admin
If for any reason you are still using plain text passwords in your database, it is the time to switch to a reliable hashing mechanim like BCRYPT. Here is how you can make this switch in PHPRunner applications. - Make sure your password field is long enough to store hashed passwords. We recommend a text field 100 characters long.
- Create a backup of your login table. In MySQL this can be as simple as SELECT * INTO mytable_backup FROM mytable
- Save C# code below to a file named <project folder>\source\bcrypt.cs
- Change the following variables:
table = new XVar("tablename"); // login table name
bcryprt_field = new XVar("fieldname"); // password field name
keyfield = new XVar("fieldname"); // login table key column name
cnt = new XVar(100); // display progress after each 100 records- Build the project and upload to the website. Run the script as https://yourwebsite.com/project/bcrypt
C# code:
using System;
using System.IO;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web;
using System.Web.Mvc;
using System.Reflection;
using runnerDotNet;
namespace runnerDotNet
{
public partial class GlobalController : BaseController
{
public XVar bcrypt()
{
try
{
dynamic bcryprt_field = null, cnt = null, keyfield = null, table = null;
table = new XVar("");
bcryprt_field = new XVar("");
keyfield = new XVar("");
cnt = new XVar(100);
Server.ScriptTimeout = 100000;
if(MVCFunctions.postvalue(new XVar("a")) != "bcrypt")
{
MVCFunctions.Echo("<script type='text/javascript' src='include/jquery.js?41242'></script>");
MVCFunctions.Echo("<div id='currStep'>Start...</div>");
MVCFunctions.Echo(MVCFunctions.Concat("<script>\r\n\twindow.curcount = 0;\r\n\twindow.totalcount = 0;\r\n\tstartSending();\r\n\r\n\tfunction startSending(){\r\n\t\t$.post('bcrypt',{\r\n\t\t\tstep: window.curcount,\r\n\t\t\ta: 'bcrypt'\r\n\t\t})\r\n\t\t.done(function(sendingMessagesInstep){\r\n\t\t\tif(sendingMessagesInstep == 'error'){\r\n\t\t\t\t$('#currStep').html('Not all data is exists');\r\n\t\t\t\treturn false;\r\n\t\t\t}\r\n\t\t\twindow.totalcount+=parseInt(sendingMessagesInstep);\r\n\t\t\tif (sendingMessagesInstep == ", cnt, ") {\r\n\t\t\t\twindow.curcount++;\r\n\t\t\t\t$('#currStep').html((window.curcount * ", cnt, ")+' records processed');\r\n\t\t\t\tstartSending();\r\n\t\t\t} else {\r\n\t\t\t\t$('#currStep').html('Total processed '+window.totalcount+' records');\r\n\t\t\t\twindow.curcount = 0;\r\n\t\t\t\twindow.totalcount = 0;\r\n\t\t\t};\r\n\t\t});\r\n\t}\r\n\r\n\t</script>"));
}
if(MVCFunctions.postvalue(new XVar("a")) == "bcrypt")
{
dynamic data = XVar.Array(), i = null, resutl = null, rs = null, step = null;
if((XVar)((XVar)((XVar)(!(XVar)(table)) || (XVar)(!(XVar)(bcryprt_field))) || (XVar)(!(XVar)(keyfield))) || (XVar)(!(XVar)(cnt)))
{
MVCFunctions.Echo("error");
MVCFunctions.Echo(new XVar(""));
return MVCFunctions.GetBuferContentAndClearBufer();
}
step = XVar.Clone(CommonFunctions.intval((XVar)(MVCFunctions.postvalue(new XVar("step")))));
rs = XVar.Clone(DB.Select((XVar)(table)));
i = new XVar(0);
resutl = new XVar(0);
while(XVar.Pack(data = XVar.Clone(rs.fetchAssoc())))
{
if((XVar)(step * cnt <= i) && (XVar)(i < (step + 1) * cnt))
{
dynamic value = null;
value = XVar.Clone(data[bcryprt_field]);
if(XVar.Pack(!(XVar)(isBcryptHash((XVar)(value)))))
{
dynamic newvalue = null;
newvalue = XVar.Clone(MVCFunctions.getPasswordHash((XVar)(value)));
DB.Update((XVar)(table), (XVar)(new XVar(bcryprt_field, newvalue)), (XVar)(new XVar(keyfield, data[keyfield])));
}
resutl++;
}
if((step + 1) * cnt <= i)
{
break;
}
i++;
}
MVCFunctions.Echo(resutl);
MVCFunctions.Echo(new XVar(""));
return MVCFunctions.GetBuferContentAndClearBufer();
}
return MVCFunctions.GetBuferContentAndClearBufer();
}
catch(RunnerRedirectException ex)
{ return Redirect(ex.Message); }
}
public static XVar isBcryptHash(dynamic password)
{
dynamic pwdParts = XVar.Array();
if(XVar.Equals(XVar.Pack(MVCFunctions.strlen(password)), XVar.Pack(0)))
{
return true;
}
pwdParts = XVar.Clone(CommonFunctions.explode(new XVar("$"), (XVar)(password)));
if(!XVar.Equals(XVar.Pack(MVCFunctions.count(pwdParts)), XVar.Pack(4)))
{
return false;
}
if(!XVar.Equals(XVar.Pack(pwdParts[0]), XVar.Pack("")))
{
return false;
}
if(XVar.Pack(!(XVar)(CommonFunctions.in_array((XVar)(pwdParts[1]), (XVar)(new XVar(0, "2a", 1, "2b", 2, "2y", 3, "2x"))))))
{
return false;
}
if((XVar)(!(XVar)(MVCFunctions.IsNumeric(pwdParts[2]))) || (XVar)(pwdParts[2] < 1))
{
return false;
}
if(!XVar.Equals(XVar.Pack(MVCFunctions.strlen(pwdParts[3])), XVar.Pack(53)))
{
return false;
}
return true;
}
}
}``` |
|