drupal/modules/user/user.install

<?php
// $Id$

/**
 * Implementation of hook_schema().
 */
function user_schema() {
  $schema['authmap'] = array(
    'description' => t('Stores distributed authentication mapping.'),
    'fields' => array(
      'aid' => array(
        'description' => t('Primary Key: Unique authmap ID.'),
        'type' => 'serial',
        'unsigned' => TRUE,
        'not null' => TRUE,
      ),
      'uid' => array(
        'type' => 'int',
        'not null' => TRUE,
        'default' => 0,
        'description' => t("User's {users}.uid."),
      ),
      'authname' => array(
        'type' => 'varchar',
        'length' => 128,
        'not null' => TRUE,
        'default' => '',
        'description' => t('Unique authentication name.'),
      ),
      'module' => array(
        'type' => 'varchar',
        'length' => 128,
        'not null' => TRUE,
        'default' => '',
        'description' => t('Module which is controlling the authentication.'),
      ),
    ),
    'unique keys' => array(
      'authname' => array('authname'),
    ),
    'primary key' => array('aid'),
  );

  $schema['role_permission'] = array(
    'description' => t('Stores the permissions assigned to user roles.'),
    'fields' => array(
      'rid' => array(
        'type' => 'int',
        'unsigned' => TRUE,
        'not null' => TRUE,
        'description' => t('Foreign Key: {role}.rid.'),
      ),
      'permission' => array(
        'type' => 'varchar',
        'length' => 64,
        'not null' => TRUE,
        'default' => '',
        'description' => t('A single permission granted to the role identified by rid.'),
      ),
    ),
    'primary key' => array('rid', 'permission'),
    'indexes' => array(
      'permission' => array('permission'),
    ),
  );

  $schema['role'] = array(
    'description' => t('Stores user roles.'),
    'fields' => array(
      'rid' => array(
        'type' => 'serial',
        'unsigned' => TRUE,
        'not null' => TRUE,
        'description' => t('Primary Key: Unique role ID.'),
      ),
      'name' => array(
        'type' => 'varchar',
        'length' => 64,
        'not null' => TRUE,
        'default' => '',
        'description' => t('Unique role name.'),
      ),
    ),
    'unique keys' => array(
      'name' => array('name'),
    ),
    'primary key' => array('rid'),
  );

  $schema['users'] = array(
    'description' => t('Stores user data.'),
    'fields' => array(
      'uid' => array(
        'type' => 'serial',
        'unsigned' => TRUE,
        'not null' => TRUE,
        'description' => t('Primary Key: Unique user ID.'),
      ),
      'name' => array(
        'type' => 'varchar',
        'length' => 60,
        'not null' => TRUE,
        'default' => '',
        'description' => t('Unique user name.'),
      ),
      'pass' => array(
        'type' => 'varchar',
        'length' => 128,
        'not null' => TRUE,
        'default' => '',
        'description' => t("User's password (hashed)."),
      ),
      'mail' => array(
        'type' => 'varchar',
        'length' => 64,
        'not null' => FALSE,
        'default' => '',
        'description' => t("User's email address."),
      ),
      'theme' => array(
        'type' => 'varchar',
        'length' => 255,
        'not null' => TRUE,
        'default' => '',
        'description' => t("User's default theme."),
      ),
      'signature' => array(
        'type' => 'varchar',
        'length' => 255,
        'not null' => TRUE,
        'default' => '',
        'description' => t("User's signature."),
      ),
      'created' => array(
        'type' => 'int',
        'not null' => TRUE,
        'default' => 0,
        'description' => t('Timestamp for when user was created.'),
      ),
      'access' => array(
        'type' => 'int',
        'not null' => TRUE,
        'default' => 0,
        'description' => t('Timestamp for previous time user accessed the site.'),
      ),
      'login' => array(
        'type' => 'int',
        'not null' => TRUE,
        'default' => 0,
        'description' => t("Timestamp for user's last login."),
      ),
      'status' => array(
        'type' => 'int',
        'not null' => TRUE,
        'default' => 0,
        'size' => 'tiny',
        'description' => t('Whether the user is active(1) or blocked(0).'),
      ),
      'timezone' => array(
        'type' => 'varchar',
        'length' => 8,
        'not null' => FALSE,
        'description' => t("User's timezone."),
      ),
      'language' => array(
        'type' => 'varchar',
        'length' => 12,
        'not null' => TRUE,
        'default' => '',
        'description' => t("User's default language."),
      ),
      'picture' => array(
        'type' => 'varchar',
        'length' => 255,
        'not null' => TRUE,
        'default' => '',
        'description' => t("Path to the user's uploaded picture."),
      ),
      'init' => array(
        'type' => 'varchar',
        'length' => 64,
        'not null' => FALSE,
        'default' => '',
        'description' => t('Email address used for initial account creation.'),
      ),
      'data' => array(
        'type' => 'text',
        'not null' => FALSE,
        'size' => 'big',
        'serialize' => TRUE,
        'description' => t('A serialized array of name value pairs that are related to the user. Any form values posted during user edit are stored and are loaded into the $user object during user_load(). Use of this field is discouraged and it will likely disappear in a future version of Drupal.'),
      ),
    ),
    'indexes' => array(
      'access' => array('access'),
      'created' => array('created'),
      'mail' => array('mail'),
    ),
    'unique keys' => array(
      'name' => array('name'),
    ),
    'primary key' => array('uid'),
  );

