diff options
| author | Nils Adermann <naderman@naderman.de> | 2006-10-13 22:10:18 +0000 |
|---|---|---|
| committer | Nils Adermann <naderman@naderman.de> | 2006-10-13 22:10:18 +0000 |
| commit | c65048bd9132175e9ba780457fdf00438932c5fe (patch) | |
| tree | f664b7b45b4fcd0bea7b1e41e03c03c683e03d6e /phpBB | |
| parent | 23d25ddcd169578b8fdf9ddbb35b5041ffbfd7ac (diff) | |
| download | forums-c65048bd9132175e9ba780457fdf00438932c5fe.tar forums-c65048bd9132175e9ba780457fdf00438932c5fe.tar.gz forums-c65048bd9132175e9ba780457fdf00438932c5fe.tar.bz2 forums-c65048bd9132175e9ba780457fdf00438932c5fe.tar.xz forums-c65048bd9132175e9ba780457fdf00438932c5fe.zip | |
- introducing clean usernames, needs to be tested more, I'm not sure I didn't miss anything
- homograph list should probably be extended
git-svn-id: file:///svn/phpbb/trunk@6494 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
23 files changed, 81 insertions, 37 deletions
diff --git a/phpBB/develop/create_schema_files.php b/phpBB/develop/create_schema_files.php index 7e5232a445..f4a4f80e60 100644 --- a/phpBB/develop/create_schema_files.php +++ b/phpBB/develop/create_schema_files.php @@ -1830,6 +1830,7 @@ function get_schema_struct() 'user_ip' => array('VCHAR:40', ''), 'user_regdate' => array('TIMESTAMP', 0), 'username' => array('VCHAR_CI', ''), + 'username_clean' => array('VCHAR_CI', ''), 'user_password' => array('VCHAR_UNI:40', ''), 'user_passchg' => array('TIMESTAMP', 0), 'user_email' => array('VCHAR_UNI:100', ''), @@ -1898,7 +1899,7 @@ function get_schema_struct() 'user_birthday' => array('INDEX', 'user_birthday'), 'user_email_hash' => array('INDEX', 'user_email_hash'), 'user_type' => array('INDEX', 'user_type'), - 'username' => array('INDEX', 'username'), + 'username_clean' => array('INDEX', 'username_clean'), ), ); diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index c5a3843063..8ff18bd4ec 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -714,7 +714,7 @@ class auth $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " - WHERE LOWER(username) = '" . $db->sql_escape(utf8_strtolower($username)) . "'"; + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/auth/auth_apache.php b/phpBB/includes/auth/auth_apache.php index 3ee0f1347f..35c266932c 100644 --- a/phpBB/includes/auth/auth_apache.php +++ b/phpBB/includes/auth/auth_apache.php @@ -141,7 +141,7 @@ function autologin_apache() $sql = 'SELECT * FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($php_auth_user) . "'"; + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($php_auth_user)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -178,7 +178,7 @@ function user_row_apache($username, $password) // generate user account data return array( 'username' => $username, - 'user_password' => $password, + 'user_password' => md5($password), 'user_email' => '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 9477fd92c3..618ad0a387 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -22,7 +22,7 @@ function login_db(&$username, &$password) $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($username) . "'"; + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/auth/auth_ldap.php b/phpBB/includes/auth/auth_ldap.php index 889f6d8661..b1ee7491b0 100644 --- a/phpBB/includes/auth/auth_ldap.php +++ b/phpBB/includes/auth/auth_ldap.php @@ -114,7 +114,7 @@ function login_ldap(&$username, &$password) $sql ='SELECT user_id, username, user_password, user_passchg, user_email, user_type FROM ' . USERS_TABLE . " - WHERE username = '" . $db->sql_escape($username) . "'"; + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -159,7 +159,7 @@ function login_ldap(&$username, &$password) // generate