Scripts: Add script to compare passwords to a specific string and optionally replace them - refs BT#16745
Yannick Warnier
6 years ago
parent
7df8025666
commit
b1ce9b60f8
@ -0,0 +1,73 @@ |
||||
<?php |
||||
/** |
||||
* This script compares usernames and passwords taking the assumption that |
||||
* these should be indentical, and using the bcrypt algorithm. |
||||
* It then show a list of all the users (with status and registration date) |
||||
* where these do not match, and an option allows you to *make* them match. |
||||
*/ |
||||
exit; |
||||
|
||||
require_once __DIR__.'/../../main/inc/global.inc.php'; |
||||
|
||||
// Expected password to compare to. If this is empty, assumes the expected |
||||
// password is the same as the username |
||||
$expectedPass = 'secret'; |
||||
// For those who have a password that does *not* match, decide whether to |
||||
// replace it with the username (will only work on students) |
||||
$replace = false; |
||||
// *IF* we want to replace, then set the replacement string (or "username" to |
||||
// use each user's username as pass). If anything else than 'username', it will |
||||
// use the *same* fixed string for everyone that matches |
||||
$replacement = 'username'; |
||||
// Use the username with this prefix, if defined, as a password |
||||
$prefix = ''; |
||||
// Use the username with this suffix, if defined, as a password |
||||
$suffix = ''; |
||||
|
||||
$counterStudents = 0; |
||||
$counterOthers = 0; |
||||
$countAll = 0; |
||||
|
||||
$usersTable = Database::get_main_table(TABLE_MAIN_USER); |
||||
$sql = "SELECT id, username, password, salt, status, registration_date FROM $usersTable"; |
||||
$result = Database::query($sql); |
||||
while ($row = Database::fetch_assoc($result)) { |
||||
//echo $row['id'].' '.$row['username'].' '.$row['password'].PHP_EOL; |
||||
$expectedPassLocal = $expectedPass; |
||||
if (empty($expectedPass)) { |
||||
$expectedPassLocal = $row['username']; |
||||
} |
||||
|
||||
if (UserManager::isPasswordValid($row['password'], $expectedPassLocal, null)) { |
||||
echo "Password for user ".$row['username']." is the expected '".$expectedPassLocal."'".PHP_EOL; |
||||
|
||||
if ($row['status'] == 5) { |
||||
$counterStudents++; |
||||
|
||||
// If we expected this password and want to replace it, this means |
||||
// we have to do the opposite: |
||||
// - if it was the username, use the expected password, |
||||
// - if it was the expected password, use the username |
||||
if ($replace) { |
||||
if ($replacement == 'username') { |
||||
UserManager::updatePassword($row['id'], $row['username']); |
||||
echo " Replaced by ".$row['username'].PHP_EOL; |
||||
} else { |
||||
UserManager::updatePassword($row['id'], $replacement); |
||||
echo " Replaced by ".$replacement.PHP_EOL; |
||||
} |
||||
} |
||||
} else { |
||||
$counterOthers++; |
||||
} |
||||
} |
||||
$countAll++; |
||||
} |
||||
echo "Done for a total of $countAll users.".PHP_EOL; |
||||
echo "$counterStudents students were found to have the expected password.".PHP_EOL; |
||||
echo "$counterOthers others were found to have the expected password.".PHP_EOL; |
||||
$expectedPassFinal = $expectedPass; |
||||
if (empty($expectedPass)) { |
||||
$expectedPassFinal = 'the username'; |
||||
} |
||||
echo "The expected password was '$expectedPassFinal'.".PHP_EOL; |
||||
Loading…
Reference in new issue