mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-14 04:30:29 +01:00
Code Issues Releases Wiki Activity

[ticket/16167] Remove uses of user_email_hash

Browse Source 
PHPBB3-16167
This commit is contained in:
Marc Alexander 2019-11-18 21:06:00 +01:00
parent aed7e369c3
commit 9872316cac
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
14 changed files with 5 additions and 232 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
phpBB/config/default/container/services_console.yml
View File

@ -158,14 +158,6 @@ services:
tags:
- { name: console.command }
console.command.fixup.recalculate_email_hash:
class: phpbb\console\command\fixup\recalculate_email_hash
arguments:
- '@user'
- '@dbal.conn'
tags:
- { name: console.command }
console.command.fixup.update_hashes:
class: phpbb\console\command\fixup\update_hashes
arguments:

74
phpBB/develop/calc_email_hash.php
View File

@ -1,74 +0,0 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
//
// Security message:
//
// This script is potentially dangerous.
// Remove or comment the next line (die(".... ) to enable this script.
// Do NOT FORGET to either remove this script or disable it after you have used it.
//
die("Please read the first lines of this script for instructions on how to enable it");
@set_time_limit(300);
$db = $dbhost = $dbuser = $dbpasswd = $dbport = $dbname = '';
define('IN_PHPBB', 1);
define('ANONYMOUS', 1);
$phpEx = substr(strrchr(__FILE__, '.'), 1);
$phpbb_root_path='./../';
include($phpbb_root_path . 'config.'.$phpEx);
require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx);
require($phpbb_root_path . 'includes/db/' . $dbms . '.'.$phpEx);
include($phpbb_root_path . 'includes/functions.'.$phpEx);
$cache = new acm();
$db = new sql_db();
// Connect to DB
$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false);
$start = 0;
do
{
// Batch query for group members, call group_user_del
$sql = "SELECT user_id, user_email
FROM {$table_prefix}users
LIMIT $start, 100";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
{
do
{
$sql = "UPDATE {$table_prefix}users
SET user_email_hash = " . (crc32(strtolower($row['user_email'])) . strlen($row['user_email'])) . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
$start++;
}
while ($row = $db->sql_fetchrow($result));
echo "<br />Batch -> $start\n";
flush();
}
else
{
$start = 0;
}
$db->sql_freeresult($result);
}
while ($start);
echo "<p><b>Done</b></p>\n";

56
phpBB/develop/update_email_hash.php
View File

@ -1,56 +0,0 @@
<?php
/**
* Corrects user_email_hash values if DB moved from 32-bit system to 64-bit system or vice versa.
* The CRC32 function in PHP generates different results for both systems.
* @PHP dev team: no, a hexdec() applied to it does not solve the issue. And please document it.
*
*/
die("Please read the first lines of this script for instructions on how to enable it");
set_time_limit(0);
define('IN_PHPBB', true);
$phpbb_root_path = './../';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();
$start = $request->variable('start', 0);
$num_items = 1000;
echo '<br />Updating user email hashes' . "\n";
$sql = 'SELECT user_id, user_email
FROM ' . USERS_TABLE . '
ORDER BY user_id ASC';
$result = $db->sql_query($sql);
$echos = 0;
while ($row = $db->sql_fetchrow($result))
{
$echos++;
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_email_hash = '" . $db->sql_escape(phpbb_email_hash($row['user_email'])) . "'
WHERE user_id = " . (int) $row['user_id'];
$db->sql_query($sql);
if ($echos == 200)
{
echo '<br />';
$echos = 0;
}
echo '.';
flush();
}
$db->sql_freeresult($result);
echo 'FINISHED';
// Done
$db->sql_close();

5
phpBB/includes/acp/acp_users.php
View File

@ -966,10 +966,7 @@ class acp_users
if ($update_email !== false)
{
$sql_ary += array(
'user_email' => $update_email,
'user_email_hash' => phpbb_email_hash($update_email),
);
$sql_ary += ['user_email' => $update_email];
$phpbb_log->add('user', $user->data['user_id'], $user->ip, 'LOG_USER_UPDATE_EMAIL', false, array(
'reportee_id' => $user_id,

5
phpBB/includes/functions_user.php
View File

@ -204,7 +204,6 @@ function user_add($user_row, $cp_data = false, $notifications_data = null)
'username_clean' => $username_clean,
'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
'user_email' => strtolower($user_row['user_email']),
'user_email_hash' => phpbb_email_hash($user_row['user_email']),
'group_id' => $user_row['group_id'],
'user_type' => $user_row['user_type'],
);
@ -1948,9 +1947,9 @@ function validate_user_email($email, $allowed_email = false)
if (!$config['allow_emailreuse'])
{
$sql = 'SELECT user_email_hash
$sql = 'SELECT user_email
FROM ' . USERS_TABLE . "
WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
WHERE user_email = '" . $db->sql_escape($email) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

1
phpBB/includes/ucp/ucp_profile.php
View File

@ -131,7 +131,6 @@ class ucp_profile
'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'],
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
);

2
phpBB/includes/ucp/ucp_resend.php
View File

@ -47,7 +47,7 @@ class ucp_resend
$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
FROM ' . USERS_TABLE . "
WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'
WHERE user_email = '" . $db->sql_escape($email) . "'
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);

1
phpBB/install/convertors/convert_phpbb20.php
View File

@ -899,7 +899,6 @@ if (!$get_info)
array('user_password', 'users.user_password', 'phpbb_convert_password_hash'),
array('user_posts', 'users.user_posts', 'intval'),
array('user_email', 'users.user_email', 'strtolower'),
array('user_email_hash', 'users.user_email', 'gen_email_hash'),
array('user_birthday', ((defined('MOD_BIRTHDAY')) ? 'users.user_birthday' : ''), 'phpbb_get_birthday'),
array('user_lastvisit', 'users.user_lastvisit', 'intval'),
array('user_lastmark', 'users.user_lastvisit', 'intval'),

