diff options
| author | Nils Adermann <naderman@naderman.de> | 2006-11-25 20:00:56 +0000 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2006-11-25 20:00:56 +0000 |
| commit | 870a3a1d8acc5f3b1632db3210ef499c0a01a4eb (patch) | |
| tree | a25e41c4576b271f484a567483017b3b0d215754 /phpBB/includes/auth/auth_db.php | |
| parent | 38b8dc284104715f939704f994eda1aad2a11b4f (diff) | |
| download | forums-870a3a1d8acc5f3b1632db3210ef499c0a01a4eb.tar forums-870a3a1d8acc5f3b1632db3210ef499c0a01a4eb.tar.gz forums-870a3a1d8acc5f3b1632db3210ef499c0a01a4eb.tar.bz2 forums-870a3a1d8acc5f3b1632db3210ef499c0a01a4eb.tar.xz forums-870a3a1d8acc5f3b1632db3210ef499c0a01a4eb.zip | |
message
git-svn-id: file:///svn/phpbb/trunk@6655 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/auth/auth_db.php')
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 618ad0a387..3be896cfd6 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -20,7 +20,7 @@ function login_db(&$username, &$password) { global $db, $config; - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts + $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); @@ -95,8 +95,32 @@ function login_db(&$username, &$password) } } - // Password correct... - if (md5($password) == $row['user_password']) + // If the password convert flag is set we need to convert it + if ($row['user_pass_convert']) + { + // in phpBB2 passwords were used exactly as they were sent + $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; + $password_old_format = (STRIP) ? stripslashes($password_old_format) : $password_old_format; + $password_new_format = ''; + + set_var($password_new_format, $password_old_format, 'string'); + + if ($password == $password_new_format && md5($password_old_format) == $row['user_password']) + { + // Update the password in the users table to the new format and remove user_pass_convert flag + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_password = \'' . $db->sql_escape(md5($password_new_format)) . '\', + user_pass_convert = 0 + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + + $row['user_pass_convert'] = 0; + $row['user_password'] = md5($password_new_format); + } + } + + // Check password ... + if (!$row['user_pass_convert'] && md5($password) == $row['user_password']) { // Successful, reset login attempts (the user passed all stages) $sql = 'UPDATE ' . USERS_TABLE . ' |