Vergleich inc/functions_user.php - 1.8.9 - 1.8.26

Keine Änderungen Hinzugefügt Modifiziert Entfernt
Zeile 92	Zeile 92
if(!$user['salt']) { // Generate a salt for this user and assume the password stored in db is a plain md5 password	if(!$user['salt']) { // Generate a salt for this user and assume the password stored in db is a plain md5 password
$user['salt'] = generate_salt(); $user['password'] = create_password_hash($user['password'], $user['salt'], $user); $sql_array = array( "salt" => $user['salt'], "password" => $user['password'] ); $db->update_query("users", $sql_array, "uid='".$user['uid']."'");	$password_fields = create_password($user['password'], false, $user); $db->update_query("users", $password_fields, "uid='".$user['uid']."'");
} if(!$user['loginkey'])	} if(!$user['loginkey'])
Zeile 108	Zeile 103
"loginkey" => $user['loginkey'] ); $db->update_query("users", $sql_array, "uid = ".$user['uid']);	"loginkey" => $user['loginkey'] ); $db->update_query("users", $sql_array, "uid = ".$user['uid']);
}	}
if(verify_user_password($user, $password))	if(verify_user_password($user, $password))
{	{
return $user;	return $user;
}	}
else { return false;	else { return false;
} }	} }
/** * Updates a user's password. *	/** * Updates a user's password. *
Zeile 127	Zeile 122
* @param string $salt (Optional) The salt of the user. * @return array The new password. * @deprecated deprecated since version 1.8.6 Please use other alternatives.	* @param string $salt (Optional) The salt of the user. * @return array The new password. * @deprecated deprecated since version 1.8.6 Please use other alternatives.
*/	*/
function update_password($uid, $password, $salt="") { global $db, $plugins;	function update_password($uid, $password, $salt="") { global $db, $plugins;
Zeile 175	Zeile 170
* @deprecated deprecated since version 1.8.9 Please use other alternatives. */ function salt_password($password, $salt)	* @deprecated deprecated since version 1.8.9 Please use other alternatives. */ function salt_password($password, $salt)
{	{
return md5(md5($salt).$password); }	return md5(md5($salt).$password); }
Zeile 183	Zeile 178
* Salts a password based on a supplied salt. * * @param string $password The input password.	* Salts a password based on a supplied salt. * * @param string $password The input password.
* @param string $salt The salt used by the MyBB algorithm.	* @param string $salt (Optional) The salt used by the MyBB algorithm.
* @param string $user (Optional) An array containing password-related data.	* @param string $user (Optional) An array containing password-related data.
* @return string The password hash. */ function create_password_hash($password, $salt, $user = false) { global $plugins; $hash = null; $parameters = compact('password', 'salt', 'user', 'hash'); if(!defined('IN_INSTALL') && !defined('IN_UPGRADE')) { $plugins->run_hooks('create_password_hash', $parameters); }	* @return array Password-related fields. */ function create_password($password, $salt = false, $user = false) { global $plugins; $fields = null; $parameters = compact('password', 'salt', 'user', 'fields'); if(!defined('IN_INSTALL') && !defined('IN_UPGRADE')) { $plugins->run_hooks('create_password', $parameters); } if(!is_null($parameters['fields'])) { $fields = $parameters['fields']; } else { if(!$salt) { $salt = generate_salt(); } $hash = md5(md5($salt).md5($password)); $fields = array( 'salt' => $salt, 'password' => $hash, ); }

