From: mose <mo...@ti...> - 2007-06-13 17:04:00
|
le Wed, Jun 13, 2007 at 12:45:20PM -0400 par Sylvie Greverend : > I am not sure about this one. It is not because provpass is not empty > than the account is invalid > See remind password set provpass but you still can log in with the old > pass - my commit didn't change this. I only added a if !$validate_phase for account validation step for the first login. The rest was there before. cheers, mose > > On Tue, 2007-06-12 at 16:45 -0700, mo...@us... wrote: > > Update of /cvsroot/tikiwiki/tiki/lib > > In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv16887/lib > > > > Modified Files: > > userslib.php > > Log Message: > > [FIX] registration: fixed email validation scheme. also fixed hash_pass for it uses only md5 of password, and not login.pass, otherwise we can't decently think about changing login. > > > > Index: userslib.php > > =================================================================== > > > // next verify the password with every hashes methods > > if ($feature_challenge == 'n' || empty($response)) { > > - if ($res['hash'] == md5($pass)) // old old method md5(pass), for compatibility > > - return array(true, $user); > > - > > - if ($res['hash'] == md5($user.$pass.trim($res['email']))) // old method md5(user.pass.email), for compatibility > > - return array(true, $user); > > + if (!$validate_phase and $res['provpass']) { > > + return array(USER_NOT_VALIDATED, $user); > > + } > > + if ($res['hash'] == md5($user.$pass.trim($res['email']))) // very old method md5(user.pass.email), for compatibility > > + return array(USER_VALID, $user); > > > > - if ($this->hash_pass($user, $pass, $res['hash']) == $res['hash']) // new method (crypt-md5) and tikihash method (md5(user.pass)) > > - return array(true, $user); > > + if ($res['hash'] == md5($user.$pass)) // old method md5(user.pass), for compatibility > > + return array(USER_VALID, $user); > > + > > + if ($res['hash'] == md5($pass)) // normal method md5(pass) > > + return array(USER_VALID, $user); > > + > > + if ($this->hash_pass($pass, $res['hash']) == $res['hash']) // new method (crypt-md5) and tikihash method (md5(pass)) > > + return array(USER_VALID, $user); > > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Tikiwiki-devel mailing list > Tik...@li... > https://lists.sourceforge.net/lists/listinfo/tikiwiki-devel |