I have a server running a lot of Drupal sites. Some of them are older and run on Drupal 5, and some are newer and running Drupal 6. We are also starting to implement Drupal 7.
Our organization uses one standard password to administer the website, which we distribute only to our employees for the maintenance of these websites. This may or may not be the best security practice, but that is how we do things at this time. Assume that this does not change.
The problem is that when we have employee turnover, we must change this password and apply the changes for each site that we launch to make sure that the employee cannot destroy our customers sites. This is more important for shooting, but we also do it for retirement as best practice.
In the past, I ran a basic PHP script that used mysql_list_dbs on our database server to iterate over each database and change the pass field of the users table, where name = admin. BASIC:
while ($row = mysql_fetch_object(mysql_list_dbs($sql_connection))) { mysql_query("UPDATE users SET pass=MD5('$newpassword') WHERE name='admin'", $row->Database); }
This worked fine, but it has two problems:
- These are hacks, and I hate hacking stuff. I would rather do something that uses the โofficial wayโ to do things.
- Drupal 7 uses a different hashing system than D5 and D6, so this will not work for Drupal 7 sites. Now I must first check that the existing pass value matches the hash of the old password before updating so that I don't accidentally break the Drupal 7 site. By the time I have not figured out how to implement this for Drupal 7 sites.
So I'm looking for an alternative solution. I really think that I need to use a bash script that either iterates through the virtual hosts from httpd.conf, or uses find or something else one way or another, cd to each site installation directory inside the "sites" folder of the installation platform itself (we have a rather dirty setting *) and drush upwd admin --password = $ newpassword starts
This will be completely platform independent and will allow Drupal to determine what happens when the password is changed.
I understand that Aegir may actually be a good solution for this, but we are not ready to implement Aegir yet, and I am looking for a faster and messier intermediate solution. I appreciate any input you may have.
* Just a sample of our messy setup:
/www /cliena /drupal-5.x /sites /clienta.com <-- contains settings.php for Client A /clientb /drupal-5.x <-- contains old code base for Drupal 5 site that been migrated I shoudld probably have my drush/bash script ignore these sections.... /drupal-6.x <-- contains code base for current Drupal 6 site /sites /clientb.com <-- contains settings.php for Client B /clientc /drupal-6.x /sites /default <-- contains settings.php for clientc.com /sub1.clientc.com <-- contains settings.php for sub1.clientc.com /sub2.clientc.com <-- contains settings.php for sub2.clientc.com /sub3.clientc.com <-- contains settings.php for sub3.clientc.com /client_sites /drupal-5.x /sites /clientd.com <-- contains settings.php for clientd.com /cliente.com <-- contains settings.php for cliente.com /clientf.com <-- contains settings.php for clientf.com
... etc .... you get the picture. Migration to Aegir is fine, but it will take some time to clear it.