Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitization example- correct for D7? #79

Open
ptmkenny opened this issue Jun 22, 2016 · 5 comments
Open

Sanitization example- correct for D7? #79

ptmkenny opened this issue Jun 22, 2016 · 5 comments

Comments

@ptmkenny
Copy link

ptmkenny commented Jun 22, 2016

I may be doing it wrong, but the sanitization example does not seem to be correct for resetting the password on Drupal 7.

When I use the statement:

db_query("UPDATE users SET pass = MD5(CONCAT('MILDSECRET', name));");

And then try to log in, it won't accept the password. The sanitation script references this blog post, http://crackingdrupal.com/blog/greggles/creating-sanitized-drupal-database-dump#comment-164, which is dated to 2010, a year before Drupal 7 was released.

Can the example be updated to handle Drupal 7 as well?

EDIT:

The real goal here is to have a way to do basic DB sanitization (email addresses and passwords) in D7. It doesn't matter if it uses Drush or some other way, but I want to be able to log in as UID@localhost.com with password "password". (in other words, more or less the default behavior of drush sql-sanitize)

@stevector
Copy link
Collaborator

Hi @ptmkenny, what is the behavior you are expecting? This code is meant to remove the stored password hashes from the database and replace them with nearly unusable hashes. the purpose of this script is to prevent distribution of real users' password hashes.

It is conceivable that you could reverse engineer a usable password to enter for a user after this script ran, but that is not the intention. If you want to log in to a site after running this script you should run drush user-login.

@ptmkenny
Copy link
Author

@stevector Hmm, ok. I was expecting it to have similar behavior to drush sql-sanitize, which by default sets all user passwords to "password".

@stevector
Copy link
Collaborator

@ptmkenny you could use drush sql-sanitize as well. Here is an example of calling a drush command via Quicksilver: https://github.com/pantheon-systems/quicksilver-examples/blob/master/drush_revert_features/revert_all_features.php

This example was written before Quicksilver had the capacity to run Drush commands. Perhaps we should update this example to use Drush.

@ptmkenny
Copy link
Author

@stevector Have you successfully used drush sql-sanitize on Pantheon? It blows up for me when I try it:

$ drush @MYSITE.dev sql-sanitize --sanitize-email=no
PTY allocation request failed on channel 0

Fatal error: Class 'Drupal' not found in /opt/pantheon/drush-8/commands/sql/sql.drush.inc on line 658
Ok
Drush command terminated abnormally due to an unrecoverable error. [error]
Error: Class 'Drupal' not found in
/opt/pantheon/drush-8/commands/sql/sql.drush.inc, line 658

@stevector
Copy link
Collaborator

I am getting the same error. @greg-1-anderson, do you have thoughts on this question?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants