From 90d8cd5fb58fb3a1d5c489d50e8f2133808386c7 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Mon, 11 May 2015 18:29:19 +0200
Subject: [PATCH 1/2] Add salt in DB see #7683

---
 composer.json                                 |  1 +
 .../Schema/V110/Version20150507152600.php     |  1 -
 .../Schema/V110/Version20150511133949.php     | 28 +++++++++++++++++++
 src/Chamilo/UserBundle/Entity/User.php        | 28 +++++++++----------
 4 files changed, 43 insertions(+), 15 deletions(-)
 create mode 100644 src/Chamilo/CoreBundle/Migrations/Schema/V110/Version20150511133949.php

diff --git a/composer.json b/composer.json
index 091ac9a204..b02d59eb84 100755
--- a/composer.json
+++ b/composer.json
@@ -53,6 +53,7 @@
         "symfony/validator": "2.6.4",
         "symfony/filesystem": "~2.6",
         "symfony/security": "~2.6",
+        "ircmaxell/password-compat": "~1.0.4",
         "sylius/attribute": "0.13.0",
         "sylius/translation": "0.13.0",
         "gedmo/doctrine-extensions": "~2.3",
diff --git a/src/Chamilo/CoreBundle/Migrations/Schema/V110/Version20150507152600.php b/src/Chamilo/CoreBundle/Migrations/Schema/V110/Version20150507152600.php
index 60d8231b6a..ffa027aabb 100644
--- a/src/Chamilo/CoreBundle/Migrations/Schema/V110/Version20150507152600.php
+++ b/src/Chamilo/CoreBundle/Migrations/Schema/V110/Version20150507152600.php
@@ -3,7 +3,6 @@
 
 namespace Chamilo\CoreBundle\Migrations\Schema\V110;
 
-use Chamilo\CoreBundle\Entity\SettingsCurrent;
 use Chamilo\CoreBundle\Migrations\AbstractMigrationChamilo;
 use Doctrine\DBAL\Schema\Schema;
 
diff --git a/src/Chamilo/CoreBundle/Migrations/Schema/V110/Version20150511133949.php b/src/Chamilo/CoreBundle/Migrations/Schema/V110/Version20150511133949.php
new file mode 100644
index 0000000000..085fbec91a
--- /dev/null
+++ b/src/Chamilo/CoreBundle/Migrations/Schema/V110/Version20150511133949.php
@@ -0,0 +1,28 @@
+<?php
+
+namespace Chamilo\CoreBundle\Migrations\Schema\V110;
+
+use Chamilo\CoreBundle\Migrations\AbstractMigrationChamilo;
+use Doctrine\DBAL\Schema\Schema;
+
+/**
+ * Add salt
+ */
+class Version20150511133949 extends AbstractMigrationChamilo
+{
+    /**
+     * @param Schema $schema
+     */
+    public function up(Schema $schema)
+    {
+        $this->addSql('ALTER TABLE user ADD salt VARCHAR(255) NOT NULL');
+    }
+
+    /**
+     * @param Schema $schema
+     */
+    public function down(Schema $schema)
+    {
+        $this->addSql('ALTER TABLE user DROP salt');
+    }
+}
diff --git a/src/Chamilo/UserBundle/Entity/User.php b/src/Chamilo/UserBundle/Entity/User.php
index e65b09c270..86c0df4869 100644
--- a/src/Chamilo/UserBundle/Entity/User.php
+++ b/src/Chamilo/UserBundle/Entity/User.php
@@ -4,29 +4,28 @@
 namespace Chamilo\UserBundle\Entity;
 
 //use Chamilo\CoreBundle\Entity\UserFieldValues;
-use Sonata\UserBundle\Entity\BaseUser as BaseUser;
-use Doctrine\ORM\Mapping as ORM;
+use Chamilo\CoreBundle\Entity\ExtraFieldValues;
 use Doctrine\Common\Collections\ArrayCollection;
+use Doctrine\ORM\Event\LifecycleEventArgs;
+use Doctrine\ORM\Mapping as ORM;
+use Sonata\UserBundle\Entity\BaseUser as BaseUser;
+use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
+use Symfony\Component\HttpFoundation\File\File;
 use Symfony\Component\Security\Core\User\UserInterface;
-use Symfony\Component\Validator\Mapping\ClassMetadata;
 use Symfony\Component\Validator\Constraints as Assert;
-use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
+use Symfony\Component\Validator\Mapping\ClassMetadata;
+
 //use Chamilo\CoreBundle\Component\Auth;
-use Doctrine\ORM\Event\LifecycleEventArgs;
 //use FOS\MessageBundle\Model\ParticipantInterface;
 //use Chamilo\ThemeBundle\Model\UserInterface as ThemeUser;
 //use Vich\UploaderBundle\Mapping\Annotation as Vich;
-use Symfony\Component\HttpFoundation\File\File;
 //use Application\Sonata\MediaBundle\Entity\Media;
 //use Chamilo\UserBundle\Model\UserInterface as UserInterfaceModel;
 
