This is an automated email from the git hooks/post-receive script. s k u n n y k p u s h e d a c o m m i t t o b r a n c h o l d f o r u m in repository www/forum.xfce.org.
commit 18dad3133645c36de454db68fd575238f08b6505 Author: Nick Schermer <n...@xfce.org> Date: Fri Nov 12 17:04:52 2010 +0100 Changes to handle the old SMF password in the database. If a FluxBB password fails, we look if the password looks like a SMF 1.0 or 1.1 password; if so, we replace the SMF password with a FluxBB hash if the user succesfully authorized. --- login.php | 46 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 14 deletions(-) diff --git a/login.php b/login.php index 0f899c4..83236c0 100644 --- a/login.php +++ b/login.php @@ -16,6 +16,11 @@ require PUN_ROOT.'include/common.php'; // Load the login.php language file require PUN_ROOT.'lang/'.$pun_user['language'].'/login.php'; +function un_htmlspecialchars($string) +{ + return strtr($string, array_flip(get_html_translation_table(HTML_SPECIALCHARS, ENT_QUOTES)) + array(''' => '\'', ' ' => ' ')); +} + $action = isset($_GET['action']) ? $_GET['action'] : null; if (isset($_POST['form_sent']) && $action == 'in') @@ -30,34 +35,47 @@ if (isset($_POST['form_sent']) && $action == 'in') $cur_user = $db->fetch_assoc($result); $authorized = false; + $update_db_password = false; if (!empty($cur_user['password'])) { - $form_password_hash = pun_hash($form_password); // Will result in a SHA-1 hash + // Will result in a SHA-1 hash + $form_password_hash = pun_hash($form_password); - // If there is a salt in the database we have upgraded from 1.3-legacy though havent yet logged in - if (!empty($cur_user['salt'])) + if (strlen($cur_user['password']) != 40) { - if (sha1($cur_user['salt'].sha1($form_password)) == $cur_user['password']) // 1.3 used sha1(salt.sha1(pass)) + // Old SMF 1.0.x password + if (md5($form_password) == $cur_user['password']) { $authorized = true; - - $db->query('UPDATE '.$db->prefix.'users SET password=\''.$form_password_hash.'\', salt=NULL WHERE id='.$cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error()); + $update_db_password = true; } } - // If the length isn't 40 then the password isn't using sha1, so it must be md5 from 1.2 - else if (strlen($cur_user['password']) != 40) + else { - if (md5($form_password) == $cur_user['password']) + if ($cur_user['password'] == $form_password_hash) { + // New FluxBB password $authorized = true; - - $db->query('UPDATE '.$db->prefix.'users SET password=\''.$form_password_hash.'\' WHERE id='.$cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error()); + } + else + { + // Old SMF 1.1.x password + $smf_password_hash = sha1(strtolower($form_username) . un_htmlspecialchars(stripslashes($form_password))); + if ($cur_user['password'] == $smf_password_hash) + { + $authorized = true; + $update_db_password = true; + } } } - // Otherwise we should have a normal sha1 password - else - $authorized = ($cur_user['password'] == $form_password_hash); + + if ($authorized && $update_db_password) + { + // Replace the SMF password with an FluxBB password + $db->query('UPDATE '.$db->prefix.'users SET password=\''.$form_password_hash.'\', salt=NULL WHERE id='.$cur_user['id']) + or error('Unable to update user password', __FILE__, __LINE__, $db->error()); + } } if (!$authorized) -- To stop receiving notification emails like this one, please contact the administrator of this repository. _______________________________________________ Xfce4-commits mailing list Xfce4-commits@xfce.org https://mail.xfce.org/mailman/listinfo/xfce4-commits