2009-11-06 03:23:13 +01:00
< ? php
/**
* Encrypt all passwords
*
* Action to encrypt all * clear text * passwords in the database according
* to the current settings .
* If the current settings are so that passwords shouldn ' t be encrypted ,
* an explanation will be printed out .
*
* To run this action , the user needs to have administrator rights !
*
2012-04-12 08:02:46 +02:00
* @ package framework
2009-11-06 03:23:13 +01:00
* @ subpackage tasks
*/
2010-04-12 03:58:32 +02:00
class EncryptAllPasswordsTask extends BuildTask {
2009-11-06 03:23:13 +01:00
protected $title = 'Encrypt all passwords tasks' ;
protected $description = 'Convert all plaintext passwords on the Member table to the default encryption/hashing algorithm. Note: This mainly applies to passwords in SilverStripe 2.1 or earlier, passwords in newer versions are hashed by default.' ;
2012-09-19 12:07:39 +02:00
public function init () {
2009-11-06 03:23:13 +01:00
parent :: init ();
if ( ! Permission :: check ( 'ADMIN' )) {
return Security :: permissionFailure ( $this );
}
}
2010-04-12 03:58:32 +02:00
public function run ( $request ) {
2009-11-06 03:23:13 +01:00
$algo = Security :: get_password_encryption_algorithm ();
if ( $algo == 'none' ) {
$this -> debugMessage ( 'Password encryption disabled' );
return ;
}
// Are there members with a clear text password?
$members = DataObject :: get (
" Member " ,
" \" PasswordEncryption \" = 'none' AND \" Password \" IS NOT NULL "
);
if ( ! $members ) {
$this -> debugMessage ( 'No passwords to encrypt' );
return ;
}
// Encrypt the passwords...
$this -> debugMessage ( 'Encrypting all passwords' );
$this -> debugMessage ( sprintf (
'The passwords will be encrypted using the %s algorithm' ,
$algo
));
foreach ( $members as $member ) {
// Force the update of the member record, as new passwords get
// automatically encrypted according to the settings, this will do all
// the work for us
$member -> PasswordEncryption = $algo ;
2009-11-06 03:23:30 +01:00
$member -> forceChange ();
2009-11-06 03:23:13 +01:00
$member -> write ();
$this -> debugMessage ( sprintf ( 'Encrypted credentials for member #%d;' , $member -> ID ));
}
}
/**
* @ todo This should really be taken care of by TestRunner
*/
protected function debugMessage ( $msg ) {
2010-11-30 06:13:09 +01:00
if ( class_exists ( 'SapphireTest' , false ) && ! SapphireTest :: is_running_test ()) {
2009-11-06 03:23:13 +01:00
Debug :: message ( $msg );
}
}
2012-03-24 04:04:52 +01:00
}