Zitat:
Zitat von joom_mob-i-co
Ich muss erstmal selber schauen was sich geändert hat,
|
Das ist der veränderte Bereich aus dem CB Patch.
Ich konnte das für eine alte Seite problemelos von der 1.0.2 auf die 1.0.1 übertragen (Ja, ich weiß ich muss da mal Updaten ;-) )
PHP-Code:
$username = trim( mosGetParam( $_POST, 'username', '' ) );
$passwd = trim( mosGetParam( $_POST, 'passwd', '' ) );
//$passwd = md5( $passwd2 );
PHP-Code:
// Doesn't work any more, the maintainer should really update this instead of advising reversal of installs
/*$database->setQuery( "SELECT * "
. "\nFROM #__users u, "
. "\n #__comprofiler ue "
. "\nWHERE u.username='".$username."' AND u.password='".$passwd."' AND u.id = ue.id"
);
$row = null;
if ($database->loadObject( $row )) {*/
// Lets borrow from Joomla! shall we?
// query used for login via login module
$query = "SELECT *"
. "\n FROM #__users u,"
. "\n #__comprofiler ue "
. "\n WHERE u.username = ". $database->Quote( $username ) . " AND u.id = ue.id"
;
$database->setQuery( $query );
$database->loadObject( $row );
if (is_object($row)) {
// user blocked from login
if ($row->block == 1) {
mosErrorAlert(_LOGIN_BLOCKED);
}
if (!$valid_remember) {
// Conversion to new type
if ((strpos($row->password, ':') === false) && $row->password == md5($passwd)) {
// Old password hash storage but authentic ... lets convert it
$salt = mosMakePassword(16);
$crypt = md5($passwd.$salt);
$row->password = $crypt.':'.$salt;
// Now lets store it in the database
$query = 'UPDATE #__users'
. ' SET password = '.$database->Quote($row->password)
. ' WHERE id = '.(int)$row->id;
$database->setQuery($query);
if (!$database->query()) {
// This is an error but not sure what to do with it ... we'll still work for now
}
}
list($hash, $salt) = explode(':', $row->password);
$cryptpass = md5($passwd.$salt);
if ($hash != $cryptpass) {
if ( $bypost ) {
mosErrorAlert(_LOGIN_INCORRECT);
} else {
die('I like pie'. $cryptpass);
$mainframe->logout();
mosRedirect('index.php');
}
exit();
}
}