From 688d5289010d2566cafc18a074f55b4c2bb7f97b Mon Sep 17 00:00:00 2001
From: nanosimbiot <nanosimbiot@a8ac35ab-4ca4-ca47-4c2d-a49a94f06293>
Date: Wed, 29 Jun 2011 09:59:18 +0000
Subject: [PATCH] r45
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Шифрование паролей пользователей ВАЖНО! сделать всего один единичный запрос к базе UPDATE bb_users SET user_password = MD5(user_password); (если не уверены, спросите на форуме!) git-svn-id: https://torrentpier2.googlecode.com/svn/trunk@45 a8ac35ab-4ca4-ca47-4c2d-a49a94f06293
---
 upload/includes/sessions.php            | 4 ++--
 upload/includes/ucp/usercp_register.php | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/upload/includes/sessions.php b/upload/includes/sessions.php
index b1bc3cf0c..0f31be7e3 100644
--- a/upload/includes/sessions.php
+++ b/upload/includes/sessions.php
@@ -397,7 +397,7 @@ class user_common
 		if ($username && $password)
 		{
 			$username_sql = str_replace("\\'", "''", $username);
-			$password_sql = md5($password);
+			$password_sql = md5(md5($password));
 
 			$sql = "
 				SELECT *
@@ -411,7 +411,7 @@ class user_common
 
 			if ($userdata = DB()->fetch_row($sql))
 			{
-				if (!$userdata['username'] || !$userdata['user_password'] || $userdata['user_id'] == ANONYMOUS || md5($password) !== $userdata['user_password'] || !$userdata['user_active'])
+				if (!$userdata['username'] || !$userdata['user_password'] || $userdata['user_id'] == ANONYMOUS || md5(md5($password)) !== $userdata['user_password'] || !$userdata['user_active'])
 				{
 					trigger_error('invalid userdata', E_USER_ERROR);
 				}
diff --git a/upload/includes/ucp/usercp_register.php b/upload/includes/ucp/usercp_register.php
index d2aa8b447..c443bbb38 100644
--- a/upload/includes/ucp/usercp_register.php
+++ b/upload/includes/ucp/usercp_register.php
@@ -236,7 +236,7 @@ foreach ($profile_fields as $field => $can_edit)
 				{
 					$errors[] = 'Введённые пароли не совпадают';
 				}
-				$db_data['user_password'] = md5($new_pass);
+				$db_data['user_password'] = md5(md5($new_pass));
 			}
 
 			if ($mode == 'register')
@@ -250,7 +250,7 @@ foreach ($profile_fields as $field => $can_edit)
 			{
 				if (!empty($cur_pass))
 				{
-					$cur_pass_valid = ($pr_data['user_password'] === md5($cur_pass));
+					$cur_pass_valid = ($pr_data['user_password'] === md5(md5($cur_pass)));
 				}
 				if (!empty($new_pass) && !$cur_pass_valid)
 				{