Changeset 306


Ignore:
Timestamp:
Mar 13, 2008, 7:56:42 PM (17 years ago)
Author:
george
Message:

Oprava sloupce databáze I na sha_pass_hash.

Location:
minimanager
Files:
2 added
4 edited

Legend:

Unmodified
Added
Removed

  • minimanager/edit.php

    r304 r306  
    186186 $sql->connect($realm_db['addr'], $realm_db['user'], $realm_db['pass'], $realm_db['name']);
    187187
    188  $new_pass = ($sql->quote_smart($_POST['pass']) != sha1(strtoupper($user_name).":******")) ? "I='".$sql->quote_smart($_POST['pass'])."', " : "";
     188 $new_pass = ($sql->quote_smart($_POST['pass']) != sha1(strtoupper($user_name).":******")) ? "sha_pass_hash='".$sql->quote_smart($_POST['pass'])."', " : "";
    189189 $new_mail = $sql->quote_smart(trim($_POST['mail']));
    190190 $new_tbc = $sql->quote_smart(trim($_POST['tbc']));

  • minimanager/login.php

    r142 r306  
    2727 if (strlen($user_name) > 255 || strlen($user_pass) > 255) redirect("login.php?error=1");
    2828 
    29  $result = $sql->query("SELECT id,gmlevel,username FROM account WHERE username='$user_name' AND I='$user_pass' ");
     29 $result = $sql->query("SELECT id,gmlevel,username FROM account WHERE username='$user_name' AND sha_pass_hash='$user_pass' ");
    3030
    3131 if ($sql->num_rows($result) == 1) {
     
    142142 $user_pass  = $sql->quote_smart($_COOKIE['p_hash']);
    143143
    144  $result = $sql->query("SELECT username,gmlevel,id FROM account WHERE username='$user_name' AND I='$user_pass'");
     144 $result = $sql->query("SELECT username,gmlevel,id FROM account WHERE username='$user_name' AND sha_pass_hash='$user_pass'");
    145145
    146146 if ($sql->num_rows($result)) {

  • minimanager/register.php

    r184 r306  
    344344 $hash = $sql->quote_smart($_GET['h']);
    345345
    346  $result = $sql->query("SELECT id,username FROM account WHERE I = '$hash'");
     346 $result = $sql->query("SELECT id,username FROM account WHERE sha_pass_hash = '$hash'");
    347347
    348348 if ($sql->num_rows($result) == 1){
     
    350350        $id = $sql->result($result, 0, 'id');
    351351        if (substr(sha1(strtoupper($sql->result($result, 0, 'username'))),0,7) == $pass){
    352                 $sql->query("UPDATE account SET I=SHA1(CONCAT(UPPER('$username'),':',UPPER('$pass'))) WHERE id = '$id'");
     352                $sql->query("UPDATE account SET sha_pass_hash=SHA1(CONCAT(UPPER('$username'),':',UPPER('$pass'))) WHERE id = '$id'");
    353353                redirect("login.php");
    354354                }

  • minimanager/user.php

    r142 r306  
    769769 $username = $sql->quote_smart($_POST['username']);
    770770 $pass = $sql->quote_smart($_POST['pass']);
    771  $user_pass_change = ($pass != sha1(strtoupper($username).":******")) ? "username='$username',I='$pass'," : "";
     771 $user_pass_change = ($pass != sha1(strtoupper($username).":******")) ? "username='$username',sha_pass_hash='$pass'," : "";
    772772 
    773773 $mail = (isset($_POST['mail']) && $_POST['mail'] != '') ? $sql->quote_smart($_POST['mail']) : "";
Note: See TracChangeset for help on using the changeset viewer.