$val = $res->fetchRow();
if ($val['id'] > 0) {
return array('login'=>$login,'id'=>$val['id']);
- } else {
-
- // If the OLD_PASSWORDS option is defined - set it.
- if (defined('OLD_PASSWORDS') && isTrue(OLD_PASSWORDS)) {
- $sql = "SET SESSION old_passwords = 1";
- $res = $mdb2->query($sql);
- if (is_a($res, 'PEAR_Error')) {
- die($res->getMessage());
- }
- }
-
- // Try legacy password match. This is needed for compatibility with older versions of TT.
- $sql = "SELECT id FROM tt_users
- WHERE login = ".$mdb2->quote($login)." AND password = old_password(".$mdb2->quote($password).") AND status = 1";
- $res = $mdb2->query($sql);
- if (is_a($res, 'PEAR_Error')) {
- return false; // Simply return false for a meaningful error message on screen, see the comment below.
- // die($res->getMessage()); // old_password() function is removed in MySQL 5.7.5.
- // We are getting a confusing "MDB2 Error: not found" in this case if we die.
- // TODO: perhaps it's time to simplify things and remove handling of old passwords completely.
- }
- $val = $res->fetchRow();
- if ($val['id'] > 0) {
- return array('login'=>$login,'id'=>$val['id']);
- }
}
// Special handling for admin@localhost - search for an account with admin role with a matching password.