mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

[feature/passwords] Use passwords manager service instead of functions

Browse Source 
The old functions phpbb_hash() and phpbb_check_hash() have been replaced with
the passwords manager service in all front-end related files. The phpBB2
converter and the release_3_0_5_rc1 migration file have not been changed.
The same applies to the security/hash_test that still tests the function
phpbb_check_hash(). This will however make sure that the old function
still works.

PHPBB3-11610
This commit is contained in:
Marc Alexander
2013-10-13 16:32:37 +02:00
parent e674313559
commit 61f60d395a
5 changed files with 26 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
phpBB/includes/acp/acp_forums.php
View File

@@ -926,7 +926,7 @@ class acp_forums
*/
function update_forum_data(&$forum_data)
{
global $db, $user, $cache, $phpbb_root_path, $phpbb_dispatcher;
global $db, $user, $cache, $phpbb_root_path, $phpbb_container, $phpbb_dispatcher;
$errors = array();
@@ -1030,7 +1030,10 @@ class acp_forums
}
else
{
$forum_data_sql['forum_password'] = phpbb_hash($forum_data_sql['forum_password']);
// Instantiate passwords manager
$passwords_manager = $phpbb_container->get('passwords.manager');
$forum_data_sql['forum_password'] = $passwords_manager->hash($forum_data_sql['forum_password']);
}
unset($forum_data_sql['forum_password_unset']);

7
phpBB/includes/acp/acp_users.php
View File

@@ -821,9 +821,12 @@ class acp_users
$error[] = 'FORM_INVALID';
}
// Instantiate passwords manager
$passwords_manager = $phpbb_container->get('passwords.manager');
// Which updates do we need to do?
$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
$update_password = ($data['new_password'] && !phpbb_check_hash($data['new_password'], $user_row['user_password'])) ? true : false;
$update_password = ($data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password'])) ? true : false;
$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
if (!sizeof($error))
@@ -907,7 +910,7 @@ class acp_users
if ($update_password)
{
$sql_ary += array(
'user_password' => phpbb_hash($data['new_password']),
'user_password' => $passwords_manager->hash($data['new_password']),
'user_passchg' => time(),
'user_pass_convert' => 0,
);