diff options
| -rw-r--r-- | phpBB/develop/create_schema_files.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 30 | ||||
| -rw-r--r-- | phpBB/includes/db/dbal.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/firebird_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/mssql_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/mysql_40_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/mysql_41_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/oracle_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/postgres_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/install/schemas/sqlite_schema.sql | 1 | ||||
| -rw-r--r-- | phpBB/search.php | 119 |
12 files changed, 99 insertions, 60 deletions
diff --git a/phpBB/develop/create_schema_files.php b/phpBB/develop/create_schema_files.php index 50de293b33..60324d94a8 100644 --- a/phpBB/develop/create_schema_files.php +++ b/phpBB/develop/create_schema_files.php @@ -1834,6 +1834,7 @@ function get_schema_struct() 'username_clean' => array('VCHAR_CI', ''), 'user_password' => array('VCHAR_UNI:40', ''), 'user_passchg' => array('TIMESTAMP', 0), + 'user_pass_convert' => array('BOOL', 0), 'user_email' => array('VCHAR_UNI:100', ''), 'user_email_hash' => array('BINT', 0), 'user_birthday' => array('VCHAR:10', ''), diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index 618ad0a387..3be896cfd6 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -20,7 +20,7 @@ function login_db(&$username, &$password) { global $db, $config; - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts + $sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts FROM ' . USERS_TABLE . " WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); @@ -95,8 +95,32 @@ function login_db(&$username, &$password) } } - // Password correct... - if (md5($password) == $row['user_password']) + // If the password convert flag is set we need to convert it + if ($row['user_pass_convert']) + { + // in phpBB2 passwords were used exactly as they were sent + $password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : ''; + $password_old_format = (STRIP) ? stripslashes($password_old_format) : $password_old_format; + $password_new_format = ''; + + set_var($password_new_format, $password_old_format, 'string'); + + if ($password == $password_new_format && md5($password_old_format) == $row['user_password']) + { + // Update the password in the users table to the new format and remove user_pass_convert flag + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_password = \'' . $db->sql_escape(md5($password_new_format)) . '\', + user_pass_convert = 0 + WHERE user_id = ' . $row['user_id']; + $db->sql_query($sql); + + $row['user_pass_convert'] = 0; + $row['user_password'] = md5($password_new_format); + } + } + + // Check password ... + if (!$row['user_pass_convert'] && md5($password) == $row['user_password']) { // Successful, reset login attempts (the user passed all stages) $sql = 'UPDATE ' . USERS_TABLE . ' diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index ad0fdf5541..da5efcf55a 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -332,7 +332,6 @@ class dbal case 'mysql': case 'mysql4': case 'mysqli': - case 'sqlite': $this->sql_query('INSERT INTO ' . $table . ' ' . $this->sql_build_array('MULTI_INSERT', $sql_ary)); break; diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 514cd26d48..19c2b21655 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -142,6 +142,7 @@ function user_add($user_row, $cp_data = false) 'username' => $user_row['username'], 'username_clean' => utf8_clean_string($user_row['username']), 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', + 'user_pass_convert' => 0, 'user_email' => strtolower($user_row['user_email']), 'user_email_hash' => (int) crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']), 'group_id' => $user_row['group_id'], diff --git a/phpBB/install/schemas/firebird_schema.sql b/phpBB/install/schemas/firebird_schema.sql index b98be18e04..f06c98b657 100644 --- a/phpBB/install/schemas/firebird_schema.sql +++ b/phpBB/install/schemas/firebird_schema.sql @@ -1367,6 +1367,7 @@ CREATE TABLE phpbb_users ( username_clean VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_password VARCHAR(40) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_passchg