Skip to content
Permalink
Browse files

[2019.03] Some fixes for MySQL8 and PHP7.3 (#1430)

* [Mysql8] Add support to login when using Mysql8

Removes mysql PASSWORD usage away from the initial always used sql for looking for mathcing users.

The deprecated Mysql password hash type will still work, just less efficient.
But as PASSWORD() sql function is removed in Mysql8 it won't work there.

* [PHP73] Silence notices on compact usage in compiled templates

* Add note on PASSWORD_HASH_MYSQL saying it won't work on MySQL 8.0

* Update ezuser.php
  • Loading branch information...
andrerom committed May 11, 2019
1 parent 2493420 commit 0dc7efbcf19d903bcd1dc1d5c5a0b6fd4d098fa4
@@ -26,6 +26,7 @@ class eZUser extends eZPersistentObject
/// MD5 of site, user and password
const PASSWORD_HASH_MD5_SITE = 3;
/// Legacy support for mysql hashed passwords
/// NB! Does not work as of MySQL 8.0 where this has been removed from MySQL.
const PASSWORD_HASH_MYSQL = 4;
/// Passwords in plaintext, should not be used for real sites
const PASSWORD_HASH_PLAINTEXT = 5;
@@ -855,31 +856,13 @@ protected static function _loginUser( $login, $password, $authenticationMatch =
$contentObjectStatus = eZContentObject::STATUS_PUBLISHED;
$ini = eZINI::instance();
$databaseName = $db->databaseName();
// if mysql
if ( $databaseName === 'mysql' )
{
$query = "SELECT contentobject_id, password_hash, password_hash_type, email, login
FROM ezuser, ezcontentobject
WHERE ( $loginText ) AND
ezcontentobject.status='$contentObjectStatus' AND
ezcontentobject.id=contentobject_id AND
password_hash_type!=0 AND
( ( password_hash_type!=4 ) OR
( password_hash_type=4 AND
password_hash=PASSWORD('$passwordEscaped') ) )";
}
else
{
$query = "SELECT contentobject_id, password_hash,
password_hash_type, email, login
FROM ezuser, ezcontentobject
WHERE ( $loginText )
AND password_hash_type!=0
AND ezcontentobject.status='$contentObjectStatus'
AND ezcontentobject.id=contentobject_id";
}
// PASSWORD_HASH_MYSQL is handled further down as this inital SQL needs to work on MySQL 8.0 as well as PostgreSQL
$query = "SELECT contentobject_id, password_hash, password_hash_type, email, login
FROM ezuser, ezcontentobject
WHERE ( $loginText )
AND password_hash_type!=0
AND ezcontentobject.status='$contentObjectStatus'
AND ezcontentobject.id=contentobject_id";
$users = $db->arrayQuery( $query );
$exists = false;
@@ -895,6 +878,7 @@ protected static function _loginUser( $login, $password, $authenticationMatch =
$hashType,
$hash );
$databaseName = $db->databaseName();
// If hash type is MySql
if ( $hashType == self::PASSWORD_HASH_MYSQL and $databaseName === 'mysql' )
{
@@ -126,11 +126,11 @@ function templateNodeTransformation( $functionName, &$node,
$variableStack = "fe_variable_stack_$uniqid";
$namesArray = array( $array, $arrayKeys, $nItems, $nItemsProcessed, $i, $key, $val, $offset, $max, $reverse, $firstVal, $lastVal );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "if ( !isset( \$$variableStack ) ) \$$variableStack = array();" );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "\$" . $variableStack ."[] = compact( '" . implode( "', '", $namesArray ) . "' );" );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "if ( !isset( \$$variableStack ) ) \$$variableStack = [];" );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "\$" . $variableStack ."[] = @compact( '" . implode( "', '", $namesArray ) . "' );" );
$newNodes[] = eZTemplateNodeTool::createVariableNode( false, $parameters['array'], $nodePlacement, array( 'text-result' => false ), $array );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "\$$arrayKeys = is_array( \$$array ) ? array_keys( \$$array ) : array();" );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "\$$arrayKeys = is_array( \$$array ) ? array_keys( \$$array ) : [];" );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "\$$nItems = count( \$$arrayKeys );" );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "\$$nItemsProcessed = 0;" );
@@ -94,8 +94,8 @@ function templateNodeTransformation( $functionName, &$node,
$namesArray = array( "for_firstval_$uniqid", "for_lastval_$uniqid", "for_i_$uniqid" );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "// for begins" );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "if ( !isset( \$$variableStack ) ) \$$variableStack = array();" );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "\$" . $variableStack ."[] = compact( '" . implode( "', '", $namesArray ) . "' );" );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "if ( !isset( \$$variableStack ) ) \$$variableStack = [];" );
$newNodes[] = eZTemplateNodeTool::createCodePieceNode( "\$" . $variableStack ."[] = @compact( '" . implode( "', '", $namesArray ) . "' );" );
$newNodes[] = eZTemplateNodeTool::createVariableNode( false, $parameters['first_val'], $nodePlacement, array( 'treat-value-as-non-object' => true ), "for_firstval_$uniqid" );
$newNodes[] = eZTemplateNodeTool::createVariableNode( false, $parameters['last_val'], $nodePlacement, array( 'treat-value-as-non-object' => true ), "for_lastval_$uniqid" );

0 comments on commit 0dc7efb

Please sign in to comment.
You can’t perform that action at this time.