user account data $ldap_user_row = array( 'username' => $username, - 'user_password' => $password, + 'user_password' => md5($password), 'user_email' => (!empty($config['ldap_email'])) ? $ldap_result[0][$config['ldap_email']][0] : '', 'group_id' => (int) $row['group_id'], 'user_type' => USER_NORMAL, diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 4fbac96fe2..b050b6f5a4 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1830,14 +1830,14 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa if (isset($_POST['login'])) { - $username = request_var('username', ''); - $password = request_var('password', ''); + $username = request_var('username', '', true); + $password = request_var('password', '', true); $autologin = (!empty($_POST['autologin'])) ? true : false; $viewonline = (!empty($_POST['viewonline'])) ? 0 : 1; $admin = ($admin) ? 1 : 0; // Check if the supplied username is equal to the one stored within the database if re-authenticating - if ($admin && utf8_strtolower($username) != utf8_strtolower($user->data['username'])) + if ($admin && utf8_clean_string($username) != utf8_clean_string($user->data['username'])) { // We log the attempt to use a different username... add_log('admin', 'LOG_ADMIN_AUTH_FAIL'); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 9dc6dcc4a7..115165dc39 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -34,13 +34,13 @@ function user_get_id_name(&$user_id_ary, &$username_ary) $$which_ary = array($$which_ary); } - $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : $$which_ary; + $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : array_map('utf8_clean_string', $$which_ary); unset($$which_ary); $user_id_ary = $username_ary = array(); // Grab the user id/username records - $sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username'; + $sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username_clean'; $sql = 'SELECT user_id, username FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set($sql_where, $sql_in); @@ -134,6 +134,7 @@ function user_add($user_row, $cp_data = false) $sql_ary = array( 'username' => $user_row['username'], + 'username_clean' => utf8_clean_string($user_row['username']), 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', 'user_email' => $user_row['user_email'], 'user_email_hash' => (int) crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']), @@ -594,7 +595,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $username = trim($username); if ($username != '') { - $sql_usernames[] = utf8_strtolower($username); + $sql_usernames[] = utf8_clean_string($username); } } @@ -606,7 +607,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('LOWER(username)', $sql_usernames); + WHERE ' . $db->sql_in_set('username_clean', $sql_usernames); // Do not allow banning yourself if (sizeof($founder)) @@ -1112,7 +1113,7 @@ function validate_username($username) { global $config, $db, $user; - if (utf8_strtolower($user->data['username']) == utf8_strtolower($username)) + if (utf8_clean_string($user->data['username']) == utf8_clean_string($username)) { return false; } @@ -1124,7 +1125,7 @@ function validate_username($username) $sql = 'SELECT username FROM ' . USERS_TABLE . " - WHERE LOWER(username) = '" . utf8_strtolower($db->sql_escape($username)) . "'"; + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -1136,7 +1137,7 @@ function validate_username($username) $sql = 'SELECT group_name FROM ' . GROUPS_TABLE . " - WHERE LOWER(group_name) = '" . utf8_strtolower($db->sql_escape($username)) . "'"; + WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($username)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index