function check_csrf($token) { global $lang_common; $is_hash_authorized = pun_hash_equals($token, pun_csrf_token()); if (!isset($token) || !$is_hash_authorized) { message($lang_common['Bad csrf hash'], false, '404 Not Found'); } }
// If there is a salt in the database we have upgraded from 1.3-legacy though haven't yet logged in if (!empty($cur_user['salt'])) { $is_salt_authorized = pun_hash_equals(sha1($cur_user['salt'] . sha1($form_password)), $cur_user['password']); if ($is_salt_authorized) { $authorized = true; $db->query('UPDATE ' . $db->prefix . 'users SET password=\'' . $form_password_hash . '\', salt=NULL WHERE id=' . $cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error()); } } else { if (strlen($cur_user['password']) != 40) { $is_md5_authorized = pun_hash_equals(md5($form_password), $cur_user['password']); if ($is_md5_authorized) { $authorized = true; $db->query('UPDATE ' . $db->prefix . 'users SET password=\'' . $form_password_hash . '\' WHERE id=' . $cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error()); } } else { $authorized = pun_hash_equals($cur_user['password'], $form_password_hash); } } } if (!$authorized) { message($lang_login['Wrong user/pass'] . ' <a href="login.php?action=forget">' . $lang_login['Forgotten pass'] . '</a>'); } flux_hook('login_after_validation'); // Update the status if this is the first time the user logged in if ($cur_user['group_id'] == PUN_UNVERIFIED) { $db->query('UPDATE ' . $db->prefix . 'users SET group_id=' . $pun_config['o_default_user_group'] . ' WHERE id=' . $cur_user['id']) or error('Unable to update user status', __FILE__, __LINE__, $db->error()); // Regenerate the users info cache if (!defined('FORUM_CACHE_FUNCTIONS_LOADED')) { require PUN_ROOT . 'include/cache.php'; } generate_users_info_cache();