Menu
▾
▴
[Phpbb-checkins] r10060 - in /branches/phpBB-3_0_0/phpBB: docs/CHANGELOG.html includes/acp/acp_users.php includes/functions.php includes/functions_user.php includes/ucp/ucp_profile.php includes/ucp/ucp_remind.php includes/ucp/ucp_resend.php install/install_install.php
|
From: Joas S. <nic...@ph...> - 2009-08-28 09:27:31
|
Author: nickvergessen
Date: Fri Aug 28 10:26:43 2009
New Revision: 10060
Log:
Fix Bug #49195 - Queries on un-indexed column user_email
Added function to generate email-hash.
Authorised by: AcydBurn
Modified:
branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html
branches/phpBB-3_0_0/phpBB/includes/acp/acp_users.php
branches/phpBB-3_0_0/phpBB/includes/functions.php
branches/phpBB-3_0_0/phpBB/includes/functions_user.php
branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_profile.php
branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_remind.php
branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_resend.php
branches/phpBB-3_0_0/phpBB/install/install_install.php
Modified: branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html
==============================================================================
*** branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html (original)
--- branches/phpBB-3_0_0/phpBB/docs/CHANGELOG.html Fri Aug 28 10:26:43 2009
***************
*** 283,288 ****
--- 283,289 ----
<li>[Feature] Place debug notices during captcha rendering in the error log - useful for debugging output already started errors.</li>
<li>[Feature] Ability to define constant PHPBB_USE_BOARD_URL_PATH to use board url for images/avatars/ranks/imageset...</li>
<li>[Feature] Added INC/DEC command to template syntax, applicable to DEFINES and normal template variables, including loops.</li>
+ <li>[Feature] Added function to generate email-hash. (Bug #49195)</li>
</ul>
<a name="v304"></a><h3>1.ii. Changes since 3.0.4</h3>
Modified: branches/phpBB-3_0_0/phpBB/includes/acp/acp_users.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/acp/acp_users.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/acp/acp_users.php Fri Aug 28 10:26:43 2009
***************
*** 847,853 ****
{
$sql_ary += array(
'user_email' => $update_email,
! 'user_email_hash' => crc32($update_email) . strlen($update_email)
);
add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email);
--- 847,853 ----
{
$sql_ary += array(
'user_email' => $update_email,
! 'user_email_hash' => phpbb_email_hash($update_email),
);
add_log('user', $user_id, 'LOG_USER_UPDATE_EMAIL', $user_row['username'], $user_row['user_email'], $update_email);
Modified: branches/phpBB-3_0_0/phpBB/includes/functions.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/functions.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/functions.php Fri Aug 28 10:26:43 2009
***************
*** 552,557 ****
--- 552,565 ----
}
/**
+ * Hash email
+ */
+ function phpbb_email_hash($email)
+ {
+ return crc32(strtolower($email)) . strlen($email);
+ }
+
+ /**
* Global function for chmodding directories and files for internal use
*
* This function determines owner and group whom the file belongs to and user and group of PHP and then set safest possible file permissions.
Modified: branches/phpBB-3_0_0/phpBB/includes/functions_user.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/functions_user.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/functions_user.php Fri Aug 28 10:26:43 2009
***************
*** 171,177 ****
'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
'user_pass_convert' => 0,
'user_email' => strtolower($user_row['user_email']),
! 'user_email_hash' => crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']),
'group_id' => $user_row['group_id'],
'user_type' => $user_row['user_type'],
);
--- 171,177 ----
'user_password' => (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
'user_pass_convert' => 0,
'user_email' => strtolower($user_row['user_email']),
! 'user_email_hash' => phpbb_email_hash($user_row['user_email']),
'group_id' => $user_row['group_id'],
'user_type' => $user_row['user_type'],
);
***************
*** 1727,1733 ****
{
$sql = 'SELECT user_email_hash
FROM ' . USERS_TABLE . "
! WHERE user_email_hash = " . (crc32($email) . strlen($email));
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
--- 1727,1733 ----
{
$sql = 'SELECT user_email_hash
FROM ' . USERS_TABLE . "
! WHERE user_email_hash = " . $db->sql_escape(phpbb_email_hash($email));
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
Modified: branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_profile.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_profile.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_profile.php Fri Aug 28 10:26:43 2009
***************
*** 110,116 ****
'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
! 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? crc32($data['email']) . strlen($data['email']) : $user->data['user_email_hash'],
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? phpbb_hash($data['new_password']) : $user->data['user_password'],
'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
);
--- 110,116 ----
'username' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? $data['username'] : $user->data['username'],
'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
! 'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'],
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? phpbb_hash($data['new_password']) : $user->data['user_password'],
'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
);
Modified: branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_remind.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_remind.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_remind.php Fri Aug 28 10:26:43 2009
***************
*** 38,44 ****
{
$sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
FROM ' . USERS_TABLE . "
! WHERE user_email = '" . $db->sql_escape($email) . "'
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
--- 38,44 ----
{
$sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
FROM ' . USERS_TABLE . "
! WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
Modified: branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_resend.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_resend.php (original)
--- branches/phpBB-3_0_0/phpBB/includes/ucp/ucp_resend.php Fri Aug 28 10:26:43 2009
***************
*** 45,51 ****
$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
FROM ' . USERS_TABLE . "
! WHERE user_email = '" . $db->sql_escape($email) . "'
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
--- 45,51 ----
$sql = 'SELECT user_id, group_id, username, user_email, user_type, user_lang, user_actkey, user_inactive_reason
FROM ' . USERS_TABLE . "
! WHERE user_email_hash = '" . $db->sql_escape(phpbb_email_hash($email)) . "'
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
$result = $db->sql_query($sql);
$user_row = $db->sql_fetchrow($result);
Modified: branches/phpBB-3_0_0/phpBB/install/install_install.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/install/install_install.php (original)
--- branches/phpBB-3_0_0/phpBB/install/install_install.php Fri Aug 28 10:26:43 2009
***************
*** 1337,1343 ****
WHERE config_name = 'avatar_salt'",
'UPDATE ' . $data['table_prefix'] . "users
! SET username = '" . $db->sql_escape($data['admin_name']) . "', user_password='" . $db->sql_escape(md5($data['admin_pass1'])) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($data['default_lang']) . "', user_email='" . $db->sql_escape($data['board_email1']) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . (crc32($data['board_email1']) . strlen($data['board_email1'])) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($data['admin_name'])) . "'
WHERE username = 'Admin'",
'UPDATE ' . $data['table_prefix'] . "moderator_cache
--- 1337,1343 ----
WHERE config_name = 'avatar_salt'",
'UPDATE ' . $data['table_prefix'] . "users
! SET username = '" . $db->sql_escape($data['admin_name']) . "', user_password='" . $db->sql_escape(md5($data['admin_pass1'])) . "', user_ip = '" . $db->sql_escape($user_ip) . "', user_lang = '" . $db->sql_escape($data['default_lang']) . "', user_email='" . $db->sql_escape($data['board_email1']) . "', user_dateformat='" . $db->sql_escape($lang['default_dateformat']) . "', user_email_hash = " . $db->sql_escape(phpbb_email_hash($data['board_email1'])) . ", username_clean = '" . $db->sql_escape(utf8_clean_string($data['admin_name'])) . "'
WHERE username = 'Admin'",
'UPDATE ' . $data['table_prefix'] . "moderator_cache
|
