From: Nik Okuntseff <support@anuko.com>
Date: Wed, 21 Nov 2018 16:05:22 +0000 (+0000)
Subject: Removed handling of OLD_PASSWORDS to simplify login code.
X-Git-Tag: timetracker_1.19-1~587
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=4782eac1a659d576f7e50e6a9e94fdfa316bfc7f;p=timetracker.git

Removed handling of OLD_PASSWORDS to simplify login code.
---

diff --git a/WEB-INF/config.php.dist b/WEB-INF/config.php.dist
index 1d852c21..17b4d087 100644
--- a/WEB-INF/config.php.dist
+++ b/WEB-INF/config.php.dist
@@ -59,16 +59,6 @@ define('MULTITEAM_MODE', true);
 define('APP_NAME', '');
 
 
-// OLD_PASSWORDS
-//
-// You may need to set this option if you migrate an older version of TT installation to a new server.
-// Older versions of TT used mysql password function to hash user passwords. Newer versions use md5.
-// Because the password function may behave differently between servers, the OLD_PASSWORD settings
-// gives you an opportunity to control it, if needed.
-//  
-// define('OLD_PASSWORDS', true);
-
-
 // WEEKEND_START_DAY
 //
 // This option defines which days are highlighted with weekend color.
diff --git a/WEB-INF/lib/auth/Auth_db.class.php b/WEB-INF/lib/auth/Auth_db.class.php
index c380330c..a3885fb6 100644
--- a/WEB-INF/lib/auth/Auth_db.class.php
+++ b/WEB-INF/lib/auth/Auth_db.class.php
@@ -55,31 +55,6 @@ class Auth_db extends Auth {
     $val = $res->fetchRow();
     if ($val['id'] > 0) {
       return array('login'=>$login,'id'=>$val['id']);
-    } else {
-
-      // If the OLD_PASSWORDS option is defined - set it.
-      if (isTrue(OLD_PASSWORDS)) {
-        $sql = "SET SESSION old_passwords = 1";
-        $res = $mdb2->query($sql);
-        if (is_a($res, 'PEAR_Error')) {
-          die($res->getMessage());
-        }
-      }
-
-      // Try legacy password match. This is needed for compatibility with older versions of TT.
-      $sql = "SELECT id FROM tt_users
-        WHERE login = ".$mdb2->quote($login)." AND password = old_password(".$mdb2->quote($password).") AND status = 1";
-      $res = $mdb2->query($sql);
-      if (is_a($res, 'PEAR_Error')) {
-        return false; // Simply return false for a meaningful error message on screen, see the comment below.
-        // die($res->getMessage()); // old_password() function is removed in MySQL 5.7.5.
-                                    // We are getting a confusing "MDB2 Error: not found" in this case if we die.
-        // TODO: perhaps it's time to simplify things and remove handling of old passwords completely.
-      }
-      $val = $res->fetchRow();
-      if ($val['id'] > 0) {
-        return array('login'=>$login,'id'=>$val['id']);
-      }
     }
 
     // Special handling for admin@localhost - search for an account with admin role with a matching password.
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 73cd97e0..04f99546 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.25.4483 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.25.4484 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>