Commit 525e8eac authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Increase timeout in password upgrade



The upgrade of stored passwords is slow when there are a lot of users
in the database.  Increasing the script timeout helps to ensure the
upgrade will finish.  Periodically logging the number of passwords
that have been rehashed gives the admin more confidence that the
upgrade has not stalled.

Change-Id: Iffcce42507cc23999dfa3db540492dd885c51a97
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent 5a714bf7
......@@ -2798,18 +2798,30 @@ function xmldb_core_upgrade($oldversion=0) {
}
if ($oldversion < 2012021700) {
$users = get_records_sql_array('SELECT u.id, u.password, u.salt FROM {usr} u JOIN {auth_instance} ai ON (u.authinstance = ai.id) WHERE ai.authname = ?', array('internal'));
foreach ($users as $user) {
if ($user->password == '*' || $user->salt == '*') {
continue;
$sql = "
FROM {usr} u JOIN {auth_instance} ai ON (u.authinstance = ai.id)
WHERE u.deleted = 0 AND ai.authname = 'internal' AND u.password != '*' AND u.salt != '*'";
$pwcount = count_records_sql("SELECT COUNT(*) " . $sql);
$sql = "
SELECT u.id, u.password, u.salt" . $sql . " AND u.id > ?
ORDER BY u.id";
$done = 0;
$lastid = 0;
$limit = 2000;
while ($users = get_records_sql_array($sql, array($lastid), 0, $limit)) {
foreach ($users as $user) {
// Wrap the old hashed password inside a SHA512 hash ($6$ is the identifier for SHA512)
$user->password = crypt($user->password, '$6$' . substr(md5(get_config('passwordsaltmain') . $user->salt), 0, 16));
// Drop the salt from the password as it may contain secrets that are not stored in the db
// for example, the passwordsaltmain value
$user->password = substr($user->password, 0, 3) . substr($user->password, 3+16);
set_field('usr', 'password', $user->password, 'id', $user->id);
$lastid = $user->id;
}
// Wrap the old hashed password inside a SHA512 hash ($6$ is the identifier for SHA512)
$user->password = crypt($user->password, '$6$' . substr(md5(get_config('passwordsaltmain') . $user->salt), 0, 16));
// Drop the salt from the password as it may contain secrets that are not stored in the db
// for example, the passwordsaltmain value
$user->password = substr($user->password, 0, 3) . substr($user->password, 3+16);
set_field('usr', 'password', $user->password, 'id', $user->id);
$done += count($users);
log_debug("Upgrading stored passwords: $done/$pwcount");
set_time_limit(30);
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment