<?php /** * Encrypt all passwords * * Action to encrypt all *clear text* passwords in the database according * to the current settings. * If the current settings are so that passwords shouldn't be encrypted, * an explanation will be printed out. * * To run this action, the user needs to have administrator rights! * * @package framework * @subpackage tasks */ class EncryptAllPasswordsTask extends BuildTask { protected $title = 'Encrypt all passwords tasks'; protected $description = 'Convert all plaintext passwords on the Member table to the default encryption/hashing algorithm. Note: This mainly applies to passwords in SilverStripe 2.1 or earlier, passwords in newer versions are hashed by default.'; public function init() { parent::init(); if(!Permission::check('ADMIN')) { return Security::permissionFailure($this); } } public function run($request) { $algo = Security::config()->password_encryption_algorithm; if($algo == 'none') { $this->debugMessage('Password encryption disabled'); return; } // Are there members with a clear text password? $members = DataObject::get("Member")->where(array( '"Member"."PasswordEncryption"' => 'none', '"Member"."Password" IS NOT NULL' )); if(!$members) { $this->debugMessage('No passwords to encrypt'); return; } // Encrypt the passwords... $this->debugMessage('Encrypting all passwords'); $this->debugMessage(sprintf( 'The passwords will be encrypted using the %s algorithm', $algo )); foreach($members as $member) { // Force the update of the member record, as new passwords get // automatically encrypted according to the settings, this will do all // the work for us $member->PasswordEncryption = $algo; $member->forceChange(); $member->write(); $this->debugMessage(sprintf('Encrypted credentials for member #%d;', $member->ID)); } } /** * @todo This should really be taken care of by TestRunner */ protected function debugMessage($msg) { if(class_exists('SapphireTest', false) && !SapphireTest::is_running_test()) { Debug::message($msg); } } }