X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2Fauth%2FAuth_db.class.php;h=a7ae0d3faeb7659b5873de92a9461287e6a1ad1d;hb=75a1eedb8977b8f2db459128bab9aaf367e3b58b;hp=a3885fb66eb5cf7faa416507abbfb00ccde95cda;hpb=4782eac1a659d576f7e50e6a9e94fdfa316bfc7f;p=timetracker.git diff --git a/WEB-INF/lib/auth/Auth_db.class.php b/WEB-INF/lib/auth/Auth_db.class.php index a3885fb6..a7ae0d3f 100644 --- a/WEB-INF/lib/auth/Auth_db.class.php +++ b/WEB-INF/lib/auth/Auth_db.class.php @@ -55,6 +55,31 @@ class Auth_db extends Auth { $val = $res->fetchRow(); if ($val['id'] > 0) { return array('login'=>$login,'id'=>$val['id']); + } else { + // If the OLD_PASSWORDS option is defined - set it. + if (isTrue('OLD_PASSWORDS')) { + $sql = "SET SESSION old_passwords = 1"; + $res = $mdb2->query($sql); + if (is_a($res, 'PEAR_Error')) { + die($res->getMessage()); + } + } + // Try legacy password match. This is needed for compatibility with older versions of TT. + $sql = "SELECT id FROM tt_users + WHERE login = ".$mdb2->quote($login)." AND password = old_password(".$mdb2->quote($password).") AND status = 1"; + $res = $mdb2->query($sql); + if (is_a($res, 'PEAR_Error')) { + return false; // Simply return false for a meaningful error message on screen, see the comment below. + // die($res->getMessage()); // old_password() function is removed in MySQL 5.7.5. + // We are getting a confusing "MDB2 Error: not found" in this case if we die. + // TODO: perhaps it's time to simplify things and remove handling of old passwords completely. + // HOWEVER: some users apparently never change their passwords. When I tried removing OLD_PASSWORDS + // support in November 2018, there were login issues with such users. + } + $val = $res->fetchRow(); + if ($val['id'] > 0) { + return array('login'=>$login,'id'=>$val['id']); + } } // Special handling for admin@localhost - search for an account with admin role with a matching password.