Increase timeout in password upgrade

The upgrade of stored passwords is slow when there are a lot of users in the database. Increasing the script timeout helps to ensure the upgrade will finish. Periodically logging the number of passwords that have been rehashed gives the admin more confidence that the upgrade has not stalled. Change-Id: Iffcce42507cc23999dfa3db540492dd885c51a97 Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>

Increase timeout in password upgrade
The upgrade of stored passwords is slow when there are a lot of users in the database. Increasing the script timeout helps to ensure the upgrade will finish. Periodically logging the number of passwords that have been rehashed gives the admin more confidence that the upgrade has not stalled. Change-Id: Iffcce42507cc23999dfa3db540492dd885c51a97 Signed-off-by: Richard Mansfield <richard.mansfield@catalyst.net.nz>
525e8eac · Richard Mansfield · 5a714bf7 · 525e8eac
Commit 525e8eac authored Feb 21, 2012 by Richard Mansfield
--- a/htdocs/lib/db/upgrade.php
+++ b/htdocs/lib/db/upgrade.php
@@ -2798,18 +2798,30 @@ function xmldb_core_upgrade($oldversion=0) {
    }

    if ($oldversion < 2012021700) {
-        $users = get_records_sql_array('SELECT u.id, u.password, u.salt FROM {usr} u JOIN {auth_instance} ai ON (u.authinstance = ai.id) WHERE ai.authname = ?', array('internal'));
-        foreach ($users as $user) {
-            if ($user->password == '*' || $user->salt == '*') {
-                continue;
+        $sql = "
+            FROM {usr} u JOIN {auth_instance} ai ON (u.authinstance = ai.id)
+            WHERE u.deleted = 0 AND ai.authname = 'internal' AND u.password != '*' AND u.salt != '*'";
+        $pwcount = count_records_sql("SELECT COUNT(*) " . $sql);
+        $sql = "
+            SELECT u.id, u.password, u.salt" . $sql . " AND u.id > ?
+            ORDER BY u.id";
+        $done = 0;
+        $lastid = 0;
+        $limit = 2000;
+        while ($users = get_records_sql_array($sql, array($lastid), 0, $limit)) {
+            foreach ($users as $user) {
+                // Wrap the old hashed password inside a SHA512 hash ($6$ is the identifier for SHA512)
+                $user->password = crypt($user->password, '$6$' . substr(md5(get_config('passwordsaltmain') . $user->salt), 0, 16));
+
+                // Drop the salt from the password as it may contain secrets that are not stored in the db
+                // for example, the passwordsaltmain value
+                $user->password = substr($user->password, 0, 3) . substr($user->password, 3+16);
+                set_field('usr', 'password', $user->password, 'id', $user->id);
+                $lastid = $user->id;
            }
-            // Wrap the old hashed password inside a SHA512 hash ($6$ is the identifier for SHA512)
-            $user->password = crypt($user->password, '$6$' . substr(md5(get_config('passwordsaltmain') . $user->salt), 0, 16));
-
-            // Drop the salt from the password as it may contain secrets that are not stored in the db
-            // for example, the passwordsaltmain value
-            $user->password = substr($user->password, 0, 3) . substr($user->password, 3+16);
-            set_field('usr', 'password', $user->password, 'id', $user->id);
+            $done += count($users);
+            log_debug("Upgrading stored passwords: $done/$pwcount");
+            set_time_limit(30);
        }
    }