  $schema['users_roles'] = array(
    'description' => t('Maps users to roles.'),
    'fields' => array(
      'uid' => array(
        'type' => 'int',
        'unsigned' => TRUE,
        'not null' => TRUE,
        'default' => 0,
        'description' => t('Primary Key: {users}.uid for user.'),
      ),
      'rid' => array(
        'type' => 'int',
        'unsigned' => TRUE,
        'not null' => TRUE,
        'default' => 0,
        'description' => t('Primary Key: {role}.rid for role.'),
      ),
    ),
    'primary key' => array('uid', 'rid'),
    'indexes' => array(
      'rid' => array('rid'),
    ),
  );

  return $schema;
}

/**
 * @defgroup user-updates-6.x-to-7.x User updates from 6.x to 7.x
 * @{
 */

/**
 * Increase the length of the password field to accommodate better hashes.
 *
 * Also re-hashes all current passwords to improve security. This may be a
 * lengthy process, and is performed batch-wise.
 */
function user_update_7000(&$sandbox) {
  $ret = array('#finished' => 0);
  // Lower than DRUPAL_HASH_COUNT to make the update run at a reasonable speed.
  $hash_count_log2 = 11;
  // Multi-part update.
  if (!isset($sandbox['user_from'])) {
    db_change_field($ret, 'users', 'pass', 'pass', array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => ''));
    $sandbox['user_from'] = 0;
    $sandbox['user_count'] = db_result(db_query("SELECT COUNT(uid) FROM {users}"));
  }
  else {
    require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
    //  Hash again all current hashed passwords.
    $has_rows = FALSE;
    // Update this many per page load.
    $count = 1000;
    $result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", $sandbox['user_from'], $count);
    while ($account = db_fetch_array($result)) {
       $has_rows = TRUE;
       $new_hash = user_hash_password($account['pass'], $hash_count_log2);
       if ($new_hash) {
         // Indicate an updated password.
         $new_hash  = 'U' . $new_hash;
         db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account['uid']);
       }
    }
    $ret['#finished'] = $sandbox['user_from']/$sandbox['user_count'];
    $sandbox['user_from'] += $count;
    if (!$has_rows) {
      $ret['#finished'] = 1;
      $ret[] = array('success' => TRUE, 'query' => "UPDATE {users} SET pass = 'U' . user_hash_password(pass) WHERE uid > 0");
    }
  }
  return $ret;
}

/**
 * Remove the 'threshold', 'mode' and 'sort' columns from the {user} table.
 *
 * These fields were previously used to store per-user comment settings.
 */

function user_update_7001() {
  $ret = array();
  db_drop_field($ret, 'users', 'threshold');
  db_drop_field($ret, 'users', 'mode');
  db_drop_field($ret, 'users', 'sort');

  return $ret;
}

/**
 * @} End of "defgroup user-updates-6.x-to-7.x"
 * The next series of updates should start at 8000.
 */
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`<?php`
			`// $Id$`

