message

git-svn-id: file:///svn/phpbb/trunk@6655 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-29 06:38:52 +00:00 · 2006-11-25 20:00:56 +00:00 · 2006-11-25 20:00:56 +00:00 · 870a3a1d8a
commit 870a3a1d8a
parent 38b8dc2841
12 changed files with 99 additions and 60 deletions
--- a/phpBB/develop/create_schema_files.php
+++ b/phpBB/develop/create_schema_files.php
@ -1834,6 +1834,7 @@ function get_schema_struct()
 			'username_clean'			=> array('VCHAR_CI', ''),
 			'user_password'				=> array('VCHAR_UNI:40', ''),
 			'user_passchg'				=> array('TIMESTAMP', 0),
 			'user_pass_convert'			=> array('BOOL', 0),
 			'user_email'				=> array('VCHAR_UNI:100', ''),
 			'user_email_hash'			=> array('BINT', 0),
 			'user_birthday'				=> array('VCHAR:10', ''),
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@ -20,7 +20,7 @@ function login_db(&$username, &$password)
 {
 	global $db, $config;
-	$sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type, user_login_attempts
+	$sql = 'SELECT user_id, username, user_password, user_passchg, user_pass_convert, user_email, user_type, user_login_attempts
 		FROM ' . USERS_TABLE . "
 		WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
 	$result = $db->sql_query($sql);
@ -95,8 +95,32 @@ function login_db(&$username, &$password)
 		}
 	}
-	// Password correct...
+	// If the password convert flag is set we need to convert it
-	if (md5($password) == $row['user_password'])
+	if ($row['user_pass_convert'])
 	{
 		// in phpBB2 passwords were used exactly as they were sent
 		$password_old_format = isset($_REQUEST['password']) ? (string) $_REQUEST['password'] : '';
 		$password_old_format = (STRIP) ? stripslashes($password_old_format) : $password_old_format;
 		$password_new_format = '';
 		set_var($password_new_format, $password_old_format, 'string');
 		if ($password == $password_new_format && md5($password_old_format) == $row['user_password'])
 		{
 			// Update the password in the users table to the new format and remove user_pass_convert flag
 			$sql = 'UPDATE ' . USERS_TABLE . '
 				SET user_password = \'' . $db->sql_escape(md5($password_new_format)) . '\',
 					user_pass_convert = 0
 				WHERE user_id = ' . $row['user_id'];
 			$db->sql_query($sql);
 			$row['user_pass_convert'] = 0;
 			$row['user_password'] = md5($password_new_format);
 		}
 	}
 	// Check password ...
 	if (!$row['user_pass_convert'] && md5($password) == $row['user_password'])
 	{
 		// Successful, reset login attempts (the user passed all stages)
 		$sql = 'UPDATE ' . USERS_TABLE . '
--- a/phpBB/includes/db/dbal.php
+++ b/phpBB/includes/db/dbal.php
@ -332,7 +332,6 @@ class dbal
 			case 'mysql':
 			case 'mysql4':
 			case 'mysqli':
 			case 'sqlite':
 				$this->sql_query('INSERT INTO ' . $table . ' ' . $this->sql_build_array('MULTI_INSERT', $sql_ary));
 			break;
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@ -142,6 +142,7 @@ function user_add($user_row, $cp_data = false)
 		'username'			=> $user_row['username'],
 		'username_clean'	=> utf8_clean_string($user_row['username']),
 		'user_password'		=> (isset($user_row['user_password'])) ? $user_row['user_password'] : '',
 		'user_pass_convert'	=> 0,
 		'user_email'		=> strtolower($user_row['user_email']),
 		'user_email_hash'	=> (int) crc32(strtolower($user_row['user_email'])) . strlen($user_row['user_email']),
 		'group_id'			=> $user_row['group_id'],
--- a/phpBB/install/schemas/firebird_schema.sql
+++ b/phpBB/install/schemas/firebird_schema.sql
@ -1367,6 +1367,7 @@ CREATE TABLE phpbb_users (
