X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2Fauth%2FAuth_db.class.php;h=a7ae0d3faeb7659b5873de92a9461287e6a1ad1d;hb=f787edd7045299de3885c052d243b446f7324ea0;hp=c380330c0e7a33d63f2f1eeda0084b4a011aedf7;hpb=7faef0e6d81444ad3ae10d1a2ce62fa753c80a9f;p=timetracker.git

diff --git a/WEB-INF/lib/auth/Auth_db.class.php b/WEB-INF/lib/auth/Auth_db.class.php
index c380330c..a7ae0d3f 100644
--- a/WEB-INF/lib/auth/Auth_db.class.php
+++ b/WEB-INF/lib/auth/Auth_db.class.php
@@ -56,16 +56,14 @@ class Auth_db extends Auth {
     if ($val['id'] > 0) {
       return array('login'=>$login,'id'=>$val['id']);
     } else {
-
       // If the OLD_PASSWORDS option is defined - set it.
-      if (isTrue(OLD_PASSWORDS)) {
+      if (isTrue('OLD_PASSWORDS')) {
         $sql = "SET SESSION old_passwords = 1";
         $res = $mdb2->query($sql);
         if (is_a($res, 'PEAR_Error')) {
           die($res->getMessage());
         }
       }
-
       // Try legacy password match. This is needed for compatibility with older versions of TT.
       $sql = "SELECT id FROM tt_users
         WHERE login = ".$mdb2->quote($login)." AND password = old_password(".$mdb2->quote($password).") AND status = 1";
@@ -75,6 +73,8 @@ class Auth_db extends Auth {
         // die($res->getMessage()); // old_password() function is removed in MySQL 5.7.5.
                                     // We are getting a confusing "MDB2 Error: not found" in this case if we die.
         // TODO: perhaps it's time to simplify things and remove handling of old passwords completely.
+        // HOWEVER: some users apparently never change their passwords. When I tried removing OLD_PASSWORDS
+        // support in November 2018, there were login issues with such users.
       }
       $val = $res->fetchRow();
       if ($val['id'] > 0) {