X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2Fauth%2FAuth_db.class.php;h=937ad3cc9286adcb1a8d5667ef50ee3b58764924;hb=bd92aeb3404ed8625272abccc9a8766f13ab75e6;hp=dccc98236669a0bf202ab20220e323ab0985fec0;hpb=58d005dd74e63575f7dc1e9f79e54be2f314651b;p=timetracker.git

diff --git a/WEB-INF/lib/auth/Auth_db.class.php b/WEB-INF/lib/auth/Auth_db.class.php
index dccc9823..937ad3cc 100644
--- a/WEB-INF/lib/auth/Auth_db.class.php
+++ b/WEB-INF/lib/auth/Auth_db.class.php
@@ -44,8 +44,8 @@ class Auth_db extends Auth {
     $mdb2 = getConnection();
 
     // Try md5 password match first.
-    $sql = "SELECT id FROM tt_users
-      WHERE login = ".$mdb2->quote($login)." AND password = md5(".$mdb2->quote($password).") AND status = 1";
+    $sql = "SELECT id FROM tt_users".
+      " WHERE login = ".$mdb2->quote($login)." AND password = md5(".$mdb2->quote($password).") AND status = 1";
 
     $res = $mdb2->query($sql);
     if (is_a($res, 'PEAR_Error')) {
@@ -84,8 +84,9 @@ class Auth_db extends Auth {
 
     // Special handling for admin@localhost - search for an account with admin role with a matching password.
     if ($login == 'admin@localhost') {
-      $sql = "SELECT id, login FROM tt_users
-        WHERE role = 1024 AND password = md5(".$mdb2->quote($password).") AND status = 1";
+      $sql = "SELECT u.id, u.login FROM tt_users u".
+        " LEFT JOIN tt_roles r on (u.role_id = r.id)".
+        " WHERE r.rank = 1024 AND password = md5(".$mdb2->quote($password).") AND u.status = 1";
       $res = $mdb2->query($sql);
       if (is_a($res, 'PEAR_Error')) {
         die($res->getMessage());