Remove SQL column legacy_password

diff --git a/database.sql b/database.sql
index aa87247..c4b93e2 100644 (file)
--- a/database.sql
+++ b/database.sql
@@ -1019,7 +1019,6 @@ CREATE TABLE IF NOT EXISTS `user` (
        `guid` varchar(64) NOT NULL DEFAULT '' COMMENT '',
        `username` varchar(255) NOT NULL DEFAULT '' COMMENT '',
        `password` varchar(255) NOT NULL DEFAULT '' COMMENT '',
-       `legacy_password` boolean NOT NULL DEFAULT '0' COMMENT 'Is the password hash double-hashed?',
        `nickname` varchar(255) NOT NULL DEFAULT '' COMMENT '',
        `email` varchar(255) NOT NULL DEFAULT '' COMMENT '',
        `openid` varchar(255) NOT NULL DEFAULT '' COMMENT '',

diff --git a/src/Database/DBStructure.php b/src/Database/DBStructure.php
index 67c8d7b..275d956 100644 (file)
--- a/src/Database/DBStructure.php
+++ b/src/Database/DBStructure.php
@@ -1726,7 +1726,6 @@ class DBStructure
                                                "guid" => ["type" => "varchar(64)", "not null" => "1", "default" => "", "comment" => ""],
                                                "username" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
                                                "password" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
-                                               "legacy_password" => ["type" => "boolean", "not null" => "1", "default" => "0", "comment" => "Is the password hash double-hashed?"],
                                                "nickname" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
                                                "email" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],
                                                "openid" => ["type" => "varchar(255)", "not null" => "1", "default" => "", "comment" => ""],

diff --git a/src/Model/User.php b/src/Model/User.php
index ef495a4..6178906 100644 (file)
--- a/src/Model/User.php
+++ b/src/Model/User.php
@@ -170,13 +170,12 @@ class User
 
                        if (!isset($user['uid'])
                                || !isset($user['password'])
-                               || !isset($user['legacy_password'])
                        ) {
                                throw new Exception(L10n::t('Not enough information to authenticate'));
                        }
                } elseif (is_int($user_info) || is_string($user_info)) {
                        if (is_int($user_info)) {
-                               $user = dba::selectFirst('user', ['uid', 'password', 'legacy_password'],
+                               $user = dba::selectFirst('user', ['uid', 'password'],
                                        [
                                                'uid' => $user_info,
                                                'blocked' => 0,
@@ -186,7 +185,7 @@ class User
                                        ]
                                );
                        } else {
-                               $user = dba::fetch_first('SELECT `uid`, `password`, `legacy_password`
+                               $user = dba::fetch_first('SELECT `uid`, `password`
                                        FROM `user`
                                        WHERE (`email` = ? OR `username` = ? OR `nickname` = ?)
                                        AND `blocked` = 0
@@ -277,7 +276,6 @@ class User
                        'password' => $pasword_hashed,
                        'pwdreset' => null,
                        'pwdreset_time' => null,
-                       'legacy_password' => false
                ];
                return dba::update('user', $fields, ['uid' => $uid]);
        }

diff --git a/src/Util/ExAuth.php b/src/Util/ExAuth.php
index d4436e3..cdf663b 100644 (file)
--- a/src/Util/ExAuth.php
+++ b/src/Util/ExAuth.php
@@ -226,7 +226,7 @@ class ExAuth
                if ($a->get_hostname() == $aCommand[2]) {
                        $this->writeLog(LOG_INFO, 'internal auth for ' . $sUser . '@' . $aCommand[2]);
 
-                       $aUser = dba::selectFirst('user', ['uid', 'password', 'legacy_password'], ['nickname' => $sUser]);
+                       $aUser = dba::selectFirst('user', ['uid', 'password'], ['nickname' => $sUser]);
                        if (DBM::is_result($aUser)) {
                                $uid = $aUser['uid'];
                                $success = User::authenticate($aUser, $aCommand[3]);

diff --git a/update.php b/update.php
index bc14b3a..0cbc030 100644 (file)
--- a/update.php
+++ b/update.php
@@ -149,12 +149,9 @@ function update_1203() {
 }
 
 function update_1244() {
-       // Sets legacy_password for all legacy hashes
-       dba::update('user', ['legacy_password' => true], ['SUBSTR(password, 1, 4) != "$2y$"']);
-
        // All legacy hashes are re-hashed using the new secure hashing function
-       $stmt = dba::select('user', ['uid', 'password'], ['legacy_password' => true]);
-       while($user = dba::fetch($stmt)) {
+       $stmt = dba::select('user', ['uid', 'password'], ['password NOT LIKE "$%"']);
+       while ($user = dba::fetch($stmt)) {
                dba::update('user', ['password' => User::hashPassword($user['password'])], ['uid' => $user['uid']]);
        }