mirror of
https://github.com/phpbb/phpbb.git
synced 2025-05-24 16:21:20 +02:00
get login working
git-svn-id: file:///svn/phpbb/trunk@9271 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
parent
eb690bf9f0
commit
0df7a9b3e3
@ -21,13 +21,13 @@ if (!defined('IN_PHPBB'))
|
||||
exit;
|
||||
}
|
||||
|
||||
class phpbb_auth_db /* extends phpbb_auth */
|
||||
{
|
||||
/**
|
||||
* Login function
|
||||
*/
|
||||
function login_db(&$username, &$password)
|
||||
function login(&$username, &$password)
|
||||
{
|
||||
global $db;
|
||||
|
||||
// do not allow empty password
|
||||
if (!$password)
|
||||
{
|
||||
@ -49,10 +49,10 @@ function login_db(&$username, &$password)
|
||||
|
||||
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
|
||||
FROM ' . USERS_TABLE . "
|
||||
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
|
||||
$result = $db->sql_query($sql);
|
||||
$row = $db->sql_fetchrow($result);
|
||||
$db->sql_freeresult($result);
|
||||
WHERE username_clean = '" . phpbb::$db->sql_escape(utf8_clean_string($username)) . "'";
|
||||
$result = phpbb::$db->sql_query($sql);
|
||||
$row = phpbb::$db->sql_fetchrow($result);
|
||||
phpbb::$db->sql_freeresult($result);
|
||||
|
||||
if (!$row)
|
||||
{
|
||||
@ -95,77 +95,20 @@ function login_db(&$username, &$password)
|
||||
}
|
||||
}
|
||||
|
||||
// @todo: safe to remove?
|
||||
// If the password convert flag is set we need to convert it
|
||||
/*if ($row['user_pass_convert'])
|
||||
{
|
||||
// in phpBB2 passwords were used exactly as they were sent, with addslashes applied
|
||||
$disabled = phpbb_request::super_globals_disabled();
|
||||
phpbb_request::enable_super_globals();
|
||||
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
|
||||
$password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format;
|
||||
$password_new_format = '';
|
||||
if ($disabled)
|
||||
{
|
||||
phpbb_request::disable_super_globals();
|
||||
}
|
||||
|
||||
set_var($password_new_format, stripslashes($password_old_format), 'string');
|
||||
|
||||
if ($password == $password_new_format)
|
||||
{
|
||||
if (!function_exists('utf8_to_cp1252'))
|
||||
{
|
||||
include(PHPBB_ROOT_PATH . 'includes/utf/data/recode_basic.' . PHP_EXT);
|
||||
}
|
||||
|
||||
// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
|
||||
if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])
|
||||
{
|
||||
$hash = phpbb_hash($password_new_format);
|
||||
|
||||
// Update the password in the users table to the new format and remove user_pass_convert flag
|
||||
$sql = 'UPDATE ' . USERS_TABLE . '
|
||||
SET user_password = \'' . $db->sql_escape($hash) . '\',
|
||||
user_pass_convert = 0
|
||||
WHERE user_id = ' . $row['user_id'];
|
||||
$db->sql_query($sql);
|
||||
|
||||
$row['user_pass_convert'] = 0;
|
||||
$row['user_password'] = $hash;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Although we weren't able to convert this password we have to
|
||||
// increase login attempt count to make sure this cannot be exploited
|
||||
$sql = 'UPDATE ' . USERS_TABLE . '
|
||||
SET user_login_attempts = user_login_attempts + 1
|
||||
WHERE user_id = ' . $row['user_id'];
|
||||
$db->sql_query($sql);
|
||||
|
||||
return array(
|
||||
'status' => LOGIN_ERROR_PASSWORD_CONVERT,
|
||||
'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT',
|
||||
'user_row' => $row,
|
||||
);
|
||||
}
|
||||
}
|
||||
}*/
|
||||
|
||||
// Check password ...
|
||||
if (!$row['user_pass_convert'] && phpbb_check_hash($password, $row['user_password']))
|
||||
if (!$row['user_pass_convert'] && phpbb::$security->check_password($password, $row['user_password']))
|
||||
{
|
||||
// Check for old password hash...
|
||||
if (strlen($row['user_password']) == 32)
|
||||
{
|
||||
$hash = phpbb_hash($password);
|
||||
$hash = phpbb::$security->hash_password($password);
|
||||
|
||||
// Update the password in the users table to the new format
|
||||
$sql = 'UPDATE ' . USERS_TABLE . "
|
||||
SET user_password = '" . $db->sql_escape($hash) . "',
|
||||
SET user_password = '" . phpbb::$db->sql_escape($hash) . "',
|
||||
user_pass_convert = 0
|
||||
WHERE user_id = {$row['user_id']}";
|
||||
$db->sql_query($sql);
|
||||
phpbb::$db->sql_query($sql);
|
||||
|
||||
$row['user_password'] = $hash;
|
||||
}
|
||||
@ -176,7 +119,7 @@ function login_db(&$username, &$password)
|
||||
$sql = 'UPDATE ' . USERS_TABLE . '
|
||||
SET user_login_attempts = 0
|
||||
WHERE user_id = ' . $row['user_id'];
|
||||
$db->sql_query($sql);
|
||||
phpbb::$db->sql_query($sql);
|
||||
}
|
||||
|
||||
// User inactive...
|
||||
@ -201,7 +144,7 @@ function login_db(&$username, &$password)
|
||||
$sql = 'UPDATE ' . USERS_TABLE . '
|
||||
SET user_login_attempts = user_login_attempts + 1
|
||||
WHERE user_id = ' . $row['user_id'];
|
||||
$db->sql_query($sql);
|
||||
phpbb::$db->sql_query($sql);
|
||||
|
||||
// Give status about wrong password...
|
||||
return array(
|
||||
@ -210,5 +153,6 @@ function login_db(&$username, &$password)
|
||||
'user_row' => $row,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
Loading…
x
Reference in New Issue
Block a user