mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-16 21:54:00 +02:00
Code Issues Releases Wiki Activity

message

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@6655 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Nils Adermann
2006-11-25 20:00:56 +00:00
parent 38b8dc2841
commit 870a3a1d8a
12 changed files with 99 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
phpBB/includes/auth/auth_db.php
View File

@@ -20,7 +20,7 @@ function login_db(&$username, &$password)
{
global $db, $config;
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts
$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
@@ -95,8 +95,32 @@ function login_db(&$username, &$password)
}
}
// Password correct...
if (md5($password) == $row['user_password'])
// If the password convert flag is set we need to convert it
if ($row['user_pass_convert'])
{
// in phpBB2 passwords were used exactly as they were sent
$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
$password_old_format = (STRIP) ? stripslashes($password_old_format) : $password_old_format;
$password_new_format = '';
set_var($password_new_format, $password_old_format, 'string');
if ($password == $password_new_format && md5($password_old_format) == $row['user_password'])
{
// Update the password in the users table to the new format and remove user_pass_convert flag
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_password = \'' . $db->sql_escape(md5($password_new_format)) . '\',
user_pass_convert = 0
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
$row['user_pass_convert'] = 0;
$row['user_password'] = md5($password_new_format);
}
}
// Check password ...
if (!$row['user_pass_convert'] && md5($password) == $row['user_password'])
{
// Successful, reset login attempts (the user passed all stages)
$sql = 'UPDATE ' . USERS_TABLE . '

1
phpBB/includes/db/dbal.php
View File

@@ -332,7 +332,6 @@ class dbal
case 'mysql':
case 'mysql4':
case 'mysqli':
case 'sqlite':
$this->sql_query('INSERT INTO ' . $table . ' ' . $this->sql_build_array('MULTI_INSERT', $sql_ary));
break;

1
phpBB/includes/functions_user.php
View File

@@ -142,6 +142,7 @@ function user_add($user_row, $cp_data = false)
'username' => $user_row['username'],
'username_clean' => utf8_clean_string($user_row['username']),
'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
'user_pass_convert' => 0,
'user_email' => strtolower($user_row['user_email']),
'user_email_hash' => (int) crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']),
'group_id' => $user_row['group_id'],