INTEGER DEFAULT 0 NOT NULL, + user_pass_convert INTEGER DEFAULT 0 NOT NULL, user_email VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE, user_email_hash DOUBLE PRECISION DEFAULT 0 NOT NULL, user_birthday VARCHAR(10) CHARACTER SET NONE DEFAULT '' NOT NULL, diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql index 73f2d4546c..804d5eafc8 100644 --- a/phpBB/install/schemas/mssql_schema.sql +++ b/phpBB/install/schemas/mssql_schema.sql @@ -1609,6 +1609,7 @@ CREATE TABLE [phpbb_users] ( [username_clean] [varchar] (255) DEFAULT ('') NOT NULL , [user_password] [varchar] (40) DEFAULT ('') NOT NULL , [user_passchg] [int] DEFAULT (0) NOT NULL , + [user_pass_convert] [int] DEFAULT (0) NOT NULL , [user_email] [varchar] (100) DEFAULT ('') NOT NULL , [user_email_hash] [float] DEFAULT (0) NOT NULL , [user_birthday] [varchar] (10) DEFAULT ('') NOT NULL , diff --git a/phpBB/install/schemas/mysql_40_schema.sql b/phpBB/install/schemas/mysql_40_schema.sql index d7d77b07e9..cf4d43b768 100644 --- a/phpBB/install/schemas/mysql_40_schema.sql +++ b/phpBB/install/schemas/mysql_40_schema.sql @@ -969,6 +969,7 @@ CREATE TABLE phpbb_users ( username_clean text NOT NULL, user_password varchar(120) DEFAULT '' NOT NULL, user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL, + user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, user_email text NOT NULL, user_email_hash bigint(20) DEFAULT '0' NOT NULL, user_birthday varchar(10) DEFAULT '' NOT NULL, diff --git a/phpBB/install/schemas/mysql_41_schema.sql b/phpBB/install/schemas/mysql_41_schema.sql index 575cc14244..aaf00d077e 100644 --- a/phpBB/install/schemas/mysql_41_schema.sql +++ b/phpBB/install/schemas/mysql_41_schema.sql @@ -969,6 +969,7 @@ CREATE TABLE phpbb_users ( username_clean varchar(255) DEFAULT '' NOT NULL, user_password varchar(40) DEFAULT '' NOT NULL, user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL, + user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL, user_email varchar(100) DEFAULT '' NOT NULL, user_email_hash bigint(20) DEFAULT '0' NOT NULL, user_birthday varchar(10) DEFAULT '' NOT NULL, diff --git a/phpBB/install/schemas/oracle_schema.sql b/phpBB/install/schemas/oracle_schema.sql index 11a2ca2329..816d584b97 100644 --- a/phpBB/install/schemas/oracle_schema.sql +++ b/phpBB/install/schemas/oracle_schema.sql @@ -1778,6 +1778,7 @@ CREATE TABLE phpbb_users ( username_clean varchar2(255) DEFAULT '' , user_password varchar2(120) DEFAULT '' , user_passchg number(11) DEFAULT '0' NOT NULL, + user_pass_convert number(1) DEFAULT '0' NOT NULL, user_email varchar2(300) DEFAULT '' , user_email_hash number(20) DEFAULT '0' NOT NULL, user_birthday varchar2(10) DEFAULT '' , diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql index 554742b7e4..aa22d5b0fa 100644 --- a/phpBB/install/schemas/postgres_schema.sql +++ b/phpBB/install/schemas/postgres_schema.sql @@ -1229,6 +1229,7 @@ CREATE TABLE phpbb_users ( username_clean varchar_ci DEFAULT '' NOT NULL, user_password varchar(40) DEFAULT '' NOT NULL, user_passchg INT4 DEFAULT '0' NOT NULL CHECK (user_passchg >= 0), + user_pass_convert INT2 DEFAULT '0' NOT NULL CHECK (user_pass_convert >= 0), user_email varchar(100) DEFAULT '' NOT NULL, user_email_hash INT8 DEFAULT '0' NOT NULL, user_birthday varchar(10) DEFAULT '' NOT NULL, diff --git a/phpBB/install/schemas/sqlite_schema.sql b/phpBB/install/schemas/sqlite_schema.sql index 563cc949e9..ee42bfec4b 100644 --- a/phpBB/install/schemas/sqlite_schema.sql +++ b/phpBB/install/schemas/sqlite_schema.sql @@ -940,6 +940,7 @@ CREATE TABLE phpbb_users ( username_clean varchar(255) NOT NULL DEFAULT '', user_password varchar(40) NOT NULL DEFAULT '', user_passchg INTEGER UNSIGNED NOT NULL DEFAULT '0', + user_pass_convert INTEGER UNSIGNED NOT NULL DEFAULT '0', user_email varchar(100) NOT NULL DEFAULT '', user_email_hash bigint(20) NOT NULL DEFAULT '0', user_birthday varchar(10) NOT NULL DEFAULT '', diff --git a/phpBB/search.php b/phpBB/search.php index 3dfc4e312c..f8fa502839 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -81,8 +81,68 @@ if ($keywords || $author || $author_id || $search_id || $submit) // clear arrays $id_ary = array(); - // Which forums should not be searched? - $ex_fid_ary = array_unique(array_merge(array_keys($auth->acl_getf('!f_read', true)), array_keys($auth->acl_getf('!f_search', true)))); + // egosearch is an author search + if ($search_id == 'egosearch') + { + $author = $user->data['username']; + } + + // If we are looking for authors get their ids + $author_id_ary = array(); + if ($author_id) + { + $author_id_ary[] = $author_id; + } + else if ($author) + { + if ((strpos($author, '*') !