Update of /cvsroot/phpmychat/phpMyChat-0.15/chat
In directory usw-pr-cvs1:/tmp/cvs-serv4506/chat
Modified Files:
profile_reg.php3 profile_edit.php3
Log Message:
Passwords are no more crypted
Index: profile_reg.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/profile_reg.php3,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -r1.11 -r1.12
*** profile_reg.php3 2001/04/23 19:50:13 1.11
--- profile_reg.php3 2001/05/16 20:55:37 1.12
***************
*** 179,184 ****
}
- $pwdHash = md5($password);
-
// Sends the password to the e-mail address if required
if (C_EMAIL_PASWD)
--- 179,182 ----
***************
*** 205,212 ****
if (empty($error))
{
$regQuery = 'INSERT INTO ' . C_REG_TBL . ' '
. '(username, latin1, password, firstname, lastname, country, website, email, showemail, perms, rooms, reg_time, ip, gender) '
. 'VALUES ('
! . "'$slashedNick', '$latin1', '$pwdHash', '" . pmcSlashSingleQuotes($firstName) . "', '" . pmcSlashSingleQuotes($lastName) . "', '" . pmcSlashSingleQuotes($spokenLang) . "', '$webSite', '$email', $showEmail, 'user', '', " . time() . ", '$ip', '$gender'"
. ')';
$dbLink->query($regQuery);
--- 203,211 ----
if (empty($error))
{
+ $slashedPswd = pmcSlashSingleQuotes(str_replace('\\', '\\\\', $password));
$regQuery = 'INSERT INTO ' . C_REG_TBL . ' '
. '(username, latin1, password, firstname, lastname, country, website, email, showemail, perms, rooms, reg_time, ip, gender) '
. 'VALUES ('
! . "'$slashedNick', '$latin1', '$slashedPswd', '" . pmcSlashSingleQuotes($firstName) . "', '" . pmcSlashSingleQuotes($lastName) . "', '" . pmcSlashSingleQuotes($spokenLang) . "', '$webSite', '$email', $showEmail, 'user', '', " . time() . ", '$ip', '$gender'"
. ')';
$dbLink->query($regQuery);
***************
*** 215,219 ****
$dbSessionVars['nick'] = $nick;
! $dbSessionVars['pwdHash'] = $pwdHash;
dbSessionSave();
// The db link should be closed but this can't be done under Apache because
--- 214,218 ----
$dbSessionVars['nick'] = $nick;
! $dbSessionVars['password'] = $password;
dbSessionSave();
// The db link should be closed but this can't be done under Apache because
Index: profile_edit.php3
===================================================================
RCS file: /cvsroot/phpmychat/phpMyChat-0.15/chat/profile_edit.php3,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -r1.8 -r1.9
*** profile_edit.php3 2001/04/19 20:25:35 1.8
--- profile_edit.php3 2001/05/16 20:55:37 1.9
***************
*** 174,177 ****
--- 174,178 ----
if (!isset($error))
{
+ $slashedPswd = pmcSlashSingleQuotes(str_replace('\\', '\\\\', $password));
$latin1 = (L_CHARSET == 'iso-8859-1') ? 1 : 0;
$showEmail = (isset($showEmail) && $showEmail) ? 1 : 0;
***************
*** 182,190 ****
include('./lib/get_ip.lib.' . C_EXTENSION);
- // Defines the password
- $pwdHash = md5($password);
-
// Updates the profile
! $dbLink->query("UPDATE " . C_REG_TBL . " SET username = '$slashedNick', latin1 = '$latin1', password = '$pwdHash', firstname='" . pmcSlashSingleQuotes($firstName) . "', lastname = '" . pmcSlashSingleQuotes($lastName) . "', country = '" . pmcSlashSingleQuotes($spokenLang) . "', website = '$webSite', email = '$email', showemail = $showEmail, reg_time = " . time() . ", ip = '$ip', gender = '$gender' WHERE username = '" . pmcSlashSingleQuotes($dbSessionVars['authUsername']) . "'");
if ($dbSessionVars['authPassword'] != $password)
$dbSessionVars['authPassword'] = $password;
--- 183,188 ----
include('./lib/get_ip.lib.' . C_EXTENSION);
// Updates the profile
! $dbLink->query("UPDATE " . C_REG_TBL . " SET username = '$slashedNick', latin1 = '$latin1', password = '$slashedPswd', firstname='" . pmcSlashSingleQuotes($firstName) . "', lastname = '" . pmcSlashSingleQuotes($lastName) . "', country = '" . pmcSlashSingleQuotes($spokenLang) . "', website = '$webSite', email = '$email', showemail = $showEmail, reg_time = " . time() . ", ip = '$ip', gender = '$gender' WHERE username = '" . pmcSlashSingleQuotes($dbSessionVars['authUsername']) . "'");
if ($dbSessionVars['authPassword'] != $password)
$dbSessionVars['authPassword'] = $password;
***************
*** 380,384 ****
{
$dbSessionVars['nick'] = $nick;
! $dbSessionVars['pwdHash'] = $pwdHash;
$toUnreg = array('conservative', 'authUsername', 'authPassword');
dbSessionUnregister($toUnreg);
--- 378,382 ----
{
$dbSessionVars['nick'] = $nick;
! $dbSessionVars['password'] = $password;
$toUnreg = array('conservative', 'authUsername', 'authPassword');
dbSessionUnregister($toUnreg);
|
