diff --git a/phpBB/phpbb/auth/provider/db.php b/phpBB/phpbb/auth/provider/db.php index 722eeffa9a..ba67c11e75 100644 --- a/phpBB/phpbb/auth/provider/db.php +++ b/phpBB/phpbb/auth/provider/db.php @@ -87,7 +87,7 @@ class db extends \phpbb\auth\provider\base $username_clean = utf8_clean_string($username); - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts + $sql = 'SELECT * FROM ' . USERS_TABLE . " WHERE username_clean = '" . $this->db->sql_escape($username_clean) . "'"; $result = $this->db->sql_query($sql); @@ -123,7 +123,7 @@ class db extends \phpbb\auth\provider\base 'username_clean' => $username_clean, ); $sql = 'INSERT INTO ' . LOGIN_ATTEMPT_TABLE . $this->db->sql_build_array('INSERT', $attempt_data); - $result = $this->db->sql_query($sql); + $this->db->sql_query($sql); } else { @@ -175,7 +175,7 @@ class db extends \phpbb\auth\provider\base } // Check password ... - if ($this->passwords_manager->check($password, $row['user_password'])) + if ($this->passwords_manager->check($password, $row['user_password'], $row)) { // Check for old password hash... if ($this->passwords_manager->convert_flag || strlen($row['user_password']) == 32) diff --git a/tests/auth/provider_db_test.php b/tests/auth/provider_db_test.php index e33eae6b54..09ca0816bf 100644 --- a/tests/auth/provider_db_test.php +++ b/tests/auth/provider_db_test.php @@ -78,7 +78,14 @@ class phpbb_auth_provider_db_test extends phpbb_database_test_case ), ); - $this->assertEquals($expected, $provider->login('foobar', 'example')); + $login_return = $provider->login('foobar', 'example'); + $this->assertEquals($expected['status'], $login_return['status']); + $this->assertEquals($expected['error_msg'], $login_return['error_msg']); + + foreach ($expected['user_row'] as $key => $value) + { + $this->assertEquals($value, $login_return['user_row'][$key]); + } // Check if convert works $login_return = $provider->login('foobar2', 'example');