X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=WEB-INF%2Flib%2Fauth%2FAuth_db.class.php;h=dccc98236669a0bf202ab20220e323ab0985fec0;hb=ecf7d911c95935f8cfb2403f645cd12f93d8c3f5;hp=40743b4e3f49be9f139494d35829b4a12b27f248;hpb=e14559f16ec474f993208fde7c9065c2aa3d385a;p=timetracker.git

diff --git a/WEB-INF/lib/auth/Auth_db.class.php b/WEB-INF/lib/auth/Auth_db.class.php
index 40743b4e..dccc9823 100644
--- a/WEB-INF/lib/auth/Auth_db.class.php
+++ b/WEB-INF/lib/auth/Auth_db.class.php
@@ -56,22 +56,25 @@ class Auth_db extends Auth {
     if ($val['id'] > 0) {
       return array('login'=>$login,'id'=>$val['id']);
     } else {
-    	
+
       // If the OLD_PASSWORDS option is defined - set it.
       if (defined('OLD_PASSWORDS') && isTrue(OLD_PASSWORDS)) {
         $sql = "SET SESSION old_passwords = 1";
         $res = $mdb2->query($sql);
         if (is_a($res, 'PEAR_Error')) {
           die($res->getMessage());
-        }	
+        }
       }
 
       // Try legacy password match. This is needed for compatibility with older versions of TT.
       $sql = "SELECT id FROM tt_users
-        WHERE login = ".$mdb2->quote($login)." AND password = password(".$mdb2->quote($password).") AND status = 1";
+        WHERE login = ".$mdb2->quote($login)." AND password = old_password(".$mdb2->quote($password).") AND status = 1";
       $res = $mdb2->query($sql);
       if (is_a($res, 'PEAR_Error')) {
-        die($res->getMessage());
+        return false; // Simply return false for a meaningful error message on screen, see the comment below.
+        // die($res->getMessage()); // old_password() function is removed in MySQL 5.7.5.
+                                    // We are getting a confusing "MDB2 Error: not found" in this case if we die.
+        // TODO: perhaps it's time to simplify things and remove handling of old passwords completely.
       }
       $val = $res->fetchRow();
       if ($val['id'] > 0) {