quote($login)." AND password = md5(".$mdb2->quote($password).") AND status = 1"; $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) { die($res->getMessage()); } $val = $res->fetchRow(); if ($val['id'] > 0) { return array('login'=>$login,'id'=>$val['id']); } else { // If the OLD_PASSWORDS option is defined - set it. if (defined('OLD_PASSWORDS') && isTrue(OLD_PASSWORDS)) { $sql = "SET SESSION old_passwords = 1"; $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) { die($res->getMessage()); } } // Try legacy password match. This is needed for compatibility with older versions of TT. $sql = "SELECT id FROM tt_users WHERE login = ".$mdb2->quote($login)." AND password = password(".$mdb2->quote($password).") AND status = 1"; $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) { die($res->getMessage()); } $val = $res->fetchRow(); if ($val['id'] > 0) { return array('login'=>$login,'id'=>$val['id']); } } // Special handling for admin@localhost - search for an account with admin role with a matching password. if ($login == 'admin@localhost') { $sql = "SELECT id, login FROM tt_users WHERE role = 1024 AND password = md5(".$mdb2->quote($password).") AND status = 1"; $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) { die($res->getMessage()); } $val = $res->fetchRow(); if ($val['id'] > 0) { return array('login'=>$val['login'],'id'=>$val['id']); } } return false; } function isPasswordExternal() { return false; } }