From 1454ad308a2dd4da47ae00955d8f0a6a8fa0b4e6 Mon Sep 17 00:00:00 2001
From: Ronald Q <ronald.quenta@processmaker.com>
Date: Thu, 1 Sep 2016 15:43:01 -0400
Subject: [PATCH] HOR-1765

fix in installer for user admin
---
 gulliver/system/class.g.php                 | 13 +++++++++++++
 rbac/engine/config/schema.xml               |  2 +-
 rbac/engine/data/mysql/schema.sql           |  2 +-
 workflow/engine/classes/class.Installer.php |  4 ++--
 workflow/engine/config/schema.xml           |  2 +-
 workflow/engine/controllers/installer.php   |  8 ++++----
 workflow/engine/data/mysql/insert.sql       |  1 +
 workflow/engine/data/mysql/schema.sql       |  2 +-
 8 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php
index 3fa6a1b34..05339ace2 100644
--- a/gulliver/system/class.g.php
+++ b/gulliver/system/class.g.php
@@ -31,6 +31,7 @@
 class G
 {
     const hashFx = 'md5';
+    const hash = 'hash';
     const hashFile = 'md5_file';
     const hashCrc = 'crc32';
     public $sessionVar = array(); //SESSION temporary array store.
@@ -5730,6 +5731,18 @@ class G
         $consthashFx = self::hashFx;
         return $consthashFx($string);
     }
+    /**
+     * encryptSha
+     *
+     * @param string $string
+     *
+     * @return sha256($string)
+     */
+    public static function encryptHash($string)
+    {
+        $consthash = self::hash;
+        return $consthash('sha256', $string);
+    }
     /**
     * encryptFileOld
     *
diff --git a/rbac/engine/config/schema.xml b/rbac/engine/config/schema.xml
index 3198e8ebd..a14e30655 100644
--- a/rbac/engine/config/schema.xml
+++ b/rbac/engine/config/schema.xml
@@ -142,7 +142,7 @@
     </vendor>
     <column name="USR_UID" type="VARCHAR" size="32" required="true" primaryKey="true" default="" />
     <column name="USR_USERNAME" type="VARCHAR" size="100" required="true" default="" />
-    <column name="USR_PASSWORD" type="VARCHAR" size="128" required="true" default="" />
+    <column name="USR_PASSWORD" type="VARCHAR" size="256" required="true" default="" />
     <column name="USR_FIRSTNAME" type="VARCHAR" size="50" required="true" default="" />
     <column name="USR_LASTNAME" type="VARCHAR" size="50" required="true" default="" />
     <column name="USR_EMAIL" type="VARCHAR" size="100" required="true" default="" />
diff --git a/rbac/engine/data/mysql/schema.sql b/rbac/engine/data/mysql/schema.sql
index 5dababf24..188426600 100644
--- a/rbac/engine/data/mysql/schema.sql
+++ b/rbac/engine/data/mysql/schema.sql
@@ -81,7 +81,7 @@ CREATE TABLE `RBAC_USERS`
 (
 	`USR_UID` VARCHAR(32) default '' NOT NULL,
 	`USR_USERNAME` VARCHAR(100) default '' NOT NULL,
-	`USR_PASSWORD` VARCHAR(128) default '' NOT NULL,
+	`USR_PASSWORD` VARCHAR(256) default '' NOT NULL,
 	`USR_FIRSTNAME` VARCHAR(50) default '' NOT NULL,
 	`USR_LASTNAME` VARCHAR(50) default '' NOT NULL,
 	`USR_EMAIL` VARCHAR(100) default '' NOT NULL,
diff --git a/workflow/engine/classes/class.Installer.php b/workflow/engine/classes/class.Installer.php
index f50d378bf..850710a92 100644
--- a/workflow/engine/classes/class.Installer.php
+++ b/workflow/engine/classes/class.Installer.php
@@ -469,12 +469,12 @@ class Installer
         //  The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0.
         //  $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1',
         //    "Add 'admin' user in ProcessMaker (wf)");
-        $this->run_query('UPDATE USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . '  `USR_PASSWORD` = \'' . G::encryptOld($this->options['admin']['password']) . '\' ' . '  WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (wf)");
+        $this->run_query('UPDATE USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . '  `USR_PASSWORD` = \'' . G::encryptHash($this->options['admin']['password']) . '\' ' . '  WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (wf)");
         mysql_select_db($this->rbac_site_name, $this->connection_database);
         // The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0.
         // $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1',
         //   "Add 'admin' user in ProcessMaker (rb)");
-        $this->run_query('UPDATE RBAC_USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . '  `USR_PASSWORD` = \'' . G::encryptOld($this->options['admin']['password']) . '\' ' . '  WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (rb)");
+        $this->run_query('UPDATE RBAC_USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . '  `USR_PASSWORD` = \'' . G::encryptHash($this->options['admin']['password']) . '\' ' . '  WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (rb)");
     }
 