caf68b0f1b..d2b66871d4 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -246,7 +246,7 @@ function mcp_post_details($id, $mode, $action) while ($row = $db->sql_fetchrow($result)) { $users_ary[$row['user_id']]['username'] = $row['username']; - $usernames_ary[utf8_strtolower($row['username'])] = $users_ary[$row['user_id']]; + $usernames_ary[utf8_sclean_string($row['username'])] = $users_ary[$row['user_id']]; } $db->sql_freeresult($result); diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index f8ffda9570..f25a00687e 100755 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -91,7 +91,7 @@ class fulltext_native extends search_backend } $open_bracket = $space = false; - for ($i = 0, $n = utf8_strlen($keywords); $i < $n; $i++) + for ($i = 0, $n = $keywords; $i < $n; $i++) { if ($open_bracket !== false) { diff --git a/phpBB/includes/ucp/ucp_pm_options.php b/phpBB/includes/ucp/ucp_pm_options.php index 6948e0dfea..4344b32895 100644 --- a/phpBB/includes/ucp/ucp_pm_options.php +++ b/phpBB/includes/ucp/ucp_pm_options.php @@ -653,7 +653,7 @@ function define_cond_option($hardcoded, $cond_option, $rule_option, $global_rule { $sql = 'SELECT user_id FROM ' . USERS_TABLE . " - WHERE LOWER(username) = '" . $db->sql_escape(utf8_strtolower($rule_string)) . "'"; + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($rule_string)) . "'"; $result = $db->sql_query($sql); $rule_user_id = (int) $db->sql_fetchfield('user_id'); $db->sql_freeresult($result); diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 4c0eb757fc..c1ea03f2c8 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -31,7 +31,7 @@ class ucp_remind $sql = 'SELECT user_id, username, user_email, user_jabber, user_notify_type, user_type, user_lang FROM ' . USERS_TABLE . " WHERE user_email = '" . $db->sql_escape($email) . "' - AND LOWER(username) = '" . $db->sql_escape(utf8_strtolower($username)) . "'"; + AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index fb44cbaff4..10f93ba408 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -31,7 +31,7 @@ class ucp_resend $sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey FROM ' . USERS_TABLE . " WHERE user_email = '" . $db->sql_escape($email) . "' - AND LOWER(username) = '" . $db->sql_escape(utf8_strtolower($username)) . "'"; + AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php index 7af77c7331..bf5c95d5a3 100644 --- a/phpBB/includes/ucp/ucp_zebra.php +++ b/phpBB/includes/ucp/ucp_zebra.php @@ -42,7 +42,7 @@ class ucp_zebra if ($data['add']) { - $data['add'] = array_map('trim', array_map('utf8_strtolower', explode("\n", $data['add']))); + $data['add'] = array_map('trim', array_map('utf8_clean_string', explode("\n", $data['add']))); // Do these name/s exist on a list already? If so, ignore ... we could be // 'nice' and automatically handle names added to one list present on @@ -59,11 +59,11 @@ class ucp_zebra { if ($row['friend']) { - $friends[] = utf8_strtolower($row['username']); + $friends[] = utf8_clean_string($row['username']); } else { - $foes[] = utf8_strtolower($row['username']); + $foes[] = utf8_clean_string($row['username']); } } $db->sql_freeresult($result); @@ -88,7 +88,7 @@ class ucp_zebra // remove the user himself from the username array $n = sizeof($data['add']); - $data['add'] = array_diff($data['add'], array(utf8_strtolower($user->data['username']))); + $data['add'] = array_diff($data['add'], array(utf8_clean_string($user->data['username']))); if (sizeof($data['add']) < $n) { @@ -101,7 +101,7 @@ class ucp_zebra { $sql = 'SELECT user_id, user_type FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('LOWER(username)', $data['add']) . ' + WHERE ' . $db->sql_in_set('username_clean', $data['add']) . ' AND user_type <> ' . USER_INACTIVE; $result = $db->sql_query($sql); diff --git a/phpBB/includes/utf/utf_tools.php b/phpBB/includes/utf/utf_tools.php index 1bcd92e75f..cb3e3b69ac 100644 --- a/phpBB/includes/utf/utf_tools.php +++ b/phpBB/includes/utf/utf_tools.php @@ -928,4 +928,39 @@ function utf8_case_fold($text, $option = 'full') return $text; } +function utf8_clean_string($text) +{ + $text = utf8_case_fold($text); + + if (!class_exists('utf_normalizer')) + { + global $phpbb_root_path, $phpEx; + include($phpbb_root_path . 'includes/utf/utf_normalizer.' . $phpEx); + } + + $text = utf_normalizer::nfc($text); + + static $homographs = array( + // cyrllic + "\xD0\xB0" => "\x61", + "\xD0\xB5" => "\x65", + "\xD0\xBE" => "\x6F", + "\xD1\x80" => "\x70", + "\xD1\x81" => "\x63", + "\xD1\x83" => "\x79", + "\xD1\x85" => "\x78", + "\xD1\x95" => "\x73", + "\xD1\x96" => "\x69", + "\xD1\x98" => "\x6A", + "\xD2\xBB" => "\x68", + // greek + "\xCE\xB1" => "\x61", + "\xCE\xBF" => "\x6F", + ); + + $text = strtr($text, $homographs); + + return $text; +} + ?>
\ No newline at end of file diff --git a/phpBB/install/schemas/firebird_schema.sql b/phpBB/install/schemas/firebird_schema.sql index 48f9934815..addf00074e 100644 --- a/phpBB/install/schemas/firebird_schema.sql +++ b/phpBB/install/schemas/firebird_schema.sql @@ -1363,6 +1363,7 @@ CREATE TABLE phpbb_users ( user_ip VARCHAR(40) CHARACTER SET NONE DEFAULT '' NOT NULL, user_regdate INTEGER DEFAULT 0 NOT NULL, username VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, + username_clean VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_password VARCHAR(40) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_passchg INTEGER DEFAULT 0 NOT NULL, user_email VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql index fe7c91abb2..5888d62b1a 100644 --- a/phpBB/install/schemas/mssql_schema.sql +++ b/phpBB/install/schemas/mssql_schema.sql @@ -1605,6 +1605,7 @@ CREATE TABLE [phpbb_users] ( [user_ip] [varchar] (40) DEFAULT ('') NOT NULL , [user_regdate] [int] DEFAULT (0) NOT NULL , [username] [varchar] (255) DEFAULT ('') NOT NULL , + [username_clean] [varchar] (255) DEFAULT ('') NOT NULL , [user_password] [varchar] (40) DEFAULT ('') NOT NULL , [user_passchg] [int] DEFAULT (0) NOT NULL , [user_email] [varchar] (100) DEFAULT ('') NOT NULL , diff --git a/phpBB/install/schemas/mysql_40_schema.sql b/phpBB/install/schemas/mysql_40_schema.sql index fa51b77c8c..4a9492b3d2 100644 --- a/phpBB/install/schemas/mysql_40_schema.sql +++ b/phpBB/install/schemas/mysql_40_schema.sql @@ -965,6 +965,7 @@ CREATE TABLE phpbb_users ( user_ip varchar(40) DEFAULT '' NOT NULL, user_regdate int(11) UNSIGNED DEFAULT '0' NOT NULL, username text NOT NULL, + username_clean text NOT NULL, user_password varchar(120) DEFAULT '' NOT NULL, user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL, user_email text NOT NULL, diff --git a/phpBB/install/schemas/mysql_41_schema.sql b/phpBB/install/schemas/mysql_41_schema.sql index 7049c2eed9..b1da5726e2 100644 --- a/phpBB/install/schemas/mysql_41_schema.sql +++ b/phpBB/install/schemas/mysql_41_schema.sql @@ -965,6 +965,7 @@ CREATE TABLE phpbb_users ( user_ip varchar(40) DEFAULT '' NOT NULL, user_regdate int(11) UNSIGNED DEFAULT '0' NOT NULL, username varchar(255) DEFAULT '' NOT NULL, + username_clean varchar(255) DEFAULT '' NOT NULL, user_password varchar(40) DEFAULT '' NOT NULL, user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL, user_email varchar(100) DEFAULT '' NOT NULL, diff --git a/phpBB/install/schemas/oracle_schema.sql b/phpBB/install/schemas/oracle_schema.sql index 