1 <?php
 2 /**
 3  * Encrypt all passwords
 4  *
 5  * Action to encrypt all *clear text* passwords in the database according
 6  * to the current settings.
 7  * If the current settings are so that passwords shouldn't be encrypted,
 8  * an explanation will be printed out.
 9  *
10  * To run this action, the user needs to have administrator rights!
11  * 
12  * @package sapphire
13  * @subpackage tasks
14  */
15 class EncryptAllPasswordsTask extends BuildTask {
16     protected $title = 'Encrypt all passwords tasks';
17     
18     protected $description = 'Convert all plaintext passwords on the Member table to the default encryption/hashing algorithm. Note: This mainly applies to passwords in SilverStripe 2.1 or earlier, passwords in newer versions are hashed by default.';
19     
20     function init() {
21         parent::init();
22         
23         if(!Permission::check('ADMIN')) {
24             return Security::permissionFailure($this);
25         }
26     }
27     
28     public function run($request) {
29         $algo = Security::get_password_encryption_algorithm();
30         if($algo == 'none') {
31             $this->debugMessage('Password encryption disabled');
32             return;
33         }
34 
35         // Are there members with a clear text password?
36         $members = DataObject::get(
37             "Member", 
38             "\"PasswordEncryption\" = 'none' AND \"Password\" IS NOT NULL"
39         );
40 
41         if(!$members) {
42             $this->debugMessage('No passwords to encrypt');
43             return;
44         }
45 
46         // Encrypt the passwords...
47         $this->debugMessage('Encrypting all passwords');
48         $this->debugMessage(sprintf(
49             'The passwords will be encrypted using the %s algorithm',
50             $algo
51         ));
52 
53         foreach($members as $member) {
54             // Force the update of the member record, as new passwords get
55             // automatically encrypted according to the settings, this will do all
56             // the work for us
57             $member->PasswordEncryption = $algo;
58             $member->forceChange();
59             $member->write();
60             
61             $this->debugMessage(sprintf('Encrypted credentials for member #%d;', $member->ID));
62         }
63     }
64     
65     /**
66      * @todo This should really be taken care of by TestRunner
67      */
68     protected function debugMessage($msg) {
69         if(!SapphireTest::is_running_test()) {
70             Debug::message($msg);
71         }
72     }
73 }