			`/**`
			`* Implementation of hook_schema().`
			`*/`
			`function user_schema() {`
			`$schema['authmap'] = array(`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'description' => t('Stores distributed authentication mapping.'),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`'fields' => array(`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'aid' => array(`
			`'description' => t('Primary Key: Unique authmap ID.'),`
			`'type' => 'serial',`
			`'unsigned' => TRUE,`
			`'not null' => TRUE,`
			`),`
			`'uid' => array(`
			`'type' => 'int',`
			`'not null' => TRUE,`
			`'default' => 0,`
#187881 by mooffie: fix misnamed database table names in schema documentation 2007-11-04 14:33:07 +00:00			`'description' => t("User's {users}.uid."),`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`),`
			`'authname' => array(`
			`'type' => 'varchar',`
			`'length' => 128,`
			`'not null' => TRUE,`
			`'default' => '',`
			`'description' => t('Unique authentication name.'),`
			`),`
			`'module' => array(`
			`'type' => 'varchar',`
			`'length' => 128,`
			`'not null' => TRUE,`
			`'default' => '',`
			`'description' => t('Module which is controlling the authentication.'),`
			`),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`),`
- Patch #214271 by recidive: improved schema identation. 2008-03-15 12:31:29 +00:00			`'unique keys' => array(`
			`'authname' => array('authname'),`
			`),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`'primary key' => array('aid'),`
			`);`

- Patch #73874 by pwolanin: normalize the permissions table and wrote simpletests for the (new) permission handling. At last. 2008-05-07 19:34:24 +00:00			`$schema['role_permission'] = array(`
			`'description' => t('Stores the permissions assigned to user roles.'),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`'fields' => array(`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'rid' => array(`
			`'type' => 'int',`
			`'unsigned' => TRUE,`
			`'not null' => TRUE,`
- Patch #73874 by pwolanin: normalize the permissions table and wrote simpletests for the (new) permission handling. At last. 2008-05-07 19:34:24 +00:00			`'description' => t('Foreign Key: {role}.rid.'),`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`),`
- Patch #73874 by pwolanin: normalize the permissions table and wrote simpletests for the (new) permission handling. At last. 2008-05-07 19:34:24 +00:00			`'permission' => array(`
			`'type' => 'varchar',`
			`'length' => 64,`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'not null' => TRUE,`
- Patch #73874 by pwolanin: normalize the permissions table and wrote simpletests for the (new) permission handling. At last. 2008-05-07 19:34:24 +00:00			`'default' => '',`
			`'description' => t('A single permission granted to the role identified by rid.'),`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`),`
- Patch #73874 by pwolanin: normalize the permissions table and wrote simpletests for the (new) permission handling. At last. 2008-05-07 19:34:24 +00:00			`'primary key' => array('rid', 'permission'),`
- Patch #214271 by recidive: improved schema identation. 2008-03-15 12:31:29 +00:00			`'indexes' => array(`
- Patch #73874 by pwolanin: normalize the permissions table and wrote simpletests for the (new) permission handling. At last. 2008-05-07 19:34:24 +00:00			`'permission' => array('permission'),`
- Patch #214271 by recidive: improved schema identation. 2008-03-15 12:31:29 +00:00			`),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`);`

			`$schema['role'] = array(`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'description' => t('Stores user roles.'),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`'fields' => array(`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'rid' => array(`
			`'type' => 'serial',`
			`'unsigned' => TRUE,`
			`'not null' => TRUE,`
- Patch #73874 by pwolanin: normalize the permissions table and wrote simpletests for the (new) permission handling. At last. 2008-05-07 19:34:24 +00:00			`'description' => t('Primary Key: Unique role ID.'),`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`),`
			`'name' => array(`
			`'type' => 'varchar',`
			`'length' => 64,`
			`'not null' => TRUE,`
			`'default' => '',`
			`'description' => t('Unique role name.'),`
			`),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`),`
- Patch #214271 by recidive: improved schema identation. 2008-03-15 12:31:29 +00:00			`'unique keys' => array(`
			`'name' => array('name'),`
			`),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`'primary key' => array('rid'),`
			`);`