if(!is_null($parameters['hash'])) { return $parameters['hash']; } else { return md5(md5($salt).md5($password)); }	return $fields;
} /**	} /**
Zeile 220	Zeile 227
function verify_user_password($user, $password) { global $plugins;	function verify_user_password($user, $password) { global $plugins;
$result = null;	$result = null;
$parameters = compact('user', 'password', 'result'); if(!defined('IN_INSTALL') && !defined('IN_UPGRADE')) { $plugins->run_hooks('verify_user_password', $parameters);	$parameters = compact('user', 'password', 'result'); if(!defined('IN_INSTALL') && !defined('IN_UPGRADE')) { $plugins->run_hooks('verify_user_password', $parameters);
}	}
if(!is_null($parameters['result']))	if(!is_null($parameters['result']))
{	{
return $parameters['result']; } else {	return $parameters['result']; } else {
$hashed_password = create_password_hash($password, $user['salt'], $user); return my_hash_equals($user['password'], $hashed_password); } } /** * Performs a timing attack safe string comparison. * * @param string $known_string The first string to be compared. * @param string $user_string The second, user-supplied string to be compared. * @return bool Result of the comparison. */ function my_hash_equals($known_string, $user_string) { if(version_compare(PHP_VERSION, '5.6.0', '>=')) { return hash_equals($known_string, $user_string); } else { $known_string_length = my_strlen($known_string); $user_string_length = my_strlen($user_string); if($user_string_length != $known_string_length) { return false; } $result = 0; for($i = 0; $i < $known_string_length; $i++) { $result \|= ord($known_string[$i]) ^ ord($user_string[$i]); }	$password_fields = create_password($password, $user['salt'], $user);

return $result === 0;	return my_hash_equals($user['password'], $password_fields['password']);
} }	} }
Zeile 441	Zeile 414
'uid' => $uid ); $db->insert_query("forumsubscriptions", $insert_array);	'uid' => $uid ); $db->insert_query("forumsubscriptions", $insert_array);
}	}
return true; }	return true; }
Zeile 514	Zeile 487
*/ function usercp_menu_messenger() {	*/ function usercp_menu_messenger() {
global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;	global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapse, $collapsed, $collapsedimg;

	$expaltext = (in_array("usercppms", $collapse)) ? "[+]" : "[-]";
$usercp_nav_messenger = $templates->get("usercp_nav_messenger"); // Hide tracking link if no permission $tracking = '';	$usercp_nav_messenger = $templates->get("usercp_nav_messenger"); // Hide tracking link if no permission $tracking = '';
Zeile 576	Zeile 550
*/ function usercp_menu_profile() {	*/ function usercp_menu_profile() {
global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;	global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapse, $collapsed, $collapsedimg;
$changenameop = ''; if($mybb->usergroup['canchangename'] != 0)	$changenameop = ''; if($mybb->usergroup['canchangename'] != 0)
Zeile 596	Zeile 570
if(!isset($collapsedimg['usercpprofile'])) { $collapsedimg['usercpprofile'] = '';	if(!isset($collapsedimg['usercpprofile'])) { $collapsedimg['usercpprofile'] = '';
}	}
if(!isset($collapsed['usercpprofile_e'])) { $collapsed['usercpprofile_e'] = ''; }	if(!isset($collapsed['usercpprofile_e'])) { $collapsed['usercpprofile_e'] = ''; }
	$expaltext = (in_array("usercpprofile", $collapse)) ? "[+]" : "[-]";
eval("\$usercpmenu .= \"".$templates->get("usercp_nav_profile")."\";"); }	eval("\$usercpmenu .= \"".$templates->get("usercp_nav_profile")."\";"); }
Zeile 612	Zeile 587
*/ function usercp_menu_misc() {	*/ function usercp_menu_misc() {
global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapsed, $collapsedimg;	global $db, $mybb, $templates, $theme, $usercpmenu, $lang, $collapse, $collapsed, $collapsedimg;
$draftstart = $draftend = ''; $draftcount = $lang->ucp_nav_drafts;	$draftstart = $draftend = ''; $draftcount = $lang->ucp_nav_drafts;
Zeile 641	Zeile 616
} $profile_link = get_profile_link($mybb->user['uid']);	} $profile_link = get_profile_link($mybb->user['uid']);
	$expaltext = (in_array("usercpmisc", $collapse)) ? "[+]" : "[-]";
eval("\$usercpmenu .= \"".$templates->get("usercp_nav_misc")."\";"); }	eval("\$usercpmenu .= \"".$templates->get("usercp_nav_misc")."\";"); }
Zeile 749	Zeile 725
switch($fid) {	switch($fid) {
case 1:	case 0:
return $lang->folder_inbox;	return $lang->folder_inbox;
	break; case 1: return $lang->folder_unread;
break; case 2: return $lang->folder_sent_items;	break; case 2: return $lang->folder_sent_items;