mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-11 07:06:06 +00:00
fix: player deleting & password checks work as intended
This commit is contained in:
+10
-5
@@ -261,7 +261,7 @@ class adm_DB {
|
||||
$result = mysqli_query($this->connection, $q);
|
||||
|
||||
// if we didn't update the database for bcrypt hashes yet...
|
||||
if (mysqli_error($this->dblink) != '') {
|
||||
if (mysqli_error($this->connection) != '') {
|
||||
// no need to select ID here, since the DB is not updated, so there will be no password conversion later
|
||||
$q = "SELECT password, 0 as is_bcrypt FROM ".TB_PREFIX."users where id = ".(int) $uid." and access = ".ADMIN;
|
||||
$result = mysqli_query($this->dblink,$q);
|
||||
@@ -272,11 +272,16 @@ class adm_DB {
|
||||
|
||||
$dbarray = mysqli_fetch_array($result);
|
||||
|
||||
// check if this is still md5 password hash
|
||||
if (!$dbarray['is_bcrypt']) {
|
||||
// even if we didn't do a DB conversion for bcrypt passwords,
|
||||
// we still need to check if this password wasn't encrypted via password_hash,
|
||||
// since all methods were updated to use that instead of md5 and therefore
|
||||
// new passwords in DB will be bcrypt already even without the is_bcrypt field present
|
||||
$bcrypted = true;
|
||||
$pwOk = password_verify($password, $dbarray['password']);
|
||||
|
||||
if (!$pwOk && !$dbarray['is_bcrypt']) {
|
||||
$pwOk = ($dbarray['password'] == md5($password));
|
||||
} else {
|
||||
$pwOk = password_verify($password, $dbarray['password']);
|
||||
$bcrypted = false;
|
||||
}
|
||||
|
||||
if($pwOk) {
|
||||
|
||||
+5
-2
@@ -127,8 +127,11 @@ class funct {
|
||||
global $admin,$database;
|
||||
switch($post['action']){
|
||||
case "DelPlayer":
|
||||
$admin->DelPlayer($post['uid'],$post['pass']);
|
||||
header("Location: ?p=search&msg=ursdel");
|
||||
if ($admin->DelPlayer($post['uid'],$post['pass'])) {
|
||||
header("Location: ?p=search&msg=ursdel");
|
||||
} else {
|
||||
die('Invalid Admin password, cannot delete player. Please go back and retry.');
|
||||
}
|
||||
break;
|
||||
case "punish":
|
||||
$admin->Punish($post);
|
||||
|
||||
Reference in New Issue
Block a user