			`$schema['users'] = array(`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'description' => t('Stores user data.'),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`'fields' => array(`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'uid' => array(`
			`'type' => 'serial',`
			`'unsigned' => TRUE,`
			`'not null' => TRUE,`
			`'description' => t('Primary Key: Unique user ID.'),`
			`),`
			`'name' => array(`
			`'type' => 'varchar',`
			`'length' => 60,`
			`'not null' => TRUE,`
			`'default' => '',`
			`'description' => t('Unique user name.'),`
			`),`
			`'pass' => array(`
			`'type' => 'varchar',`
- Patch #29706 by pwolanin, solardiz, et al: more secure password hashing. This is a big and important patch for Drupal's security. We are switching to much stronger password hashes that are also compatible with the Portable PHP password hashing framework. The new password hashes defeat a number of attacks, including: - The ability to try candidate passwords against multiple hashes at once. - The ability to use pre-hashed lists of candidate passwords. - The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords. Also implemented a pluggable password hashing API (similar to how an alternate cache mechanism can be used) to allow developers to readily substitute an alternative hashing and authentication scheme. Thanks all! 2008-03-31 20:50:05 +00:00			`'length' => 128,`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'not null' => TRUE,`
			`'default' => '',`
- Patch #29706 by pwolanin, solardiz, et al: more secure password hashing. This is a big and important patch for Drupal's security. We are switching to much stronger password hashes that are also compatible with the Portable PHP password hashing framework. The new password hashes defeat a number of attacks, including: - The ability to try candidate passwords against multiple hashes at once. - The ability to use pre-hashed lists of candidate passwords. - The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords. Also implemented a pluggable password hashing API (similar to how an alternate cache mechanism can be used) to allow developers to readily substitute an alternative hashing and authentication scheme. Thanks all! 2008-03-31 20:50:05 +00:00			`'description' => t("User's password (hashed)."),`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`),`
			`'mail' => array(`
			`'type' => 'varchar',`
			`'length' => 64,`
			`'not null' => FALSE,`
			`'default' => '',`
			`'description' => t("User's email address."),`
			`),`
			`'theme' => array(`
			`'type' => 'varchar',`
			`'length' => 255,`
			`'not null' => TRUE,`
			`'default' => '',`
			`'description' => t("User's default theme."),`
			`),`
			`'signature' => array(`
			`'type' => 'varchar',`
			`'length' => 255,`
			`'not null' => TRUE,`
			`'default' => '',`
			`'description' => t("User's signature."),`
			`),`
			`'created' => array(`
			`'type' => 'int',`
			`'not null' => TRUE,`
			`'default' => 0,`
			`'description' => t('Timestamp for when user was created.'),`
			`),`
			`'access' => array(`
			`'type' => 'int',`
			`'not null' => TRUE,`
			`'default' => 0,`
			`'description' => t('Timestamp for previous time user accessed the site.'),`
			`),`
			`'login' => array(`
			`'type' => 'int',`
			`'not null' => TRUE,`
			`'default' => 0,`
			`'description' => t("Timestamp for user's last login."),`
			`),`
			`'status' => array(`
			`'type' => 'int',`
			`'not null' => TRUE,`
			`'default' => 0,`
			`'size' => 'tiny',`
			`'description' => t('Whether the user is active(1) or blocked(0).'),`
			`),`
			`'timezone' => array(`
			`'type' => 'varchar',`
			`'length' => 8,`
			`'not null' => FALSE,`
			`'description' => t("User's timezone."),`
			`),`
			`'language' => array(`
			`'type' => 'varchar',`
			`'length' => 12,`
			`'not null' => TRUE,`
			`'default' => '',`
			`'description' => t("User's default language."),`
			`),`
			`'picture' => array(`
			`'type' => 'varchar',`
			`'length' => 255,`
			`'not null' => TRUE,`
			`'default' => '',`
			`'description' => t("Path to the user's uploaded picture."),`
			`),`
			`'init' => array(`
			`'type' => 'varchar',`
			`'length' => 64,`
			`'not null' => FALSE,`
			`'default' => '',`
			`'description' => t('Email address used for initial account creation.'),`
			`),`
			`'data' => array(`
			`'type' => 'text',`
			`'not null' => FALSE,`
			`'size' => 'big',`
- Patch #181411 by Moshe: use schema API for saving and updating user records. 2008-02-18 16:53:37 +00:00			`'serialize' => TRUE,`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'description' => t('A serialized array of name value pairs that are related to the user. Any form values posted during user edit are stored and are loaded into the $user object during user_load(). Use of this field is discouraged and it will likely disappear in a future version of Drupal.'),`
			`),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`),`
			`'indexes' => array(`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'access' => array('access'),`
#164532 follow up by pwolanin, David Strauss, catch and myself, testing also by hswong3i: some indexes added before Drupal 6 RC1 were too unique, and our code did not back them, so we should not add those indexes 2008-01-08 07:46:41 +00:00			`'created' => array('created'),`
			`'mail' => array('mail'),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`),`
- Patch #164532 by catch, pwolanin, David Strauss, et al.: improve table indicies for common queries. 2007-12-18 12:59:22 +00:00			`'unique keys' => array(`
			`'name' => array('name'),`
			`),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`'primary key' => array('uid'),`
			`);`

