36 lines
906 B
PHP
36 lines
906 B
PHP
<?php
|
|
|
|
/**
|
|
* Jednorázová migrace: zašifruje existující TOTP secrets v DB.
|
|
*
|
|
* Spuštění: php sql/migrate_encrypt_totp_secrets.php
|
|
* Vyžaduje TOTP_ENCRYPTION_KEY v .env
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
require_once __DIR__ . '/../api/config.php';
|
|
require_once __DIR__ . '/../api/includes/Encryption.php';
|
|
|
|
$pdo = db();
|
|
|
|
$stmt = $pdo->query('SELECT id, totp_secret FROM users WHERE totp_secret IS NOT NULL');
|
|
$users = $stmt->fetchAll();
|
|
|
|
$migrated = 0;
|
|
$skipped = 0;
|
|
|
|
foreach ($users as $user) {
|
|
if (Encryption::isEncrypted($user['totp_secret'])) {
|
|
$skipped++;
|
|
continue;
|
|
}
|
|
|
|
$encrypted = Encryption::encrypt($user['totp_secret']);
|
|
$update = $pdo->prepare('UPDATE users SET totp_secret = ? WHERE id = ?');
|
|
$update->execute([$encrypted, $user['id']]);
|
|
$migrated++;
|
|
}
|
|
|
|
echo "Migrace dokoncena: {$migrated} zasifrovano, {$skipped} preskoceno (jiz sifrovane).\n";
|