From 17a8e61d2ae9e938aaf60292666b6ccf5cb09067 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sat, 7 Jan 2017 14:25:46 +0300
Subject: deprecate encrypted feed passwords because mcrypt is getting removed
 from php 7.1

1. transparent decryption for existing installs stays for the time being
2. new passwords are not going to be encrypted even if FEED_CRYPT_KEY is defined
3. added update.php --decrypt-feeds to bulk decrypt existing encrypted passwords
4. updated install to not auto-generate crypt key
5. added warning to config.php-dist
---
 update.php | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'update.php')

diff --git a/update.php b/update.php
index 65cf9f06e..821d25bce 100755
--- a/update.php
+++ b/update.php
@@ -38,6 +38,7 @@
 			"debug-feed:",
 			"force-refetch",
 			"force-rehash",
+			"decrypt-feeds",
 			"help");
 
 	foreach (PluginHost::getInstance()->get_commands() as $command => $data) {
@@ -91,6 +92,7 @@
 		print "  --debug-feed N       - perform debug update of feed N\n";
 		print "  --force-refetch      - debug update: force refetch feed data\n";
 		print "  --force-rehash       - debug update: force rehash articles\n";
+		print "  --decrypt-feeds      - decrypt feed passwords\n";
 		print "  --help               - show this help\n";
 		print "Plugin options:\n";
 
@@ -402,6 +404,36 @@
 		update_rss_feed($feed);
 	}
 
+	if (isset($options["decrypt-feeds"])) {
+		$result = db_query("SELECT id, auth_pass FROM ttrss_feeds WHERE auth_pass_encrypted = true");
+
+		if (!function_exists("mcrypt_decrypt")) {
+			_debug("mcrypt functions not available.");
+			return;
+		}
+
+		require_once "crypt.php";
+
+		$total = 0;
+
+		db_query("BEGIN");
+
+		while ($line = db_fetch_assoc($result)) {
+			_debug("processing feed id " . $line["id"]);
+
+			$auth_pass = db_escape_string(decrypt_string($line["auth_pass"]));
+
+			db_query("UPDATE ttrss_feeds SET auth_pass_encrypted = false, auth_pass = '$auth_pass' 
+				WHERE id = " . $line["id"]);
+
+			++$total;
+		}
+
+		db_query("COMMIT");
+
+		_debug("$total feeds processed.");
+	}
+
 	PluginHost::getInstance()->run_commands($options);
 
 	if (file_exists(LOCK_DIRECTORY . "/$lock_filename"))
-- 
cgit v1.2.3-54-g00ecf