From: Nik Okuntseff Date: Fri, 30 Mar 2018 20:59:05 +0000 (+0000) Subject: Fixed handling of admin@localhost. X-Git-Tag: timetracker_1.19-1~903 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=0a0a4488fe34267f070436a9e34b733388581728;p=timetracker.git Fixed handling of admin@localhost. --- diff --git a/WEB-INF/lib/auth/Auth_db.class.php b/WEB-INF/lib/auth/Auth_db.class.php index dccc9823..937ad3cc 100644 --- a/WEB-INF/lib/auth/Auth_db.class.php +++ b/WEB-INF/lib/auth/Auth_db.class.php @@ -44,8 +44,8 @@ class Auth_db extends Auth { $mdb2 = getConnection(); // Try md5 password match first. - $sql = "SELECT id FROM tt_users - WHERE login = ".$mdb2->quote($login)." AND password = md5(".$mdb2->quote($password).") AND status = 1"; + $sql = "SELECT id FROM tt_users". + " WHERE login = ".$mdb2->quote($login)." AND password = md5(".$mdb2->quote($password).") AND status = 1"; $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) { @@ -84,8 +84,9 @@ class Auth_db extends Auth { // Special handling for admin@localhost - search for an account with admin role with a matching password. if ($login == 'admin@localhost') { - $sql = "SELECT id, login FROM tt_users - WHERE role = 1024 AND password = md5(".$mdb2->quote($password).") AND status = 1"; + $sql = "SELECT u.id, u.login FROM tt_users u". + " LEFT JOIN tt_roles r on (u.role_id = r.id)". + " WHERE r.rank = 1024 AND password = md5(".$mdb2->quote($password).") AND u.status = 1"; $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) { die($res->getMessage()); diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 873d5ec4..5db80101 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.83.4203 | Copyright © Anuko | +  Anuko Time Tracker 1.17.83.4204 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve}