Changeset 702 for trunk/forum/includes/auth/auth_db.php
- Timestamp:
- Mar 31, 2010, 6:32:40 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/forum/includes/auth/auth_db.php
r400 r702 8 8 * 9 9 * @package login 10 * @version $Id : auth_db.php 8479 2008-03-29 00:22:48Z naderman$10 * @version $Id$ 11 11 * @copyright (c) 2005 phpBB Group 12 12 * @license http://opensource.org/licenses/gpl-license.php GNU Public License … … 63 63 ); 64 64 } 65 $show_captcha = $config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']; 65 66 66 67 // If there are too much login attempts, we need to check for an confirm image 67 68 // Every auth module is able to define what to do by itself... 68 if ($config['max_login_attempts'] && $row['user_login_attempts'] >= $config['max_login_attempts']) 69 { 70 $confirm_id = request_var('confirm_id', ''); 71 $confirm_code = request_var('confirm_code', ''); 72 69 if ($show_captcha) 70 { 73 71 // Visual Confirmation handling 74 if (!$confirm_id) 72 if (!class_exists('phpbb_captcha_factory')) 73 { 74 global $phpbb_root_path, $phpEx; 75 include ($phpbb_root_path . 'includes/captcha/captcha_factory.' . $phpEx); 76 } 77 78 $captcha =& phpbb_captcha_factory::get_instance($config['captcha_plugin']); 79 $captcha->init(CONFIRM_LOGIN); 80 $vc_response = $captcha->validate($row); 81 if ($vc_response) 75 82 { 76 83 return array( … … 82 89 else 83 90 { 84 global $user; 85 86 $sql = 'SELECT code 87 FROM ' . CONFIRM_TABLE . " 88 WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' 89 AND session_id = '" . $db->sql_escape($user->session_id) . "' 90 AND confirm_type = " . CONFIRM_LOGIN; 91 $result = $db->sql_query($sql); 92 $confirm_row = $db->sql_fetchrow($result); 93 $db->sql_freeresult($result); 94 95 if ($confirm_row) 96 { 97 if (strcasecmp($confirm_row['code'], $confirm_code) === 0) 98 { 99 $sql = 'DELETE FROM ' . CONFIRM_TABLE . " 100 WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' 101 AND session_id = '" . $db->sql_escape($user->session_id) . "' 102 AND confirm_type = " . CONFIRM_LOGIN; 103 $db->sql_query($sql); 104 } 105 else 106 { 107 return array( 108 'status' => LOGIN_ERROR_ATTEMPTS, 109 'error_msg' => 'CONFIRM_CODE_WRONG', 110 'user_row' => $row, 111 ); 112 } 113 } 114 else 115 { 116 return array( 117 'status' => LOGIN_ERROR_ATTEMPTS, 118 'error_msg' => 'CONFIRM_CODE_WRONG', 119 'user_row' => $row, 120 ); 121 } 122 } 91 $captcha->reset(); 92 } 93 123 94 } 124 95 … … 142 113 143 114 // cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding 144 if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']) 115 // plain md5 support left in for conversions from other systems. 116 if ((strlen($row['user_password']) == 34 && (phpbb_check_hash(md5($password_old_format), $row['user_password']) || phpbb_check_hash(md5(utf8_to_cp1252($password_old_format)), $row['user_password']))) 117 || (strlen($row['user_password']) == 32 && (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password']))) 145 118 { 146 119 $hash = phpbb_hash($password_new_format); … … 227 200 // Give status about wrong password... 228 201 return array( 229 'status' => LOGIN_ERROR_PASSWORD,230 'error_msg' => 'LOGIN_ERROR_PASSWORD',202 'status' => ($show_captcha) ? LOGIN_ERROR_ATTEMPTS : LOGIN_ERROR_PASSWORD, 203 'error_msg' => ($show_captcha) ? 'LOGIN_ERROR_ATTEMPTS' : 'LOGIN_ERROR_PASSWORD', 231 204 'user_row' => $row, 232 205 );
Note:
See TracChangeset
for help on using the changeset viewer.