diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions_convert.php | 6 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 4 | ||||
| -rw-r--r-- | phpBB/install/database_update.php | 18 | ||||
| -rwxr-xr-x | phpBB/install/install_install.php | 2 |
5 files changed, 28 insertions, 4 deletions
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index a1bb85ad1c..47db9dc0f4 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -733,7 +733,7 @@ class acp_users { $sql_ary += array( 'user_email' => $update_email, - 'user_email_hash' => crc32(strtolower($update_email)) . strlen($update_email) + 'user_email_hash' => crc32($update_email) . strlen($update_email) ); add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email); diff --git a/phpBB/includes/functions_convert.php b/phpBB/includes/functions_convert.php index d4034d7019..5216185d96 100644 --- a/phpBB/includes/functions_convert.php +++ b/phpBB/includes/functions_convert.php @@ -1181,6 +1181,12 @@ function restore_config($schema) if ($config_value !== '') { + // Most are... + if (is_string($config_value)) + { + $config_value = utf8_htmlspecialchars($config_value); + } + set_config($config_name, $config_value); } } diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index e9297d490f..6ef3e01056 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -145,7 +145,7 @@ function user_add($user_row, $cp_data = false) 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', 'user_pass_convert' => 0, 'user_email' => strtolower($user_row['user_email']), - 'user_email_hash' => (int) crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']), + 'user_email_hash' => crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']), 'group_id' => $user_row['group_id'], 'user_type' => $user_row['user_type'], ); @@ -1332,7 +1332,7 @@ function validate_email($email) { $sql = 'SELECT user_email_hash FROM ' . USERS_TABLE . " - WHERE user_email_hash = " . crc32($email) . strlen($email); + WHERE user_email_hash = " . (crc32($email) . strlen($email)); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/install/database_update.php b/phpBB/install/database_update.php index 8fd30020a1..4d8fc449a0 100644 --- a/phpBB/install/database_update.php +++ b/phpBB/install/database_update.php @@ -627,6 +627,24 @@ if (version_compare($current_version, '3.0.b4', '<=')) WHERE module_class = 'acp' AND module_mode = 'version_check' AND module_auth = 'acl_a_'"; _sql($sql, $errored, $error_ary); + // Because the email hash could have been calculated wrongly, we will update it for every user. + // Since this is not used in a live environment there are not much... not used in a live environment, yes! + $sql = 'SELECT user_id, user_email + FROM ' . USERS_TABLE; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if ($row['user_email']) + { + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_email_hash = ' . (crc32($row['user_email']) . strlen($row['user_email'])) . ' + WHERE user_id = ' . $row['user_id']; + _sql($sql, $errored, $error_ary); + } + } + $db->sql_freeresult($result); + $no_updates = false; } diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 7bfecd1685..b6bf1dd03d 100755 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -1277,7 +1277,7 @@ class install_install extends module WHERE config_name = 'newest_username'", 'UPDATE ' . $table_prefix . "users - SET username = '" . $db->sql_escape($admin_name) . "', user_password='" . $db->sql_escape(md5($admin_pass1)) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($default_lang) . "', user_email='" . $db->sql_escape($board_email1) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . (int) (crc32(strtolower($board_email1)) . strlen($board_email1)) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($admin_name)) . "' + SET username = '" . $db->sql_escape($admin_name) . "', user_password='" . $db->sql_escape(md5($admin_pass1)) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($default_lang) . "', user_email='" . $db->sql_escape($board_email1) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . (crc32($board_email1) . strlen($board_email1)) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($admin_name)) . "' WHERE username = 'Admin'", 'UPDATE ' . $table_prefix . "moderator_cache |