== false) && (str_replace(array('*', '%'), '', $author) < $config['min_search_author_chars'])) + { + trigger_error(sprintf($user->lang['TOO_FEW_AUTHOR_CHARS'], $config['min_search_author_chars'])); + } + + $sql_where = (strpos($author, '*') !== false) ? ' LIKE ' : ' = '; + $sql = 'SELECT user_id + FROM ' . USERS_TABLE . " + WHERE username $sql_where '" . $db->sql_escape(preg_replace('#\*+#', '%', $author)) . "' + AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')'; + $result = $db->sql_query_limit($sql, 100); + + while ($row = $db->sql_fetchrow($result)) + { + $author_id_ary[] = (int) $row['user_id']; + } + $db->sql_freeresult($result); + + if (!sizeof($author_id_ary)) + { + trigger_error($user->lang['NO_SEARCH_RESULTS']); + } + } + + // if we search in an existing search result just add the additional keywords. But we need to use "all search terms"-mode + // so we can keep the old keywords in their old mode, but add the new ones as required words + if ($add_keywords) + { + if ($search_terms == 'all') + { + $keywords .= ' ' . $add_keywords; + } + else + { + $search_terms = 'all'; + $keywords = implode(' |', explode(' ', preg_replace('#\s+#', ' ', $keywords))) . ' ' .$add_keywords; + } + } + + // Which forums should not be searched? Author searches are also carried out in unindexed forums + if (empty($search->search_query) && sizeof($author_id_ary)) + { + $ex_fid_ary = array_keys($auth->acl_getf('!f_read', true)); + } + else + { + $ex_fid_ary = array_unique(array_merge(array_keys($auth->acl_getf('!f_read', true)), array_keys($auth->acl_getf('!f_search', true)))); + } $not_in_fid = (sizeof($ex_fid_ary)) ? 'WHERE ' . $db->sql_in_set('f.forum_id', $ex_fid_ary, true) . " OR (f.forum_password <> '' AND fa.user_id <> " . (int) $user->data['user_id'] . ')' : ""; @@ -149,59 +209,6 @@ if ($keywords || $author || $author_id || $search_id || $submit) $search_forum = array(); } - // egosearch is an author search - if ($search_id == 'egosearch') - { - $author = $user->data['username']; - } - - // If we are looking for authors get their ids - $author_id_ary = array(); - if ($author_id) - { - $author_id_ary[] = $author_id; - } - else if ($author) - { - if ((strpos($author, '*') !== false) && (str_replace(array('*', '%'), '', $author) < $config['min_search_author_chars'])) - { - trigger_error(sprintf($user->lang['TOO_FEW_AUTHOR_CHARS'], $config['min_search_author_chars'])); - } - - $sql_where = (strpos($author, '*') !== false) ? ' LIKE ' : ' = '; - $sql = 'SELECT user_id - FROM ' . USERS_TABLE . " - WHERE username $sql_where '" . $db->sql_escape(preg_replace('#\*+#', '%', $author)) . "' - AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')'; - $result = $db->sql_query_limit($sql, 100); - - while ($row = $db->sql_fetchrow($result)) - { - $author_id_ary[] = (int) $row['user_id']; - } - $db->sql_freeresult($result); - - if (!sizeof($author_id_ary)) - { - trigger_error($user->lang['NO_SEARCH_RESULTS']); - } - } - - // if we search in an existing search result just add the additional keywords. But we need to use "all search terms"-mode - // so we can keep the old keywords in their old mode, but add the new ones as required words - if ($add_keywords) - { - if ($search_terms == 'all') - { - $keywords .= ' ' . $add_keywords; - } - else - { - $search_terms = 'all'; - $keywords = implode(' |', explode(' ', preg_replace('#\s+#', ' ', $keywords))) . ' ' .$add_keywords; - } - } - // Select which method we'll use to obtain the post_id or topic_id information $search_type = basename($config['search_type']); @@ -400,7 +407,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) } // For some searches we need to print out the "no results" page directly to allow re-sorting/refining the search options. - if (!sizeof($id_ary) && $search_id !== 'active_topics') + if (!sizeof($id_ary) && !$search_id) { trigger_error($user->lang['NO_SEARCH_RESULTS']); } |