diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php
index 3fa6a1b34..05339ace2 100644
--- a/gulliver/system/class.g.php
+++ b/gulliver/system/class.g.php
@@ -31,6 +31,7 @@
class G
{
const hashFx = 'md5';
+ const hash = 'hash';
const hashFile = 'md5_file';
const hashCrc = 'crc32';
public $sessionVar = array(); //SESSION temporary array store.
@@ -5730,6 +5731,18 @@ class G
$consthashFx = self::hashFx;
return $consthashFx($string);
}
+ /**
+ * encryptSha
+ *
+ * @param string $string
+ *
+ * @return sha256($string)
+ */
+ public static function encryptHash($string)
+ {
+ $consthash = self::hash;
+ return $consthash('sha256', $string);
+ }
/**
* encryptFileOld
*
diff --git a/rbac/engine/config/schema.xml b/rbac/engine/config/schema.xml
index 3198e8ebd..a14e30655 100644
--- a/rbac/engine/config/schema.xml
+++ b/rbac/engine/config/schema.xml
@@ -142,7 +142,7 @@
-
+
diff --git a/rbac/engine/data/mysql/schema.sql b/rbac/engine/data/mysql/schema.sql
index 5dababf24..188426600 100644
--- a/rbac/engine/data/mysql/schema.sql
+++ b/rbac/engine/data/mysql/schema.sql
@@ -81,7 +81,7 @@ CREATE TABLE `RBAC_USERS`
(
`USR_UID` VARCHAR(32) default '' NOT NULL,
`USR_USERNAME` VARCHAR(100) default '' NOT NULL,
- `USR_PASSWORD` VARCHAR(128) default '' NOT NULL,
+ `USR_PASSWORD` VARCHAR(256) default '' NOT NULL,
`USR_FIRSTNAME` VARCHAR(50) default '' NOT NULL,
`USR_LASTNAME` VARCHAR(50) default '' NOT NULL,
`USR_EMAIL` VARCHAR(100) default '' NOT NULL,
diff --git a/workflow/engine/classes/class.Installer.php b/workflow/engine/classes/class.Installer.php
index f50d378bf..850710a92 100644
--- a/workflow/engine/classes/class.Installer.php
+++ b/workflow/engine/classes/class.Installer.php
@@ -469,12 +469,12 @@ class Installer
// The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0.
// $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1',
// "Add 'admin' user in ProcessMaker (wf)");
- $this->run_query('UPDATE USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . G::encryptOld($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (wf)");
+ $this->run_query('UPDATE USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . G::encryptHash($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (wf)");
mysql_select_db($this->rbac_site_name, $this->connection_database);
// The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0.
// $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1',
// "Add 'admin' user in ProcessMaker (rb)");
- $this->run_query('UPDATE RBAC_USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . G::encryptOld($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (rb)");
+ $this->run_query('UPDATE RBAC_USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . G::encryptHash($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (rb)");
}
/**
diff --git a/workflow/engine/config/schema.xml b/workflow/engine/config/schema.xml
index 3bfe774b3..8118861ee 100644
--- a/workflow/engine/config/schema.xml
+++ b/workflow/engine/config/schema.xml
@@ -1518,7 +1518,7 @@
-
+
diff --git a/workflow/engine/controllers/installer.php b/workflow/engine/controllers/installer.php
index c33956d43..59f018c44 100644
--- a/workflow/engine/controllers/installer.php
+++ b/workflow/engine/controllers/installer.php
@@ -853,10 +853,10 @@ class Installer extends Controller
$query = sprintf( "USE %s;", $wf_workpace );
$this->mysqlQuery( $query );
- $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptOld( $adminPassword ) );
+ $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptHash( $adminPassword ) );
$this->mysqlQuery( $query );
- $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptOld( $adminPassword ) );
+ $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptHash( $adminPassword ) );
$this->mysqlQuery( $query );
// Write the paths_installed.php file (contains all the information configured so far)
@@ -1160,13 +1160,13 @@ class Installer extends Controller
$query = sprintf( "USE %s;", $wf );
$this->mssqlQuery( $query );
- $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, G::encryptOld( $adminPassword ) );
+ $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, G::encryptHash( $adminPassword ) );
$this->mssqlQuery( $query );
$query = sprintf( "USE %s;", $wf );
$this->mssqlQuery( $query );
- $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, G::encryptOld( $adminPassword ) );
+ $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, G::encryptHash( $adminPassword ) );
$this->mssqlQuery( $query );
// Write the paths_installed.php file (contains all the information configured so far)
diff --git a/workflow/engine/data/mysql/insert.sql b/workflow/engine/data/mysql/insert.sql
index 22c59cd02..a94bd5e98 100644
--- a/workflow/engine/data/mysql/insert.sql
+++ b/workflow/engine/data/mysql/insert.sql
@@ -61526,6 +61526,7 @@ INSERT INTO DASHLET_INSTANCE (DAS_INS_UID,DAS_UID,DAS_INS_OWNER_TYPE,DAS_INS_OWN
INSERT INTO CONFIGURATION (CFG_UID,OBJ_UID,CFG_VALUE,PRO_UID,USR_UID,APP_UID) VALUES
('ENVIRONMENT_SETTINGS','','a:1:{s:18:"directoryStructure";i:2;}','','',''),
+('ENTERPRISE_SETTING_ENCRYPT','','a:2:{s:7:"current";s:6:"sha256";s:8:"previous";s:3:"md5";}','','',''),
('MIGRATED_LIST','list','true','list','list','list'),
('MIGRATED_LIST_UNASSIGNED','list','true','list','list','list'),
('SKIN_CRON','','s:10:"neoclassic";','','',''),
diff --git a/workflow/engine/data/mysql/schema.sql b/workflow/engine/data/mysql/schema.sql
index 3a715f197..a28ef8448 100644
--- a/workflow/engine/data/mysql/schema.sql
+++ b/workflow/engine/data/mysql/schema.sql
@@ -722,7 +722,7 @@ CREATE TABLE `USERS`
(
`USR_UID` VARCHAR(32) default '' NOT NULL,
`USR_USERNAME` VARCHAR(100) default '' NOT NULL,
- `USR_PASSWORD` VARCHAR(32) default '' NOT NULL,
+ `USR_PASSWORD` VARCHAR(256) default '' NOT NULL,
`USR_FIRSTNAME` VARCHAR(50) default '' NOT NULL,
`USR_LASTNAME` VARCHAR(50) default '' NOT NULL,
`USR_EMAIL` VARCHAR(100) default '' NOT NULL,