     /**
diff --git a/workflow/engine/config/schema.xml b/workflow/engine/config/schema.xml
index 3bfe774b3..8118861ee 100644
--- a/workflow/engine/config/schema.xml
+++ b/workflow/engine/config/schema.xml
@@ -1518,7 +1518,7 @@
     </vendor>
     <column name="USR_UID" type="VARCHAR" size="32" required="true" primaryKey="true" default=""/>
     <column name="USR_USERNAME" type="VARCHAR" size="100" required="true" default=""/>
-    <column name="USR_PASSWORD" type="VARCHAR" size="32" required="true" default=""/>
+    <column name="USR_PASSWORD" type="VARCHAR" size="256" required="true" default=""/>
     <column name="USR_FIRSTNAME" type="VARCHAR" size="50" required="true" default=""/>
     <column name="USR_LASTNAME" type="VARCHAR" size="50" required="true" default=""/>
     <column name="USR_EMAIL" type="VARCHAR" size="100" required="true" default=""/>
diff --git a/workflow/engine/controllers/installer.php b/workflow/engine/controllers/installer.php
index c33956d43..59f018c44 100644
--- a/workflow/engine/controllers/installer.php
+++ b/workflow/engine/controllers/installer.php
@@ -853,10 +853,10 @@ class Installer extends Controller
             $query = sprintf( "USE %s;", $wf_workpace );
             $this->mysqlQuery( $query );
 
-            $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptOld( $adminPassword ) );
+            $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptHash( $adminPassword ) );
             $this->mysqlQuery( $query );
 
-            $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptOld( $adminPassword ) );
+            $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_LASTNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, $adminUsername, G::encryptHash( $adminPassword ) );
             $this->mysqlQuery( $query );
 
             // Write the paths_installed.php file (contains all the information configured so far)
@@ -1160,13 +1160,13 @@ class Installer extends Controller
             $query = sprintf( "USE %s;", $wf );
             $this->mssqlQuery( $query );
 
-            $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, G::encryptOld( $adminPassword ) );
+            $query = sprintf( "UPDATE USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, G::encryptHash( $adminPassword ) );
             $this->mssqlQuery( $query );
 
             $query = sprintf( "USE %s;", $wf );
             $this->mssqlQuery( $query );
 
-            $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, G::encryptOld( $adminPassword ) );
+            $query = sprintf( "UPDATE RBAC_USERS SET USR_USERNAME = '%s', USR_PASSWORD = '%s' WHERE USR_UID = '00000000000000000000000000000001' ", $adminUsername, G::encryptHash( $adminPassword ) );
             $this->mssqlQuery( $query );
 
             // Write the paths_installed.php file (contains all the information configured so far)
diff --git a/workflow/engine/data/mysql/insert.sql b/workflow/engine/data/mysql/insert.sql
index 22c59cd02..a94bd5e98 100644
--- a/workflow/engine/data/mysql/insert.sql
+++ b/workflow/engine/data/mysql/insert.sql
@@ -61526,6 +61526,7 @@ INSERT INTO DASHLET_INSTANCE (DAS_INS_UID,DAS_UID,DAS_INS_OWNER_TYPE,DAS_INS_OWN
 
 INSERT INTO CONFIGURATION (CFG_UID,OBJ_UID,CFG_VALUE,PRO_UID,USR_UID,APP_UID) VALUES
 ('ENVIRONMENT_SETTINGS','','a:1:{s:18:"directoryStructure";i:2;}','','',''),
+('ENTERPRISE_SETTING_ENCRYPT','','a:2:{s:7:"current";s:6:"sha256";s:8:"previous";s:3:"md5";}','','',''),
 ('MIGRATED_LIST','list','true','list','list','list'),
 ('MIGRATED_LIST_UNASSIGNED','list','true','list','list','list'),
 ('SKIN_CRON','','s:10:"neoclassic";','','',''),
diff --git a/workflow/engine/data/mysql/schema.sql b/workflow/engine/data/mysql/schema.sql
index 3a715f197..a28ef8448 100644
--- a/workflow/engine/data/mysql/schema.sql
+++ b/workflow/engine/data/mysql/schema.sql
@@ -722,7 +722,7 @@ CREATE TABLE `USERS`
 (
 	`USR_UID` VARCHAR(32) default '' NOT NULL,
 	`USR_USERNAME` VARCHAR(100) default '' NOT NULL,
-	`USR_PASSWORD` VARCHAR(32) default '' NOT NULL,
+	`USR_PASSWORD` VARCHAR(256) default '' NOT NULL,
 	`USR_FIRSTNAME` VARCHAR(50) default '' NOT NULL,
 	`USR_LASTNAME` VARCHAR(50) default '' NOT NULL,
 	`USR_EMAIL` VARCHAR(100) default '' NOT NULL,