diff options
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 8 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_remind.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_resend.php | 2 | ||||
| -rw-r--r-- | phpBB/install/install_install.php | 2 |
8 files changed, 16 insertions, 7 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 0922372a78..8610887904 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -283,6 +283,7 @@ <li>[Feature] Place debug notices during captcha rendering in the error log - useful for debugging output already started errors.</li> <li>[Feature] Ability to define constant PHPBB_USE_BOARD_URL_PATH to use board url for images/avatars/ranks/imageset...</li> <li>[Feature] Added INC/DEC command to template syntax, applicable to DEFINES and normal template variables, including loops.</li> + <li>[Feature] Added function to generate email-hash. (Bug #49195)</li> </ul> <a name="v304"></a><h3>1.ii. Changes since 3.0.4</h3> diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 7921b6df67..71720f45b4 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -847,7 +847,7 @@ class acp_users { $sql_ary += array( 'user_email' => $update_email, - 'user_email_hash' => crc32($update_email) . strlen($update_email) + 'user_email_hash' => phpbb_email_hash($update_email), ); add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index e23278a0f2..17fb351630 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -552,6 +552,14 @@ function _hash_crypt_private($password, $setting, &$itoa64) } /** +* Hash email +*/ +function phpbb_email_hash($email) +{ + return crc32(strtolower($email)) . strlen($email); +} + +/** * Global function for chmodding directories and files for internal use * * This function determines owner and group whom the file belongs to and user and group of PHP and then set safest possible file permissions. diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index cb3306745e..11b134cd85 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -171,7 +171,7 @@ function user_add($user_row, $cp_data = false) 'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '', 'user_pass_convert' => 0, 'user_email' => strtolower($user_row['user_email']), - 'user_email_hash' => crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']), + 'user_email_hash' => phpbb_email_hash($user_row['user_email']), 'group_id' => $user_row['group_id'], 'user_type' => $user_row['user_type'], ); @@ -1727,7 +1727,7 @@ function validate_email($email, $allowed_email = false) { $sql = 'SELECT user_email_hash FROM ' . USERS_TABLE . " - WHERE user_email_hash = " . (crc32($email) . strlen($email)); + WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email)); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index a7785e7163..e24acd89fc 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -110,7 +110,7 @@ class ucp_profile 'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'], 'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'], 'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'], - 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32($data['email']) . strlen($data['email']) : $user->data['user_email_hash'], + 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'], 'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? phpbb_hash($data['new_password']) : $user->data['user_password'], 'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0, ); diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 6325bf89b6..df6733d038 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -38,7 +38,7 @@ class ucp_remind { $sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason FROM ' . USERS_TABLE . " - WHERE user_email = '" . $db->sql_escape($email) . "' + WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "' AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index cad494541b..39e9be24a1 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -45,7 +45,7 @@ class ucp_resend $sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason FROM ' . USERS_TABLE . " - WHERE user_email = '" . $db->sql_escape($email) . "' + WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "' AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; $result = $db->sql_query($sql); $user_row = $db->sql_fetchrow($result); diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 6a7b6ca121..0e6c2f36aa 100644 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -1337,7 +1337,7 @@ class install_install extends module WHERE config_name = 'avatar_salt'", 'UPDATE ' . $data['table_prefix'] . "users - SET username = '" . $db->sql_escape($data['admin_name']) . "', user_password='" . $db->sql_escape(md5($data['admin_pass1'])) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($data['default_lang']) . "', user_email='" . $db->sql_escape($data['board_email1']) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . (crc32($data['board_email1']) . strlen($data['board_email1'])) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($data['admin_name'])) . "' + SET username = '" . $db->sql_escape($data['admin_name']) . "', user_password='" . $db->sql_escape(md5($data['admin_pass1'])) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($data['default_lang']) . "', user_email='" . $db->sql_escape($data['board_email1']) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . $db->sql_escape(phpbb_email_hash($data['board_email1'])) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($data['admin_name'])) . "' WHERE username = 'Admin'", 'UPDATE ' . $data['table_prefix'] . "moderator_cache |