if ($val['id'] > 0) {
return array('login'=>$login,'id'=>$val['id']);
} else {
-
// If the OLD_PASSWORDS option is defined - set it.
if (isTrue(OLD_PASSWORDS)) {
$sql = "SET SESSION old_passwords = 1";
die($res->getMessage());
}
}
-
// Try legacy password match. This is needed for compatibility with older versions of TT.
$sql = "SELECT id FROM tt_users
WHERE login = ".$mdb2->quote($login)." AND password = old_password(".$mdb2->quote($password).") AND status = 1";
// die($res->getMessage()); // old_password() function is removed in MySQL 5.7.5.
// We are getting a confusing "MDB2 Error: not found" in this case if we die.
// TODO: perhaps it's time to simplify things and remove handling of old passwords completely.
+ // HOWEVER: some users apparently never change their passwords. When I tried removing OLD_PASSWORDS
+ // support in November 2018, there were login issues with such users.
}
$val = $res->fetchRow();
if ($val['id'] > 0) {