mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-11 19:24:01 +02:00
Code Issues Releases Wiki Activity

- introducing clean usernames, needs to be tested more, I'm not sure I didn't miss anything

Browse Source 
- homograph list should probably be extended


git-svn-id: file:///svn/phpbb/trunk@6494 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Nils Adermann
2006-10-13 22:10:18 +00:00
parent 23d25ddcd1
commit c65048bd91
23 changed files with 81 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
phpBB/includes/auth/auth_apache.php
View File

@@ -141,7 +141,7 @@ function autologin_apache()
$sql = 'SELECT *
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($php_auth_user) . "'";
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@@ -178,7 +178,7 @@ function user_row_apache($username, $password)
// generate user account data
return array(
'username' => $username,
'user_password' => $password,
'user_password' => md5($password),
'user_email' => '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,

2
phpBB/includes/auth/auth_db.php
View File

@@ -22,7 +22,7 @@ function login_db(&$username, &$password)
$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($username) . "'";
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

4
phpBB/includes/auth/auth_ldap.php
View File

@@ -114,7 +114,7 @@ function login_ldap(&$username, &$password)
$sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type
FROM ' . USERS_TABLE . "
WHERE username = '" . $db->sql_escape($username) . "'";
WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@@ -159,7 +159,7 @@ function login_ldap(&$username, &$password)
// generate user account data
$ldap_user_row = array(
'username' => $username,
'user_password' => $password,
'user_password' => md5($password),
'user_email' => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '',
'group_id' => (int) $row['group_id'],
'user_type' => USER_NORMAL,