 	username_clean VARCHAR(255) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	user_password VARCHAR(40) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	user_passchg INTEGER DEFAULT 0 NOT NULL,
 	user_pass_convert INTEGER DEFAULT 0 NOT NULL,
 	user_email VARCHAR(100) CHARACTER SET UTF8 DEFAULT '' NOT NULL COLLATE UNICODE,
 	user_email_hash DOUBLE PRECISION DEFAULT 0 NOT NULL,
 	user_birthday VARCHAR(10) CHARACTER SET NONE DEFAULT '' NOT NULL,
--- a/phpBB/install/schemas/mssql_schema.sql
+++ b/phpBB/install/schemas/mssql_schema.sql
@ -1609,6 +1609,7 @@ CREATE TABLE [phpbb_users] (
 	[username_clean] [varchar] (255) DEFAULT ('') NOT NULL ,
 	[user_password] [varchar] (40) DEFAULT ('') NOT NULL ,
 	[user_passchg] [int] DEFAULT (0) NOT NULL ,
 	[user_pass_convert] [int] DEFAULT (0) NOT NULL ,
 	[user_email] [varchar] (100) DEFAULT ('') NOT NULL ,
 	[user_email_hash] [float] DEFAULT (0) NOT NULL ,
 	[user_birthday] [varchar] (10) DEFAULT ('') NOT NULL ,
--- a/phpBB/install/schemas/mysql_40_schema.sql
+++ b/phpBB/install/schemas/mysql_40_schema.sql
@ -969,6 +969,7 @@ CREATE TABLE phpbb_users (
 	username_clean text NOT NULL,
 	user_password varchar(120) DEFAULT '' NOT NULL,
 	user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
 	user_email text NOT NULL,
 	user_email_hash bigint(20) DEFAULT '0' NOT NULL,
 	user_birthday varchar(10) DEFAULT '' NOT NULL,
--- a/phpBB/install/schemas/mysql_41_schema.sql
+++ b/phpBB/install/schemas/mysql_41_schema.sql
@ -969,6 +969,7 @@ CREATE TABLE phpbb_users (
 	username_clean varchar(255) DEFAULT '' NOT NULL,
 	user_password varchar(40) DEFAULT '' NOT NULL,
 	user_passchg int(11) UNSIGNED DEFAULT '0' NOT NULL,
 	user_pass_convert tinyint(1) UNSIGNED DEFAULT '0' NOT NULL,
 	user_email varchar(100) DEFAULT '' NOT NULL,
 	user_email_hash bigint(20) DEFAULT '0' NOT NULL,
 	user_birthday varchar(10) DEFAULT '' NOT NULL,
--- a/phpBB/install/schemas/oracle_schema.sql
+++ b/phpBB/install/schemas/oracle_schema.sql
@ -1778,6 +1778,7 @@ CREATE TABLE phpbb_users (
 	username_clean varchar2(255) DEFAULT '' ,
 	user_password varchar2(120) DEFAULT '' ,
 	user_passchg number(11) DEFAULT '0' NOT NULL,
 	user_pass_convert number(1) DEFAULT '0' NOT NULL,
 	user_email varchar2(300) DEFAULT '' ,
 	user_email_hash number(20) DEFAULT '0' NOT NULL,
 	user_birthday varchar2(10) DEFAULT '' ,
--- a/phpBB/install/schemas/postgres_schema.sql
+++ b/phpBB/install/schemas/postgres_schema.sql
@ -1229,6 +1229,7 @@ CREATE TABLE phpbb_users (
 	username_clean varchar_ci DEFAULT '' NOT NULL,
 	user_password varchar(40) DEFAULT '' NOT NULL,
 	user_passchg INT4 DEFAULT '0' NOT NULL CHECK (user_passchg >= 0),
 	user_pass_convert INT2 DEFAULT '0' NOT NULL CHECK (user_pass_convert >= 0),
 	user_email varchar(100) DEFAULT '' NOT NULL,
 	user_email_hash INT8 DEFAULT '0' NOT NULL,
 	user_birthday varchar(10) DEFAULT '' NOT NULL,
--- a/phpBB/install/schemas/sqlite_schema.sql
+++ b/phpBB/install/schemas/sqlite_schema.sql
@ -940,6 +940,7 @@ CREATE TABLE phpbb_users (
 	username_clean varchar(255) NOT NULL DEFAULT '',
 	user_password varchar(40) NOT NULL DEFAULT '',
 	user_passchg INTEGER UNSIGNED NOT NULL DEFAULT '0',
 	user_pass_convert INTEGER UNSIGNED NOT NULL DEFAULT '0',
 	user_email varchar(100) NOT NULL DEFAULT '',
 	user_email_hash bigint(20) NOT NULL DEFAULT '0',
 	user_birthday varchar(10) NOT NULL DEFAULT '',
--- a/phpBB/search.php
+++ b/phpBB/search.php
@ -81,8 +81,68 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 	// clear arrays
 	$id_ary = array();
-	// Which forums should not be searched?
