diff --git a/modules/simpletest/tests/upgrade/drupal-6.user-password-token.database.php b/modules/simpletest/tests/upgrade/drupal-6.user-password-token.database.php index 367c704..e91b6e4 100644 --- a/modules/simpletest/tests/upgrade/drupal-6.user-password-token.database.php +++ b/modules/simpletest/tests/upgrade/drupal-6.user-password-token.database.php @@ -8,3 +8,48 @@ db_insert('variable')->fields(array( 'value' => 's:97:"!password, !username, !site, !uri, !uri_brief, !mailto, !date, !login_uri, !edit_uri, !login_url.";', )) ->execute(); + +db_insert('users')->fields(array( + 'uid', + 'name', + 'pass', + 'mail', + 'mode', + 'sort', + 'threshold', + 'theme', + 'signature', + 'signature_format', + 'created', + 'access', + 'login', + 'status', + 'timezone', + 'language', + 'picture', + 'init', + 'data', +)) +->values(array( + 'uid' => 3, + 'name' => 'hashtester', + // This is not a valid D7 hash, but a truncated one. + 'pass' => '$S$DAK00p3Dkojkf4O/UizYxenguXnjv', + 'mail' => 'hashtester@example.com', + 'mode' => '0', + 'sort' => '0', + 'threshold' => '0', + 'theme' => '', + 'signature' => '', + 'signature_format' => '0', + 'created' => '1277671599', + 'access' => '1277671612', + 'login' => '1277671612', + 'status' => '1', + 'timezone' => '-21600', + 'language' => '', + 'picture' => '', + 'init' => 'hashtester@example.com', + 'data' => 'a:0:{}', +)) +->execute(); diff --git a/modules/simpletest/tests/upgrade/upgrade.user.test b/modules/simpletest/tests/upgrade/upgrade.user.test index 6c66921..c33ba11 100644 --- a/modules/simpletest/tests/upgrade/upgrade.user.test +++ b/modules/simpletest/tests/upgrade/upgrade.user.test @@ -26,6 +26,9 @@ class UserUpgradePathPasswordTokenTestCase extends UpgradePathTestCase { public function testUserUpgrade() { $this->assertTrue($this->performUpgrade(), 'The upgrade was completed successfully.'); $this->assertEqual(variable_get('user_mail_register_no_approval_required_body'), ', [user:name], [site:name], [site:url], [site:url-brief], [user:mail], [date:medium], [site:login-url], [user:edit-url], [user:one-time-login-url].', 'Existing email templates have been modified (password token involved).'); + // Check that a non-md5 hash was untouched. + $pass = db_query('SELECT pass FROM {users} WHERE uid = 3')->fetchField(); + $this->assertEqual('$S$DAK00p3Dkojkf4O/UizYxenguXnjv', $pass, 'Pre-existing non-MD5 password hash was not altered'); } } diff --git a/modules/user/user.install b/modules/user/user.install index 9d855ea..9119aac 100644 --- a/modules/user/user.install +++ b/modules/user/user.install @@ -428,6 +428,13 @@ function user_update_7000(&$sandbox) { $result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", $sandbox['user_from'], $count); foreach ($result as $account) { $has_rows = TRUE; + + // If the $account->pass value is not a MD5 hash (a 32 character + // hexadecimal string) then skip it. + if (!preg_match('/^[0-9a-f]{32}$/', $account->pass)) { + continue; + } + $new_hash = user_hash_password($account->pass, $hash_count_log2); if ($new_hash) { // Indicate an updated password.