-use Doctrine\Common\Collections\Collection;
 //use Sylius\Component\Attribute\Model\AttributeValueInterface as BaseAttributeValueInterface;
 //use Sylius\Component\Variation\Model\OptionInterface as BaseOptionInterface;
 //use Sylius\Component\Variation\Model\VariantInterface as BaseVariantInterface;
 
-use Chamilo\CoreBundle\Entity\ExtraFieldValues;
-
 /**
  * @ORM\HasLifecycleCallbacks
  * @ORM\Table(name="user")
@@ -256,6 +255,11 @@ class User extends BaseUser //implements ParticipantInterface, ThemeUser
      */
     private $hrDeptId;
 
+    /**
+     * @ORM\Column(type="string", length=255)
+     */
+    protected $salt;
+
     /**
      * @ORM\OneToMany(targetEntity="Chamilo\CoreBundle\Entity\CourseRelUser", mappedBy="user")
      **/
@@ -295,10 +299,6 @@ class User extends BaseUser //implements ParticipantInterface, ThemeUser
      */
     //protected $groups;
 
-    /**
-     * @ORM\Column(type="string", length=255)
-     */
-    //protected $salt;
 
     //private $isActive;
 
@@ -344,7 +344,7 @@ class User extends BaseUser //implements ParticipantInterface, ThemeUser
     {
         parent::__construct();
 
-        //$this->salt = sha1(uniqid(null, true));
+        $this->salt = sha1(uniqid(null, true));
         $this->isActive = true;
         $this->active = 1;
         $this->registrationDate = new \DateTime();

From ec8ca9e608202993914ddaab2de110fa15b44416 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Mon, 11 May 2015 18:29:48 +0200
Subject: [PATCH 2/2] Replace custom update with UserManager::update_user()

---
 main/admin/session_import.php | 49 +++++++++++++++++++++++++----------
 1 file changed, 35 insertions(+), 14 deletions(-)

diff --git a/main/admin/session_import.php b/main/admin/session_import.php
index 7ea9219c0a..0c20cf0c36 100755
--- a/main/admin/session_import.php
+++ b/main/admin/session_import.php
@@ -117,22 +117,43 @@ if (isset($_POST['formSent']) && $_POST['formSent']) {
                             $phone = trim(api_utf8_decode($node_user->Phone));
                             $status = trim(api_utf8_decode($node_user->Status));
                             switch ($status) {
-                                case 'student' : $status = 5; break;
-                                case 'teacher' : $status = 1; break;
-                                default : $status = 5; $error_message .= get_lang('StudentStatusWasGivenTo').' : '.$username.'<br />';
+                                case 'student':
+                                    $status = 5;
+                                    break;
+                                case 'teacher':
+                                    $status = 1;
+                                    break;
+                                default:
+                                    $status = 5;
+                                    $error_message .= get_lang('StudentStatusWasGivenTo').' : '.$username.'<br />';
                             }
 
-                            $sql = "UPDATE $tbl_user SET
-                                    lastname = '".Database::escape_string($lastname)."',
-                                    firstname = '".Database::escape_string($firstname)."',
-                                    ".(empty($password) ? "" : "password = '".(api_get_encrypted_password($password))."',")."
-                                    email = '".Database::escape_string($email)."',
-                                    official_code = '".Database::escape_string($official_code)."',
-                                    phone = '".Database::escape_string($phone)."',
-                                    status = '".intval($status)."'
-                                WHERE username = '".Database::escape_string($username)."'";
-
-                            Database::query($sql);
+                            $userId = UserManager::get_user_id_from_username($username);
+
+                            if (!empty($userId)) {
+                                UserManager::update_user(
+                                    $userId,
+                                    $firstname,
+                                    $lastname,
+                                    $username,
+                                    $password,
+                                    null,
+                                    $email,
+                                    $status,
+                                    $official_code,
+                                    $phone,
+                                    null, //$picture_uri,
+                                    null, //$expiration_date,
+                                    null, //$active,
+                                    null, //$creator_id = null,
+                                    0,
+                                    null, //$extra = null,
+                                    null, //$language = 'english',
+                                    null, //$encrypt_method = '',
+                                    false,
+                                    0 //$reset_password = 0
+                                );
+                            }
                         }
                     }
                 }