'hidden', '#default_value' => variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT)]; $form['encryption'] = ['#type' => 'fieldset', '#title' => t('Encryption')]; $form['encryption']['ldap_servers_encryption'] = [ '#type' => 'select', '#options' => $options, '#title' => t('Obfuscate LDAP Passwords?'), '#default_value' => variable_get('ldap_servers_encryption', LDAP_SERVERS_ENC_TYPE_CLEARTEXT), '#description' => t('With obfuscation enabled, passwords will be stored in encrypted form and decrypted with the site hash.'), ]; // Disable the form field and explain this to the user. if (count($options) == 1) { $form['encryption']['ldap_servers_encryption']['#disabled'] = TRUE; $form['encryption']['ldap_servers_encryption']['#description'] = ' ' . t('Obfuscation is not supported on this web server.') . ''; } $form = system_settings_form($form); // Needs to be first. array_unshift($form['#submit'], 'ldap_servers_settings_submit'); return $form; } /** * */ function ldap_servers_settings_submit($form, &$form_state) { if ($form_state['submitted']) { $new_encyption = $form_state['values']['ldap_servers_encryption']; $old_encyption = $form_state['values']['previous_encryption']; // Use db instead of functions to avoid classes encryption and decryption. if ($new_encyption != $old_encyption) { $servers = db_query("SELECT sid, bindpw FROM {ldap_servers} WHERE bindpw is not NULL AND bindpw <> ''")->fetchAllAssoc('sid'); foreach ($servers as $sid => $server) { if ($server->bindpw != '') { $decrypted_bind_pwd = ldap_servers_decrypt($server->bindpw, $old_encyption); $rencrypted = ldap_servers_encrypt($decrypted_bind_pwd, $new_encyption); } else { $rencrypted = ''; } db_query("UPDATE {ldap_servers} SET bindpw = :bindpw WHERE sid = :sid", [':bindpw' => $rencrypted, ':sid' => $sid]); } } } }