From c52f05b3329c9c79ecbc3184bd65cdbe4644ebcd Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 28 Aug 2009 09:26:43 +0000 Subject: Fix Bug #49195 - Queries on un-indexed column user_email Added function to generate email-hash. Authorised by: AcydBurn git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10060 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_user.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index cb3306745e..11b134cd85 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -171,7 +171,7 @@ function user_add($user_row, $cp_data = false) 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', 'user_pass_convert' => 0, 'user_email' => strtolower($user_row['user_email']), - 'user_email_hash' => crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']), + 'user_email_hash' => phpbb_email_hash($user_row['user_email']), 'group_id' => $user_row['group_id'], 'user_type' => $user_row['user_type'], ); @@ -1727,7 +1727,7 @@ function validate_email($email, $allowed_email = false) { $sql = 'SELECT user_email_hash FROM ' . USERS_TABLE . " - WHERE user_email_hash = " . (crc32($email) . strlen($email)); + WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email)); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); -- cgit v1.2.1