Menu
▾
▴
[mxbb-commits] core/includes/sessions/phpbb3 login.php,1.1,1.2
|
From: OryNider <ory...@us...> - 2007-12-15 08:18:01
|
Update of /cvsroot/mxbb/core/includes/sessions/phpbb3 In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv24925 Modified Files: login.php Log Message: This will fix login box wich will not be compatible just with Gold. Index: login.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/sessions/phpbb3/login.php,v retrieving revision 1.1 retrieving revision 1.2 diff -C2 -d -r1.1 -r1.2 *** login.php 9 Sep 2007 16:51:32 -0000 1.1 --- login.php 15 Dec 2007 08:17:51 -0000 1.2 *************** *** 63,71 **** $password_new_format = ''; ! $password_new_format = stripslashes($password_old_format); ! mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", $password_new_format, ''); ! if ($password_new_format == $password_old_format) { if (!function_exists('utf8_to_cp1252')) --- 63,71 ---- $password_new_format = ''; ! phpBB3::set_var($password_new_format, stripslashes($password_old_format), 'string'); ! //mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", $password_new_format, ''); ! if ($password == $password_new_format) { if (!function_exists('utf8_to_cp1252')) *************** *** 76,100 **** // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding ! if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'] || md5($password) == $row['user_password']) { ! $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; ! $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0; ! $mx_user->session_create($row['user_id'], $admin, $autologin, $viewonline = true); ! $session_id = $mx_user->session_id; ! // Reset login tries ! //$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']); // phpBB2 ! $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']); // phpBB3 ! if( $session_id ) ! { ! $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; ! $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : $fromurl; ! mx_redirect(mx3_append_sid($url, false, false, $session_id)); ! } ! else ! { ! mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); ! } } else --- 76,92 ---- // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding ! if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']) { ! $hash = phpBB3::phpbb_hash($password_new_format); ! // Update the password in the users table to the new format and remove user_pass_convert flag ! $sql = 'UPDATE ' . USERS_TABLE . ' ! SET user_password = \'' . $db->sql_escape($hash) . '\', ! user_pass_convert = 0 ! WHERE user_id = ' . $row['user_id']; ! $db->sql_query($sql); ! $row['user_pass_convert'] = 0; ! $row['user_password'] = $hash; } else *************** *** 104,154 **** $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 - WHERE user_id = ' . $row['user_id']; - - $db->sql_query($sql); - $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : ''; - $redirect = str_replace('?', '&', $redirect); - - if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r")) - { - mx_message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.'); - } - - $template->assign_vars(array( - 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">") - ); - - $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . mx3_append_sid("index.$phpEx") . '">', '</a>'); - mx_message_die(GENERAL_MESSAGE, $message); - } - } - // Check password ... - if (!$row['user_pass_convert'] && md5($password) == $row['user_password']) - { - if ($row['user_login_attempts'] != 0) - { - // Successful, reset login attempts (the user passed all stages) - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_login_attempts = 0 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); - } ! // User inactive... ! if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE) ! { ! ! } ! ! // Successful login... set user_login_attempts to zero... ! if( $session_id ) ! { ! $fromurl = ( !empty($HTTP_REFERER) ) ? str_replace('&', '&', htmlspecialchars($HTTP_REFERER)) : "index.$phpEx"; ! $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : $fromurl; ! mx_redirect(mx3_append_sid($url, false, false, $session_id)); ! } ! else ! { ! mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); } } --- 96,107 ---- $sql = 'UPDATE ' . USERS_TABLE . ' SET user_login_attempts = user_login_attempts + 1 WHERE user_id = ' . $row['user_id']; $db->sql_query($sql); ! return array( ! 'status' => LOGIN_ERROR_PASSWORD_CONVERT, ! 'error_msg' => 'LOGIN_ERROR_PASSWORD_CONVERT', ! 'user_row' => $row, ! ); } } *************** *** 160,164 **** $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; $password_new_format = ''; ! $password_new_format = stripslashes($password_old_format); //mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", $password_new_format, ''); --- 113,117 ---- $password_old_format = (!STRIP) ? addslashes($password_old_format) : $password_old_format; $password_new_format = ''; ! phpBB3::set_var($password_new_format, stripslashes($password_old_format), 'string'); //mx_message_die(CRITICAL_ERROR, "Couldn't start session : login", $password_new_format, ''); *************** *** 170,176 **** include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx); } ! // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding ! if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'] || md5($password) == $row['user_password']) { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; --- 123,129 ---- include($phpbb_root_path . 'includes/utf/data/recode_basic.' . $phpEx); } ! // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding ! if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'] || phpBB3::phpbb_check_hash($password, $row['user_password'])) { $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; *************** *** 178,181 **** --- 131,135 ---- $mx_user->session_create($row['user_id'], $admin, $autologin, $viewonline = true); $session_id = $mx_user->session_id; + // Reset login tries *************** *** 221,225 **** } // Check password ... ! if (!$row['user_pass_convert'] && md5($password) == $row['user_password']) { if ($row['user_login_attempts'] != 0) --- 175,179 ---- } // Check password ... ! if (!$row['user_pass_convert'] && phpBB3::phpbb_check_hash($password, $row['user_password'])) { if ($row['user_login_attempts'] != 0) |
