Skip to content

Commit

Permalink
Follow up review comments on hurtom#54
Browse files Browse the repository at this point in the history
  • Loading branch information
yukoff committed Aug 23, 2017
1 parent 3a50b02 commit 3944aaf
Show file tree
Hide file tree
Showing 5 changed files with 8 additions and 8 deletions.
6 changes: 3 additions & 3 deletions install/sql/mysql.sql
Original file line number Diff line number Diff line change
Expand Up @@ -1087,7 +1087,7 @@ CREATE TABLE `bb_users` (
`user_id` mediumint(8) NOT NULL,
`user_active` tinyint(1) NOT NULL DEFAULT 1,
`username` varchar(25) NOT NULL DEFAULT '',
`user_password` varchar(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL DEFAULT '',
`user_password` varchar(60) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL DEFAULT '',
`user_session_time` int(11) NOT NULL DEFAULT 0,
`user_lastvisit` int(11) NOT NULL DEFAULT 0,
`user_last_ip` char(42) NOT NULL DEFAULT '0',
Expand Down Expand Up @@ -1127,8 +1127,8 @@ CREATE TABLE `bb_users` (
--

INSERT INTO `bb_users` (`user_id`, `user_active`, `username`, `user_password`, `user_session_time`, `user_lastvisit`, `user_last_ip`, `user_regdate`, `user_reg_ip`, `user_level`, `user_posts`, `user_timezone`, `user_lang`, `user_new_privmsg`, `user_unread_privmsg`, `user_last_privmsg`, `user_opt`, `user_rank`, `avatar_ext_id`, `user_gender`, `user_birthday`, `user_email`, `user_skype`, `user_twitter`, `user_icq`, `user_website`, `user_from`, `user_sig`, `user_occ`, `user_interests`, `user_actkey`, `user_newpasswd`, `autologin_id`, `user_newest_pm_id`, `user_points`, `tpl_name`) VALUES
(-746, 0, 'bot', 'd41d8cd98f00b204e9800998ecf8427e', 0, 0, '0', 0, '0', 0, 0, 0.00, '', 0, 0, 0, 144, 0, 0, 0, '0000-00-00', 'bot@torrentpier.com', '', '', '', '', '', '', '', '', '', '', '', 0, 0.00, 'default'),
(-1, 0, 'Guest', 'd41d8cd98f00b204e9800998ecf8427e', 0, 0, '0', 0, '0', 0, 0, 0.00, '', 0, 0, 0, 0, 0, 0, 0, '0000-00-00', '', '', '', '', '', '', '', '', '', '', '', '', 0, 0.00, 'default'),
(-746, 0, 'bot', '$2y$12$b0r5t5lGTbWGW8iMeWwo.Oj7sI7Uaram3LtUFhidl4FlqVww9qtiy', 0, 0, '0', 0, '0', 0, 0, 0.00, '', 0, 0, 0, 144, 0, 0, 0, '0000-00-00', 'bot@torrentpier.com', '', '', '', '', '', '', '', '', '', '', '', 0, 0.00, 'default'),
(-1, 0, 'Guest', '$2y$12$b0r5t5lGTbWGW8iMeWwo.Oj7sI7Uaram3LtUFhidl4FlqVww9qtiy', 0, 0, '0', 0, '0', 0, 0, 0.00, '', 0, 0, 0, 0, 0, 0, 0, '0000-00-00', '', '', '', '', '', '', '', '', '', '', '', '', 0, 0.00, 'default'),
(2, 1, 'admin', '$2y$12$9kPH9v2ayVP63JFp71FonuNtqc9qQlObeqG0Rhp8rtFl4/M5CcoYW', 0, 0, 'c0a86301', 0, '0', 1, 1, 2.00, '', 0, 0, 0, 304, 1, 0, 0, '0000-00-00', 'admin@torrentpier.com', '', '', '', '', '', '', '', '', '', '', 'XCbkm1SmP1GB', 0, 0.00, 'default');

-- --------------------------------------------------------
Expand Down
4 changes: 2 additions & 2 deletions library/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@

$bb_cfg = [];

//Алгоритм хешування
$bb_cfg['passhash_cost'] = ['cost' => 12,];
// Options for password_hash() (PASSWORD_BCRYPT algo)
$bb_cfg['passhash_opts'] = ['cost' => 12];

// Increase number after changing js or css
$bb_cfg['js_ver'] = $bb_cfg['css_ver'] = 1;
Expand Down
2 changes: 1 addition & 1 deletion library/includes/ucp/activate.php
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
if ($row['user_active'] && trim($row['user_actkey']) == '') {
bb_die($lang['ALREADY_ACTIVATED']);
} elseif ((trim($row['user_actkey']) == trim($_GET['act_key'])) && (trim($row['user_actkey']) != '')) {
$sql_update_pass = ($row['user_newpasswd'] != '') ? ", user_password = '" . password_hash(md5($row['user_newpasswd']), PASSWORD_BCRYPT, $bb_cfg['passhash_cost']) . "', user_newpasswd = ''" : '';
$sql_update_pass = ($row['user_newpasswd'] != '') ? ", user_password = '" . password_hash(md5($row['user_newpasswd']), PASSWORD_BCRYPT, $bb_cfg['passhash_opts']) . "', user_newpasswd = ''" : '';

$sql = "UPDATE " . BB_USERS . "
SET user_active = 1, user_actkey = ''" . $sql_update_pass . "
Expand Down
2 changes: 1 addition & 1 deletion library/includes/ucp/register.php
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@
} elseif ($new_pass != $cfm_pass) {
$errors[] = $lang['CHOOSE_PASS_ERR'];
}
$db_data['user_password'] = password_hash(md5($new_pass), PASSWORD_BCRYPT, $bb_cfg['passhash_cost']);
$db_data['user_password'] = password_hash(md5($new_pass), PASSWORD_BCRYPT, $bb_cfg['passhash_opts']);
}

if ($mode == 'register') {
Expand Down
2 changes: 1 addition & 1 deletion src/Legacy/Common/User.php
Original file line number Diff line number Diff line change
Expand Up @@ -404,7 +404,7 @@ public function login($args, $mod_admin_login = false)
";

$userdata = DB()->fetch_row($sql);
if (password_verify(md5($password), $userdata['user_password'])) {
if ($userdata && password_verify(md5($password), $userdata['user_password'])) {
if (!$userdata['username'] || !$userdata['user_password'] || $userdata['user_id'] == GUEST_UID || !$userdata['user_active']) {
trigger_error('invalid userdata', E_USER_ERROR);
}
Expand Down

0 comments on commit 3944aaf

Please sign in to comment.