+	// egosearch is an author search
-	$ex_fid_ary = array_unique(array_merge(array_keys($auth->acl_getf('!f_read', true)), array_keys($auth->acl_getf('!f_search', true))));
+	if ($search_id == 'egosearch')
 	{
 		$author = $user->data['username'];
 	}
 	// If we are looking for authors get their ids
 	$author_id_ary = array();
 	if ($author_id)
 	{
 		$author_id_ary[] = $author_id;
 	}
 	else if ($author)
 	{
 		if ((strpos($author, '*') !== false) && (str_replace(array('*', '%'), '', $author) < $config['min_search_author_chars']))
 		{
 			trigger_error(sprintf($user->lang['TOO_FEW_AUTHOR_CHARS'], $config['min_search_author_chars']));
 		}
 		$sql_where = (strpos($author, '*') !== false) ? ' LIKE ' : ' = ';
 		$sql = 'SELECT user_id
 			FROM ' . USERS_TABLE . "
 			WHERE username $sql_where '" . $db->sql_escape(preg_replace('#\*+#', '%', $author)) . "'
 				AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')';
 		$result = $db->sql_query_limit($sql, 100);
 		while ($row = $db->sql_fetchrow($result))
 		{
 			$author_id_ary[] = (int) $row['user_id'];
 		}
 		$db->sql_freeresult($result);
 		if (!sizeof($author_id_ary))
 		{
 			trigger_error($user->lang['NO_SEARCH_RESULTS']);
 		}
 	}
 	// if we search in an existing search result just add the additional keywords. But we need to use "all search terms"-mode
 	// so we can keep the old keywords in their old mode, but add the new ones as required words
 	if ($add_keywords)
 	{
 		if ($search_terms == 'all')
 		{
 			$keywords .= ' ' . $add_keywords;
 		}
 		else
 		{
 			$search_terms = 'all';
 			$keywords = implode(' |', explode(' ', preg_replace('#\s+#', ' ', $keywords))) . ' ' .$add_keywords;
 		}
 	}
 	// Which forums should not be searched? Author searches are also carried out in unindexed forums
 	if (empty($search->search_query) && sizeof($author_id_ary))
 	{
 		$ex_fid_ary = array_keys($auth->acl_getf('!f_read', true));
 	}
 	else
 	{
 		$ex_fid_ary = array_unique(array_merge(array_keys($auth->acl_getf('!f_read', true)), array_keys($auth->acl_getf('!f_search', true))));
 	}
 	$not_in_fid = (sizeof($ex_fid_ary)) ? 'WHERE ' . $db->sql_in_set('f.forum_id', $ex_fid_ary, true) . " OR (f.forum_password <> '' AND fa.user_id <> " . (int) $user->data['user_id'] . ')' : "";
@ -149,59 +209,6 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 		$search_forum = array();
 	}
 	// egosearch is an author search
 	if ($search_id == 'egosearch')
 	{
 		$author = $user->data['username'];
 	}
 	// If we are looking for authors get their ids
 	$author_id_ary = array();
 	if ($author_id)
 	{
 		$author_id_ary[] = $author_id;
 	}
 	else if ($author)
 	{
 		if ((strpos($author, '*') !== false) && (str_replace(array('*', '%'), '', $author) < $config['min_search_author_chars']))
 		{
 			trigger_error(sprintf($user->lang['TOO_FEW_AUTHOR_CHARS'], $config['min_search_author_chars']));
 		}
 		$sql_where = (strpos($author, '*') !== false) ? ' LIKE ' : ' = ';
 		$sql = 'SELECT user_id
 			FROM ' . USERS_TABLE . "
 			WHERE username $sql_where '" . $db->sql_escape(preg_replace('#\*+#', '%', $author)) . "'
 				AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')';
 		$result = $db->sql_query_limit($sql, 100);
 		while ($row = $db->sql_fetchrow($result))
 		{
 			$author_id_ary[] = (int) $row['user_id'];
 		}
 		$db->sql_freeresult($result);
 		if (!sizeof($author_id_ary))
 		{
 			trigger_error($user->lang['NO_SEARCH_RESULTS']);
 		}
 	}
 	// if we search in an existing search result just add the additional keywords. But we need to use "all search terms"-mode
 	// so we can keep the old keywords in their old mode, but add the new ones as required words
 	if ($add_keywords)
 	{
 		if ($search_terms == 'all')
 		{
 			$keywords .= ' ' . $add_keywords;
 		}
 		else
 		{
 			$search_terms = 'all';
 			$keywords = implode(' |', explode(' ', preg_replace('#\s+#', ' ', $keywords))) . ' ' .$add_keywords;
 		}
 	}
 	// Select which method we'll use to obtain the post_id or topic_id information
 	$search_type = basename($config['search_type']);
@ -400,7 +407,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
 	}
 	// For some searches we need to print out the "no results" page directly to allow re-sorting/refining the search options.
-	if (!sizeof($id_ary) && $search_id !== 'active_topics')
+	if (!sizeof($id_ary) && !$search_id)
 	{
 		trigger_error($user->lang['NO_SEARCH_RESULTS']);
 	}