			`$schema['users_roles'] = array(`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'description' => t('Maps users to roles.'),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`'fields' => array(`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`'uid' => array(`
			`'type' => 'int',`
			`'unsigned' => TRUE,`
			`'not null' => TRUE,`
			`'default' => 0,`
#187881 by mooffie: fix misnamed database table names in schema documentation 2007-11-04 14:33:07 +00:00			`'description' => t('Primary Key: {users}.uid for user.'),`
#164983 by multiple contributors: document the core database schemas 2007-10-10 11:39:35 +00:00			`),`
			`'rid' => array(`
			`'type' => 'int',`
			`'unsigned' => TRUE,`
			`'not null' => TRUE,`
			`'default' => 0,`
			`'description' => t('Primary Key: {role}.rid for role.'),`
			`),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`),`
			`'primary key' => array('uid', 'rid'),`
- Patch #164532 by catch, pwolanin, David Strauss, et al.: improve table indicies for common queries. 2007-12-18 12:59:22 +00:00			`'indexes' => array(`
			`'rid' => array('rid'),`
			`),`
- Added missing .install files. Forgot to commit those. 2007-10-05 16:07:22 +00:00			`);`

			`return $schema;`
			`}`

- Patch #29706 by pwolanin, solardiz, et al: more secure password hashing. This is a big and important patch for Drupal's security. We are switching to much stronger password hashes that are also compatible with the Portable PHP password hashing framework. The new password hashes defeat a number of attacks, including: - The ability to try candidate passwords against multiple hashes at once. - The ability to use pre-hashed lists of candidate passwords. - The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords. Also implemented a pluggable password hashing API (similar to how an alternate cache mechanism can be used) to allow developers to readily substitute an alternative hashing and authentication scheme. Thanks all! 2008-03-31 20:50:05 +00:00			`/**`
			`* @defgroup user-updates-6.x-to-7.x User updates from 6.x to 7.x`
			`* @{`
			`*/`

