default constructor initializes user record pointer
|
||
*
|
||
* @return void
|
||
*/
|
||
public function __construct() {
|
||
parent::__construct();
|
||
$this->userRecordPointer = array(
|
||
'FE' => 0,
|
||
'BE' => 0,
|
||
);
|
||
}
|
||
/**
|
||
* Execute task
|
||
*
|
||
* @return void
|
||
*/
|
||
public function execute() {
|
||
$processedAllRecords = TRUE;
|
||
foreach ($this->userRecordPointer as $mode => $pointer) {
|
||
if (tx_saltedpasswords_div::isUsageEnabled($mode)) {
|
||
$usersToUpdate = $this->findUsersToUpdate($mode);
|
||
$numberOfRows = count($usersToUpdate);
|
||
if (count($usersToUpdate) > 0) {
|
||
$processedAllRecords = FALSE;
|
||
$this->incrementUserRecordPointer($mode, $numberOfRows);
|
||
$this->convertPasswords($mode, $usersToUpdate);
|
||
}
|
||
}
|
||
}
|
||
if ($this->deactivateSelf && $processedAllRecords) {
|
||
$this->deactivateSelf();
|
||
}
|
||
$this->save();
|
||
return(TRUE);
|
||
}
|
||
/**
|
||
* Find next set of frontend or backend users to update
|
||
*
|
||
* @param string 'FE' for frontend, 'BE' for backend user records
|
||
* @return array Rows with uid and password
|
||
*/
|
||
protected function findUsersToUpdate($mode) {
|
||
$usersToUpdate = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows(
|
||
'uid, password',
|
||
strtolower($mode) . '_users',
|
||
'1 = 1',
|
||
'',
|
||
'uid ASC',
|
||
$this->userRecordPointer[$mode] . ', ' . $this->numberOfRecords
|
||
);
|
||
return $usersToUpdate;
|
||
}
|
||
/**
|
||
* Iterates over given user records and update password if needed
|
||
*
|
||
* @param string 'FE' for frontend, 'BE' for backend user records
|
||
* @param array with user uids and passwords
|
||
* @return void
|
||
*/
|
||
protected function convertPasswords($mode, $users) {
|
||
$updateUsers = array();
|
||
foreach ($users as $user) {
|
||
// If a password is a salted hash it must not to be updated
|
||
if ($this->isSaltedHash($user['password'])) {
|
||
continue;
|
||
}
|
||
$updateUsers[] = $user;
|
||
}
|
||
if (count($updateUsers) > 0) {
|
||
$this->updatePasswords($mode, $updateUsers);
|
||
}
|
||
}
|
||
/**
|
||
* Update password and persist salted hash
|
||
*
|
||
* @param string 'FE' for frontend, 'BE' for backend user records
|
||
* @param array with user uids and passwords
|
||
* @return void
|
||
*/
|
||
protected function updatePasswords($mode, $users) {
|
||
// Get a default saltedpassword instance
|
||
$saltedpasswordsInstance = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL, $mode);
|
||
|
||
foreach ($users as $user) {
|
||
$newPassword = $saltedpasswordsInstance->getHashedPassword($user['password']);
|
||
if ($this->isMd5Password($user['password'])) {
|
||
$newPassword = 'M' . $newPassword;
|
||
}
|
||
// Persist updated passwords
|
||
$GLOBALS['TYPO3_DB']->exec_UPDATEquery(
|
||
strtolower($mode) . '_users',
|
||
'uid = ' . $user['uid'],
|
||
array(
|
||
'password' => $newPassword
|
||
)
|
||
);
|
||
}
|
||
}
|
||
/**
|
||
* Passwords prefixed with M or C might be salted passwords:
|
||
* M means: originally a md5 hash before it was salted
|
||
* C means: originally a cleartext password with lower hash looping generated by t3sec_saltedpw
|
||
*
|
||
* If a password does not start with M or C determine if a password is already a usual salted hash.
|
||
*
|
||
* @param string Password
|
||
* @return boolean TRUE if password is a salted hash
|
||
*/
|
||
protected function isSaltedHash($password) {
|
||
$isSaltedHash = FALSE;
|
||
if (strlen($password) > 2 && (t3lib_div::isFirstPartOfStr($password, 'C$') || t3lib_div::isFirstPartOfStr($password, 'M$'))) {
|
||
// Cut off M or C and test if we have a salted hash
|
||
$isSaltedHash = tx_saltedpasswords_salts_factory::determineSaltingHashingMethod(substr($password, 1));
|
||
}
|
||
if (!$isSaltedHash) {
|
||
$isSaltedHash = tx_saltedpasswords_salts_factory::determineSaltingHashingMethod($password);
|
||
}
|
||
return $isSaltedHash;
|
||
}
|
||
/**
|
||
* Check if a given password is a md5 hash
|
||
*
|
||
* @return boolean TRUE if password is md5
|
||
*/
|
||
protected function isMd5Password($password) {
|
||
return (bool) preg_match('/[0-9abcdef]{32,32}/i', $password);
|
||
}
|
||
/**
|
||
* Increment current user record counter by number of handled rows
|
||
*
|
||
* @param string 'FE' for frontend, 'BE' for backend user records
|
||
* @param integer Number of handled rows
|
||
* @return void
|
||
*/
|
||
protected function incrementUserRecordPointer($mode, $number) {
|
||
$this->userRecordPointer[$mode] += $number;
|
||
}
|
||
/**
|
||
* Method to deactivate this task instance
|
||
*
|
||
* @return void
|
||
*/
|
||
protected function deactivateSelf() {
|
||
$this->setDisabled(TRUE);
|
||
}
|
||
} // End of class
|
||
if (defined('TYPO3_MODE') && $GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/saltedpasswords/classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php']) {
|
||
include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/saltedpasswords/classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php']);
|
||
}
|
||
?>
|
typo3/sysext/saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_factory.php (working copy) | ||
---|---|---|
* @param string $saltedHash
|
||
* @return boolean TRUE, if salting hashing method has been found, otherwise FALSE
|
||
*/
|
||
static protected function determineSaltingHashingMethod($saltedHash) {
|
||
static public function determineSaltingHashingMethod($saltedHash) {
|
||
$methodFound = FALSE;
|
||
$defaultMethods = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
|
||
foreach($defaultMethods as $method) {
|
typo3/sysext/saltedpasswords/ext_autoload.php (working copy) | ||
---|---|---|
'tx_saltedpasswords_eval' => $extensionPath . 'classes/eval/class.tx_saltedpasswords_eval.php',
|
||
'tx_saltedpasswords_eval_be' => $extensionPath . 'classes/eval/class.tx_saltedpasswords_eval_be.php',
|
||
'tx_saltedpasswords_eval_fe' => $extensionPath . 'classes/eval/class.tx_saltedpasswords_eval_fe.php',
|
||
'tx_saltedpasswords_tasks_bulkupdate' => $extensionPath . 'classes/tasks/class.tx_saltedpasswords_tasks_bulkupdate.php',
|
||
'tx_saltedpasswords_sv1' => $extensionPath . 'sv1/class.tx_saltedpasswords_sv1.php',
|
||
'tx_saltedpasswords_div_testcase' => $extensionPath . 'tests/tx_saltedpasswords_div_testcase.php',
|
||
'tx_saltedpasswords_salts_blowfish_testcase' => $extensionPath . 'tests/tx_saltedpasswords_salts_blowfish_testcase.php',
|