Download & Extend
Secure Password Hashes » Issues

How to remove phpass ?

Posted by chipway-drupal on September 12, 2008 at 3:34pm
Project:Secure Password Hashes
Version:6.x-1.x-dev
Component:Code
Category:support request
Priority:normal
Assigned:Unassigned
Status:closed (fixed)

Issue Summary

Hi,

Since my problem with phpass dev (http://drupal.org/node/302553) I get random issues : I can connect or I can not.

I think that it comes from phpass.

I tried
- to go back to md5
- to remove phpass, but it can't.

Does any one know How to remove phpass from a^production site ?

and give my users ability to connect, either directly or after asking a new password ?

Thank you very much.

Login or register to post comments

Comments

#1

Posted by nicholas.alipaz on September 23, 2009 at 11:44pm

I too found this to be an issue on a live site I was using. While staying logged in, I uninstalled phpass then I just put the following script into a node/add form with the php filter turned on then clicked preview one time. Be sure not to save it in the node.

Warning, this script could take considerable amount of time to execute depending on the number of users you have:

<?php
function createPassword($length) {
  $chars = "23456789abcdefghijkmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ";
  $i = 0;
  $password = "";
  while ($i <= $length) {
    $password .= $chars{mt_rand(0,strlen($chars))};
    $i++;
  }
  return $password;
}
function resetPasses() {
  //$i = 0;
  $result  = db_query("SELECT uid, name, mail FROM {users} WHERE pass = 'phpass'");
  $from = 'admin@example.com';
  $subject = '[Site Name] Important Account Details';
  $headers  = 'MIME-Version: 1.0' . "\r\n";
  $headers .= 'Content-type: text/html; charset=UNICODE-1-1-UTF-8' . "\r\n";
  $headers .= "From: $from\r\n";
  $setmsg = 'Passwords have been regenerated and emails sent for the following users:';
  $message = "
    Dear %s,<br /><br />
    Due to needed upgrades, your Site Name site password has been reset.  Here are your new credentials:
    <blockquote>
      User: %s<br />
      Pass: %s
    </blockquote>
    Sorry for any inconvenience.  Once you login, you may change your password by navigating to \"My Account.\"<br />
    --<br />
    The Site Name Team";
  while ($user = db_fetch_object($result)) {
    //if ($i < 20) {
      $username = $user->name;
      $uid = $user->uid;
      $email = $user->mail;
      $password = createPassword(8);
      $msg = sprintf($message, $username, $username, $password);
      db_query("UPDATE {users} SET pass = MD5('%s') WHERE uid = %d", array($password, $uid));
      mail($email, $subject, $msg, $headers);
      $setmsg .= '<br />' . $username;
      $i++;
    //}
  }
  drupal_set_message($setmsg);
}
resetPasses();
?>

be sure to change the Site Name and email and such to suit your needs. This could be added to the uninstall script if someone were so inclined.

Note, if you are getting timeouts trying to run this then it might be useful to comment in the commented out lines and just run a few emails at a time. It is currently set to do 20 if he lines are commented in.

#2

Posted by chipway-drupal on September 24, 2009 at 8:30am

Hi,

Thank you Nicholas, but in fact since this issue i run Secure Password Hashes (phpass) 6.x-1.x-dev (2008-Nov-25) on a prod site for a lot of time with no probleme.

Regards

#3

Posted by nicholas.alipaz on September 24, 2009 at 9:25am

glad your issue was solved. I originally installed for integration between phpBB3 and Drupal but have since converted the whole site to Drupal. I recently found another module that seemed to conflict with phpass so I needed to convert everyone to MD5.

#4

Posted by Owen Barton on January 29, 2010 at 8:29pm
Status:active» fixed

The above script should do it, or you could use http://drupal.org/project/password_expire to force users to change their passwords.

#5

Posted by System Message on February 12, 2010 at 8:30pm
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

nobody click here