Home

user_update_7000

Definition

user_update_7000(&$sandbox)
modules/user/user.install, line 242

Description

Increase the length of the password field to accommodate better hashes.

Also re-hashes all current passwords to improve security. This may be a lengthy process, and is performed batch-wise.

Code

<?php
function user_update_7000(&$sandbox) {
  $ret = array('#finished' => 0);
  // Lower than DRUPAL_HASH_COUNT to make the update run at a reasonable speed.
  $hash_count_log2 = 11;
  // Multi-part update.
  if (!isset($sandbox['user_from'])) {
    db_change_field($ret, 'users', 'pass', 'pass', array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => ''));
    $sandbox['user_from'] = 0;
    $sandbox['user_count'] = db_result(db_query("SELECT COUNT(uid) FROM {users}"));
  }
  else {
    require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
    //  Hash again all current hashed passwords.
    $has_rows = FALSE;
    // Update this many per page load.
    $count = 1000;
    $result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", $sandbox['user_from'], $count);
    while ($account = db_fetch_array($result)) {
       $has_rows = TRUE;
       $new_hash = user_hash_password($account['pass'], $hash_count_log2);
       if ($new_hash) {
         // Indicate an updated password.
         $new_hash  = 'U' . $new_hash;
         db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account['uid']);
       }
    }
    $ret['#finished'] = $sandbox['user_from']/$sandbox['user_count'];
    $sandbox['user_from'] += $count;
    if (!$has_rows) {
      $ret['#finished'] = 1;
      $ret[] = array('success' => TRUE, 'query' => "UPDATE {users} SET pass = 'U' . user_hash_password(pass) WHERE uid > 0");
    }
  }
  return $ret;
}
?>
 
 

All source code and documentation on this site is released under the terms of the GNU General Public License, version 2 and later. Drupal is a registered trademark of Dries Buytaert.