			`/**`
			`* Increase the length of the password field to accommodate better hashes.`
			`*`
			`* Also re-hashes all current passwords to improve security. This may be a`
			`* lengthy process, and is performed batch-wise.`
			`*/`
			`function user_update_7000(&$sandbox) {`
			`$ret = array('#finished' => 0);`
			`// Lower than DRUPAL_HASH_COUNT to make the update run at a reasonable speed.`
			`$hash_count_log2 = 11;`
			`// Multi-part update.`
			`if (!isset($sandbox['user_from'])) {`
			`db_change_field($ret, 'users', 'pass', 'pass', array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => ''));`
			`$sandbox['user_from'] = 0;`
			`$sandbox['user_count'] = db_result(db_query("SELECT COUNT(uid) FROM {users}"));`
			`}`
			`else {`
#259623 by dopry and Damien Tournoud: Convert includes/requires to use absolute paths. 2008-09-20 20:22:25 +00:00			`require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');`
- Patch #29706 by pwolanin, solardiz, et al: more secure password hashing. This is a big and important patch for Drupal's security. We are switching to much stronger password hashes that are also compatible with the Portable PHP password hashing framework. The new password hashes defeat a number of attacks, including: - The ability to try candidate passwords against multiple hashes at once. - The ability to use pre-hashed lists of candidate passwords. - The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords. Also implemented a pluggable password hashing API (similar to how an alternate cache mechanism can be used) to allow developers to readily substitute an alternative hashing and authentication scheme. Thanks all! 2008-03-31 20:50:05 +00:00			`// Hash again all current hashed passwords.`
			`$has_rows = FALSE;`
			`// Update this many per page load.`
			`$count = 1000;`
			`$result = db_query_range("SELECT uid, pass FROM {users} WHERE uid > 0 ORDER BY uid", $sandbox['user_from'], $count);`
			`while ($account = db_fetch_array($result)) {`
			`$has_rows = TRUE;`
			`$new_hash = user_hash_password($account['pass'], $hash_count_log2);`
			`if ($new_hash) {`
			`// Indicate an updated password.`
- Patch #245115 by kkaefer, John Morahan, JohnAlbin et al: after a long discussion we've decided to make the concatenation operator consistent with the other operators. 2008-04-14 17:48:46 +00:00			`$new_hash = 'U' . $new_hash;`
- Patch #29706 by pwolanin, solardiz, et al: more secure password hashing. This is a big and important patch for Drupal's security. We are switching to much stronger password hashes that are also compatible with the Portable PHP password hashing framework. The new password hashes defeat a number of attacks, including: - The ability to try candidate passwords against multiple hashes at once. - The ability to use pre-hashed lists of candidate passwords. - The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords. Also implemented a pluggable password hashing API (similar to how an alternate cache mechanism can be used) to allow developers to readily substitute an alternative hashing and authentication scheme. Thanks all! 2008-03-31 20:50:05 +00:00			`db_query("UPDATE {users} SET pass = '%s' WHERE uid = %d", $new_hash, $account['uid']);`
			`}`
			`}`
			`$ret['#finished'] = $sandbox['user_from']/$sandbox['user_count'];`
			`$sandbox['user_from'] += $count;`
			`if (!$has_rows) {`
			`$ret['#finished'] = 1;`
- Patch #245115 by kkaefer, John Morahan, JohnAlbin et al: after a long discussion we've decided to make the concatenation operator consistent with the other operators. 2008-04-14 17:48:46 +00:00			`$ret[] = array('success' => TRUE, 'query' => "UPDATE {users} SET pass = 'U' . user_hash_password(pass) WHERE uid > 0");`
- Patch #29706 by pwolanin, solardiz, et al: more secure password hashing. This is a big and important patch for Drupal's security. We are switching to much stronger password hashes that are also compatible with the Portable PHP password hashing framework. The new password hashes defeat a number of attacks, including: - The ability to try candidate passwords against multiple hashes at once. - The ability to use pre-hashed lists of candidate passwords. - The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords. Also implemented a pluggable password hashing API (similar to how an alternate cache mechanism can be used) to allow developers to readily substitute an alternative hashing and authentication scheme. Thanks all! 2008-03-31 20:50:05 +00:00			`}`
			`}`
			`return $ret;`
			`}`

- Patch #175841 by catch et al: remove comment controls for users. Yowza. 2008-04-16 11:26:29 +00:00			`/**`
			`* Remove the 'threshold', 'mode' and 'sort' columns from the {user} table.`
			`*`
			`* These fields were previously used to store per-user comment settings.`
			`*/`

			`function user_update_7001() {`
			`$ret = array();`
			`db_drop_field($ret, 'users', 'threshold');`
			`db_drop_field($ret, 'users', 'mode');`
			`db_drop_field($ret, 'users', 'sort');`

			`return $ret;`
			`}`

- Patch #29706 by pwolanin, solardiz, et al: more secure password hashing. This is a big and important patch for Drupal's security. We are switching to much stronger password hashes that are also compatible with the Portable PHP password hashing framework. The new password hashes defeat a number of attacks, including: - The ability to try candidate passwords against multiple hashes at once. - The ability to use pre-hashed lists of candidate passwords. - The ability to determine whether two users have the same (or different) password without actually having to guess one of the passwords. Also implemented a pluggable password hashing API (similar to how an alternate cache mechanism can be used) to allow developers to readily substitute an alternative hashing and authentication scheme. Thanks all! 2008-03-31 20:50:05 +00:00			`/**`
			`* @} End of "defgroup user-updates-6.x-to-7.x"`
			`* The next series of updates should start at 8000.`
			`*/`