Changeset 447

Timestamp:

10/02/2006 05:57:12 PM (20 years ago)

Author:

mdawaffe

Message:

Reversibly break passwords of blocked users. Fixes #436.

Location:

trunk

Files:

• bb-admin/upgrade.php (modified) (2 diffs)
• bb-includes/pluggable.php (modified) (2 diffs)
• profile-edit.php (modified) (1 diff)

trunk/bb-admin/upgrade.php

@@ -115 +115 @@
 /*
 upgrade_150();
+*/
+
+// Reversibly break Passwords of blocked users Oct 2nd, 2006.
+/*
+upgrade_160();
 */
 
@@ -228 +233 @@
 }
 
+// Reversibly break passwords of blocked users.
+function upgrade_160() {
+    require_once('admin-functions.php');
+    $blocked = get_ids_by_role( 'blocked' );
+    foreach ( $blocked as $b )
+        bb_break_password( $b );
+}
+
 function deslash($content) {
     // Note: \\\ inside a regex denotes a single backslash.

trunk/bb-includes/pluggable.php

@@ -22 +22 @@
     if ( !$already_md5 ) {
         $pass = user_sanitize( md5( $pass ) );
-        return $bbdb->get_row("SELECT * FROM $bbdb->users WHERE user_login = '$user' AND user_pass = '$pass'");
+        return $bbdb->get_row("SELECT * FROM $bbdb->users WHERE user_login = '$user' AND SUBSTRING_INDEX( user_pass, '---', 1 ) = '$pass'");
     } else {
         return $bbdb->get_row("SELECT * FROM $bbdb->users WHERE user_login = '$user' AND MD5( user_pass ) = '$pass'");
@@ -199 +199 @@
 }
 endif;
+
+if ( !function_exists('bb_break_password') ) :
+function bb_break_password( $user_id ) {
+    global $bbdb;
+    $user_id = (int) $user_id;
+    if ( !$user = bb_get_user( $user_id ) )
+        return false;
+    $secret = substr(wp_hash( 'bb_break_password' ), 0, 13);
+    if ( false === strpos( $user->user_pass, '---' ) )
+        return $bbdb->query("UPDATE $bbdb->users SET user_pass = CONCAT(user_pass, '---', '$secret') WHERE ID = '$user_id'");
+    else
+        return true;
+}
+endif;
+
+if ( !function_exists('bb_fix_password') ) :
+function bb_fix_password( $user_id ) {
+    global $bbdb;
+    $user_id = (int) $user_id;
+    if ( !$user = bb_get_user( $user_id ) )
+        return false;
+    if ( false === strpos( $user->user_pass, '---' ) )
+        return true;
+    else
+        return $bbdb->query("UPDATE $bbdb->users SET user_pass = SUBSTRING_INDEX(user_pass, '---', 1) WHERE ID = '$user_id'");
+}
+endif;
 ?>

trunk/profile-edit.php

@@ -75 +75 @@
         if ( bb_current_user_can('edit_users') ) :
             $user_obj = new BB_User( $user->ID );
-            if ( !array_key_exists($role, $user->capabilities) && array_key_exists($role, $bb_roles->roles) )
+            if ( !array_key_exists($role, $user->capabilities) && array_key_exists($role, $bb_roles->roles) ) {
+                $old_role = $user_obj->roles[0];
                 $user_obj->set_role($role); // Only support one role for now
+                if ( 'blocked' == $role && 'blocked' != $old_role )
+                    bb_break_password( $user->ID );
+                elseif ( 'blocked' != $role && 'blocked' == $old_role )
+                    bb_fix_password( $user->ID );
+            }
             if ( isset($user_status) && $user_status != $user->user_status )
                 update_user_status( $user->ID, $user_status );