diff options
| author | Nils Adermann <naderman@naderman.de> | 2006-10-13 22:10:18 +0000 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2006-10-13 22:10:18 +0000 |
| commit | c65048bd9132175e9ba780457fdf00438932c5fe (patch) | |
| tree | f664b7b45b4fcd0bea7b1e41e03c03c683e03d6e /phpBB/includes/auth | |
| parent | 23d25ddcd169578b8fdf9ddbb35b5041ffbfd7ac (diff) | |
| download | forums-c65048bd9132175e9ba780457fdf00438932c5fe.tar forums-c65048bd9132175e9ba780457fdf00438932c5fe.tar.gz forums-c65048bd9132175e9ba780457fdf00438932c5fe.tar.bz2 forums-c65048bd9132175e9ba780457fdf00438932c5fe.tar.xz forums-c65048bd9132175e9ba780457fdf00438932c5fe.zip | |
- introducing clean usernames, needs to be tested more, I'm not sure I didn't miss anything
- homograph list should probably be extended
git-svn-id: file:///svn/phpbb/trunk@6494 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/auth')
| -rw-r--r-- | phpBB/includes/auth/auth_apache.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_ldap.php | 4 |
3 files changed, 5 insertions, 5 deletions
diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index 3ee0f1347f..35c266932c 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -141,7 +141,7 @@ function autologin_apache() $sql = 'SELECT * FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -178,7 +178,7 @@ function user_row_apache($username, $password) // generate user account data return array( 'username' => $username, - 'user_password' => $password, + 'user_password' => md5($password), 'user_email' => '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 9477fd92c3..618ad0a387 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -22,7 +22,7 @@ function login_db(&$username, &$password) $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($username) . "'"; + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 889f6d8661..b1ee7491b0 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -114,7 +114,7 @@ function login_ldap(&$username, &$password) $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($username) . "'"; + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -159,7 +159,7 @@ function login_ldap(&$username, &$password) // generate user account data $ldap_user_row = array( 'username' => $username, - 'user_password' => $password, + 'user_password' => md5($password), 'user_email' => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, |