79b24786d7..054aa388d2 100644 --- a/phpBB/install/schemas/oracle_schema.sql +++ b/phpBB/install/schemas/oracle_schema.sql @@ -349,7 +349,7 @@ CREATE INDEX phpbb_confirm_confirm_type ON phpbb_confirm (confirm_type) */ CREATE TABLE phpbb_disallow ( disallow_id number(8) NOT NULL, - disallow_username varchar2(756) DEFAULT '' , + disallow_username varchar2(765) DEFAULT '' , CONSTRAINT pk_phpbb_disallow PRIMARY KEY (disallow_id) ) / @@ -739,7 +739,7 @@ END; CREATE TABLE phpbb_moderator_cache ( forum_id number(8) DEFAULT '0' NOT NULL, user_id number(8) DEFAULT '0' NOT NULL, - username varchar2(756) DEFAULT '' , + username varchar2(765) DEFAULT '' , group_id number(8) DEFAULT '0' NOT NULL, group_name varchar2(765) DEFAULT '' , display_on_index number(1) DEFAULT '1' NOT NULL @@ -844,7 +844,7 @@ CREATE TABLE phpbb_posts ( enable_smilies number(1) DEFAULT '1' NOT NULL, enable_magic_url number(1) DEFAULT '1' NOT NULL, enable_sig number(1) DEFAULT '1' NOT NULL, - post_username varchar2(756) DEFAULT '' , + post_username varchar2(765) DEFAULT '' , post_subject varchar2(300) DEFAULT '' , post_text clob DEFAULT '' , post_checksum varchar2(32) DEFAULT '' , @@ -1375,7 +1375,7 @@ END; */ CREATE TABLE phpbb_styles ( style_id number(4) NOT NULL, - style_name varchar2(756) DEFAULT '' , + style_name varchar2(765) DEFAULT '' , style_copyright varchar2(765) DEFAULT '' , style_active number(1) DEFAULT '1' NOT NULL, template_id number(4) DEFAULT '0' NOT NULL, @@ -1414,7 +1414,7 @@ END; */ CREATE TABLE phpbb_styles_template ( template_id number(4) NOT NULL, - template_name varchar2(756) DEFAULT '' , + template_name varchar2(765) DEFAULT '' , template_copyright varchar2(765) DEFAULT '' , template_path varchar2(100) DEFAULT '' , bbcode_bitfield varchar2(255) DEFAULT 'kNg=' NOT NULL, @@ -1479,7 +1479,7 @@ END; */ CREATE TABLE phpbb_styles_theme ( theme_id number(4) NOT NULL, - theme_name varchar2(756) DEFAULT '' , + theme_name varchar2(765) DEFAULT '' , theme_copyright varchar2(765) DEFAULT '' , theme_path varchar2(100) DEFAULT '' , theme_storedb number(1) DEFAULT '0' NOT NULL, @@ -1512,7 +1512,7 @@ END; */ CREATE TABLE phpbb_styles_imageset ( imageset_id number(4) NOT NULL, - imageset_name varchar2(756) DEFAULT '' , + imageset_name varchar2(765) DEFAULT '' , imageset_copyright varchar2(765) DEFAULT '' , imageset_path varchar2(100) DEFAULT '' , site_logo varchar2(200) DEFAULT '' , @@ -1774,6 +1774,7 @@ CREATE TABLE phpbb_users ( user_ip varchar2(40) DEFAULT '' , user_regdate number(11) DEFAULT '0' NOT NULL, username varchar2(255) DEFAULT '' , + username_clean varchar2(255) DEFAULT '' , user_password varchar2(120) DEFAULT '' , user_passchg number(11) DEFAULT '0' NOT NULL, user_email varchar2(300) DEFAULT '' , diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql index 7d110077c9..e0896e8ce2 100644 --- a/phpBB/install/schemas/postgres_schema.sql +++ b/phpBB/install/schemas/postgres_schema.sql @@ -1225,6 +1225,7 @@ CREATE TABLE phpbb_users ( user_ip varchar(40) DEFAULT '' NOT NULL, user_regdate INT4 DEFAULT '0' NOT NULL CHECK (user_regdate >= 0), username varchar_ci DEFAULT '' NOT NULL, + username_clean varchar_ci DEFAULT '' NOT NULL, user_password varchar(40) DEFAULT '' NOT NULL, user_passchg INT4 DEFAULT '0' NOT NULL CHECK (user_passchg >= 0), user_email varchar(100) DEFAULT '' NOT NULL, diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index 07c5437a53..15f12f2d4a 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -402,10 +402,10 @@ INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id, INSERT INTO phpbb_forums (forum_name, forum_desc, left_id, right_id, parent_id, forum_type, forum_posts, forum_topics, forum_topics_real, forum_last_post_id, forum_last_poster_id, forum_last_poster_name, forum_last_poster_colour, forum_last_post_subject, forum_last_post_time, forum_link, forum_password, forum_image, forum_rules, forum_rules_link, forum_rules_uid, forum_desc_uid, prune_days, prune_viewed, forum_parents) VALUES ('Test Forum 1', 'This is just a test forum.', 2, 3, 1, 1, 1, 1, 1, 1, 2, 'Admin', 'AA0000', 'Welcome to phpBB 3', 972086460, '', '', '', '', '', '', '', 0, 0, ''); # -- Users / Anonymous user -INSERT INTO phpbb_users (user_type, group_id, username, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_from, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_website, user_occ, user_interests, user_actkey, user_newpasswd) VALUES (2, 1, 'Anonymous', 0, '', '', 'en', 1, 0, '', 0, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', '', '', '', '', '', '', '', ''); +INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_from, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_website, user_occ, user_interests, user_actkey, user_newpasswd) VALUES (2, 1, 'Anonymous', 'anonymous', 0, '', '', 'en', 1, 0, '', 0, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', '', '', '', '', '', '', '', ''); # -- username: Admin password: admin (change this or remove it once everything is working!) -INSERT INTO phpbb_users (user_type, group_id, username, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_from, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_website, user_occ, user_interests, user_actkey, user_newpasswd) VALUES (3, 5, 'Admin', 0, '21232f297a57a5a743894a0e4a801fc3', 'admin@yourdomain.com', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', '', '', '', '', '', '', '', ''); +INSERT INTO phpbb_users (user_type, group_id, username, username_clean, user_regdate, user_password, user_email, user_lang, user_style, user_rank, user_colour, user_posts, user_permissions, user_ip, user_birthday, user_lastpage, user_last_confirm_key, user_post_sortby_type, user_post_sortby_dir, user_topic_sortby_type, user_topic_sortby_dir, user_avatar, user_sig, user_sig_bbcode_uid, user_from, user_icq, user_aim, user_yim, user_msnm, user_jabber, user_website, user_occ, user_interests, user_actkey, user_newpasswd) VALUES (3, 5, 'Admin', 'admin', 0, '21232f297a57a5a743894a0e4a801fc3', 'admin@yourdomain.com', 'en', 1, 1, 'AA0000', 1, '', '', '', '', '', 't', 'a', 't', 'd', '', '', '', '', '', '', '', '', '', '', '', '', '', ''); # -- Groups INSERT INTO phpbb_groups (group_name, group_type, group_colour, group_legend, group_avatar, group_desc, group_desc_uid) VALUES ('GUESTS', 3, '', 0, '', '', ''); diff --git a/phpBB/install/schemas/sqlite_schema.sql b/phpBB/install/schemas/sqlite_schema.sql index ea716ee4ae..19599e3fa4 100644 --- a/phpBB/install/schemas/sqlite_schema.sql +++ b/phpBB/install/schemas/sqlite_schema.sql @@ -936,6 +936,7 @@ CREATE TABLE phpbb_users ( user_ip varchar(40) NOT NULL DEFAULT '', user_regdate INTEGER UNSIGNED NOT NULL DEFAULT '0', username varchar(255) NOT NULL DEFAULT '', + username_clean varchar(255) NOT NULL DEFAULT '', user_password varchar(40) NOT NULL DEFAULT '', user_passchg INTEGER UNSIGNED NOT NULL DEFAULT '0', user_email varchar(100) NOT NULL DEFAULT '', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 3e52a2cf6a..7b6bfdbd23 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -332,7 +332,7 @@ switch ($mode) { $sql = 'SELECT * FROM ' . USERS_TABLE . " - WHERE LOWER(username) = '" . utf8_strtolower($db->sql_escape($username)) . "' + WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "' AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')'; } else |