3
phpBB/language/en/cli.php
View File

@ -78,8 +78,6 @@ $lang = array_merge($lang, array(
'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_RANGE_SIZE' => 'Approximate number of records to process at a time',
'CLI_DESCRIPTION_REPARSER_REPARSE_OPT_RESUME' => 'Start reparsing where the last execution stopped',
'CLI_DESCRIPTION_RECALCULATE_EMAIL_HASH' => 'Recalculates the user_email_hash column of the users table.',
'CLI_DESCRIPTION_SET_ATOMIC_CONFIG' => 'Sets a configuration options value only if the old matches the current value',
'CLI_DESCRIPTION_SET_CONFIG' => 'Sets a configuration options value',
@ -130,7 +128,6 @@ $lang = array_merge($lang, array(
'CLI_EXTENSIONS_ENABLED' => 'Enabled',
'CLI_FIXUP_FIX_LEFT_RIGHT_IDS_SUCCESS' => 'Successfully repaired the tree structure of the forums and modules.',
'CLI_FIXUP_RECALCULATE_EMAIL_HASH_SUCCESS' => 'Successfully recalculated all email hashes.',
'CLI_FIXUP_UPDATE_HASH_BCRYPT_SUCCESS' => 'Successfully updated outdated password hashes to bcrypt.',
'CLI_MIGRATION_NAME' => 'Migration name, including the namespace (use forward slashes instead of backslashes to avoid problems).',

76
phpBB/phpbb/console/command/fixup/recalculate_email_hash.php
View File

@ -1,76 +0,0 @@
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\console\command\fixup;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
class recalculate_email_hash extends \phpbb\console\command\command
{
/** @var \phpbb\db\driver\driver_interface */
protected $db;
public function __construct(\phpbb\user $user, \phpbb\db\driver\driver_interface $db)
{
$this->db = $db;
parent::__construct($user);
}
protected function configure()
{
$this
->setName('fixup:recalculate-email-hash')
->setDescription($this->user->lang('CLI_DESCRIPTION_RECALCULATE_EMAIL_HASH'))
;
}
protected function execute(InputInterface $input, OutputInterface $output)
{
$io = new SymfonyStyle($input, $output);
$sql = 'SELECT user_id, user_email, user_email_hash
FROM ' . USERS_TABLE . '
WHERE user_type <> ' . USER_IGNORE . "
AND user_email <> ''";
$result = $this->db->sql_query($sql);
while ($row = $this->db->sql_fetchrow($result))
{
$user_email_hash = phpbb_email_hash($row['user_email']);
if ($user_email_hash !== $row['user_email_hash'])
{
$sql_ary = array(
'user_email_hash' => $user_email_hash,
);
$sql = 'UPDATE ' . USERS_TABLE . '
SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id = ' . (int) $row['user_id'];
$this->db->sql_query($sql);
if ($output->getVerbosity() >= OutputInterface::VERBOSITY_DEBUG)
{
$io->table(
array('user_id', 'user_email', 'user_email_hash'),
array(array($row['user_id'], $row['user_email'], $user_email_hash))
);
}
}
}
$this->db->sql_freeresult($result);
$io->success($this->user->lang('CLI_FIXUP_RECALCULATE_EMAIL_HASH_SUCCESS'));
}
}

1
phpBB/phpbb/install/module/install_database/task/add_config_settings.php
View File

@ -245,7 +245,6 @@ class add_config_settings extends \phpbb\install\task_base
user_lang = '" . $this->db->sql_escape($this->install_config->get('user_language', 'en')) . "',
user_email='" . $this->db->sql_escape($this->install_config->get('board_email')) . "',
user_dateformat='" . $this->db->sql_escape($this->language->lang('default_dateformat')) . "',
user_email_hash = " . $this->db->sql_escape(phpbb_email_hash($this->install_config->get('board_email'))) . ",
username_clean = '" . $this->db->sql_escape(utf8_clean_string($this->install_config->get('admin_name'))) . "'
WHERE username = 'Admin'",

2
phpBB/phpbb/ucp/controller/reset_password.php
View File

@ -173,7 +173,7 @@ class reset_password
'SELECT' => 'user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type,'
. ' user_lang, user_inactive_reason, reset_token, reset_token_expiration',
'FROM' => [$this->users_table => 'u'],
'WHERE' => "user_email_hash = '" . $this->db->sql_escape(phpbb_email_hash($email)) . "'" .
'WHERE' => "user_email = '" . $this->db->sql_escape($email) . "'" .
(!empty($username) ? " AND username_clean = '" . $this->db->sql_escape(utf8_clean_string($username)) . "'" : ''),
];

1
tests/auth/provider_apache_test.php
View File

@ -121,7 +121,6 @@ class phpbb_auth_provider_apache_test extends phpbb_database_test_case
'user_password' => '$2y$10$4RmpyVu2y8Yf/lP3.yQBquKvE54TCUuEDEBJYY6FDDFN3LcbCGz9i',
'user_passchg' => '0',
'user_email' => 'example@example.com',
'user_email_hash' => '0',
'user_birthday' => '',
'user_lastvisit' => '0',
'user_lastmark' => '0',

2
tests/functions/fixtures/validate_email.xml
View File

@ -30,14 +30,12 @@
<column>username_clean</column>
<column>user_permissions</column>
<column>user_sig</column>
<column>user_email_hash</column>
<row>
<value>1</value>
<value>admin</value>
<value>admin</value>
<value></value>
<value></value>
<value>143317126117</value>
</row>
</table>
</dataset>