r45

Шифрование паролей пользователей ВАЖНО! сделать всего один единичный запрос к базе UPDATE bb_users SET user_password = MD5(user_password); (если не уверены, спросите на форуме!) git-svn-id: https://torrentpier2.googlecode.com/svn/trunk@45 a8ac35ab-4ca4-ca47-4c2d-a49a94f06293

upload/includes/sessions.php

@@ -397,7 +397,7 @@ class user_common
 		if ($username && $password)
 		{
 			$username_sql = str_replace("\\'", "''", $username);
-			$password_sql = md5($password);
+			$password_sql = md5(md5($password));
 
 			$sql = "
 				SELECT *
@@ -411,7 +411,7 @@ class user_common
 
 			if ($userdata = DB()->fetch_row($sql))
 			{
-				if (!$userdata['username'] || !$userdata['user_password'] || $userdata['user_id'] == ANONYMOUS || md5($password) !== $userdata['user_password'] || !$userdata['user_active'])
+				if (!$userdata['username'] || !$userdata['user_password'] || $userdata['user_id'] == ANONYMOUS || md5(md5($password)) !== $userdata['user_password'] || !$userdata['user_active'])
 				{
 					trigger_error('invalid userdata', E_USER_ERROR);
 				}

upload/includes/ucp/usercp_register.php

@@ -236,7 +236,7 @@ foreach ($profile_fields as $field => $can_edit)
 				{
 					$errors[] = 'Введённые пароли не совпадают';
 				}
-				$db_data['user_password'] = md5($new_pass);
+				$db_data['user_password'] = md5(md5($new_pass));
 			}
 
 			if ($mode == 'register')
@@ -250,7 +250,7 @@ foreach ($profile_fields as $field => $can_edit)
 			{
 				if (!empty($cur_pass))
 				{
-					$cur_pass_valid = ($pr_data['user_password'] === md5($cur_pass));
+					$cur_pass_valid = ($pr_data['user_password'] === md5(md5($cur_pass)));
 				}
 				if (!empty($new_pass) && !$cur_pass_valid)
 				{