[Xfce4-commits] [www/forum.xfce.org] 02/79: Changes to handle the old SMF password in the database.
noreply at xfce.org
noreply at xfce.org
Tue May 21 14:47:57 CEST 2019
This is an automated email from the git hooks/post-receive script.
s k u n n y k p u s h e d a c o m m i t t o b r a n c h o l d f o r u m
in repository www/forum.xfce.org.
commit 18dad3133645c36de454db68fd575238f08b6505
Author: Nick Schermer <nick at xfce.org>
Date: Fri Nov 12 17:04:52 2010 +0100
Changes to handle the old SMF password in the database.
If a FluxBB password fails, we look if the password
looks like a SMF 1.0 or 1.1 password; if so, we replace the
SMF password with a FluxBB hash if the user succesfully
authorized.
---
login.php | 46 ++++++++++++++++++++++++++++++++--------------
1 file changed, 32 insertions(+), 14 deletions(-)
diff --git a/login.php b/login.php
index 0f899c4..83236c0 100644
--- a/login.php
+++ b/login.php
@@ -16,6 +16,11 @@ require PUN_ROOT.'include/common.php';
// Load the login.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/login.php';
+function un_htmlspecialchars($string)
+{
+ return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, ENT_QUOTES)) + array(''' => '\'', ' ' => ' '));
+}
+
$action = isset($_GET['action']) ? $_GET['action'] : null;
if (isset($_POST['form_sent']) && $action == 'in')
@@ -30,34 +35,47 @@ if (isset($_POST['form_sent']) && $action == 'in')
$cur_user = $db->fetch_assoc($result);
$authorized = false;
+ $update_db_password = false;
if (!empty($cur_user['password']))
{
- $form_password_hash = pun_hash($form_password); // Will result in a SHA-1 hash
+ // Will result in a SHA-1 hash
+ $form_password_hash = pun_hash($form_password);
- // If there is a salt in the database we have upgraded from 1.3-legacy though havent yet logged in
- if (!empty($cur_user['salt']))
+ if (strlen($cur_user['password']) != 40)
{
- if (sha1($cur_user['salt'].sha1($form_password)) == $cur_user['password']) // 1.3 used sha1(salt.sha1(pass))
+ // Old SMF 1.0.x password
+ if (md5($form_password) == $cur_user['password'])
{
$authorized = true;
-
- $db->query('UPDATE '.$db->prefix.'users SET password=\''.$form_password_hash.'\', salt=NULL WHERE id='.$cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
+ $update_db_password = true;
}
}
- // If the length isn't 40 then the password isn't using sha1, so it must be md5 from 1.2
- else if (strlen($cur_user['password']) != 40)
+ else
{
- if (md5($form_password) == $cur_user['password'])
+ if ($cur_user['password'] == $form_password_hash)
{
+ // New FluxBB password
$authorized = true;
-
- $db->query('UPDATE '.$db->prefix.'users SET password=\''.$form_password_hash.'\' WHERE id='.$cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
+ }
+ else
+ {
+ // Old SMF 1.1.x password
+ $smf_password_hash = sha1(strtolower($form_username) . un_htmlspecialchars(stripslashes($form_password)));
+ if ($cur_user['password'] == $smf_password_hash)
+ {
+ $authorized = true;
+ $update_db_password = true;
+ }
}
}
- // Otherwise we should have a normal sha1 password
- else
- $authorized = ($cur_user['password'] == $form_password_hash);
+
+ if ($authorized && $update_db_password)
+ {
+ // Replace the SMF password with an FluxBB password
+ $db->query('UPDATE '.$db->prefix.'users SET password=\''.$form_password_hash.'\', salt=NULL WHERE id='.$cur_user['id'])
+ or error('Unable to update user password', __FILE__, __LINE__, $db->error());
+ }
}
if (!$authorized)
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Xfce4-commits
mailing list