From: Nik Okuntseff <support@anuko.com>
Date: Thu, 22 Nov 2018 13:22:50 +0000 (+0000)
Subject: Rolling back old passwords support as some users never change them.
X-Git-Tag: timetracker_1.19-1~577
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=8b1efafeb5921f14235cf45cf58ef404700141aa;p=timetracker.git

Rolling back old passwords support as some users never change them.
---

diff --git a/WEB-INF/lib/auth/Auth_db.class.php b/WEB-INF/lib/auth/Auth_db.class.php
index a3885fb6..bdde007a 100644
--- a/WEB-INF/lib/auth/Auth_db.class.php
+++ b/WEB-INF/lib/auth/Auth_db.class.php
@@ -55,6 +55,31 @@ class Auth_db extends Auth {
     $val = $res->fetchRow();
     if ($val['id'] > 0) {
       return array('login'=>$login,'id'=>$val['id']);
+    } else {
+      // If the OLD_PASSWORDS option is defined - set it.
+      if (isTrue(OLD_PASSWORDS)) {
+        $sql = "SET SESSION old_passwords = 1";
+        $res = $mdb2->query($sql);
+        if (is_a($res, 'PEAR_Error')) {
+          die($res->getMessage());
+        }
+      }
+      // Try legacy password match. This is needed for compatibility with older versions of TT.
+      $sql = "SELECT id FROM tt_users
+        WHERE login = ".$mdb2->quote($login)." AND password = old_password(".$mdb2->quote($password).") AND status = 1";
+      $res = $mdb2->query($sql);
+      if (is_a($res, 'PEAR_Error')) {
+        return false; // Simply return false for a meaningful error message on screen, see the comment below.
+        // die($res->getMessage()); // old_password() function is removed in MySQL 5.7.5.
+                                    // We are getting a confusing "MDB2 Error: not found" in this case if we die.
+        // TODO: perhaps it's time to simplify things and remove handling of old passwords completely.
+        // HOWEVER: some users apparently never change their passwords. When I tried removing OLD_PASSWORDS
+        // support in November 2018, there were login issues with such users.
+      }
+      $val = $res->fetchRow();
+      if ($val['id'] > 0) {
+        return array('login'=>$login,'id'=>$val['id']);
+      }
     }
 
     // Special handling for admin@localhost - search for an account with admin role with a matching password.
diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php
index 8e9a8f21..7a37109e 100644
--- a/WEB-INF/lib/ttUser.class.php
+++ b/WEB-INF/lib/ttUser.class.php
@@ -418,7 +418,7 @@ class ttUser {
     $res = $mdb2->query($sql);
     if (!is_a($res, 'PEAR_Error')) {
       while ($val = $res->fetchRow()) {
-        $groups[] = $val; // array('id'=>$val['id'],'name'=>$val['name']);
+        $groups[] = $val;
       }
     }
     return $groups;
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 4a731726..0e481fee 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.26.4492 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.27.4493 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/WEB-INF/templates/groups.tpl b/WEB-INF/templates/groups.tpl
index 58105519..508f1787 100644
--- a/WEB-INF/templates/groups.tpl
+++ b/WEB-INF/templates/groups.tpl
@@ -1,25 +1,33 @@
 <script>
   function chLocation(newLocation) { document.location = newLocation; }
 </script>
-
+{$forms.groupsForm.open}
 <table cellspacing="1" cellpadding="3" border="0" width="720">
+{if $on_behalf_group_control}
+  <tr>
+    <td align="right">{$i18n.label.group}:</td>
+    <td>{$forms.groupsForm.onBehalfGroup.control}</td>
+  </tr>
+  <tr><td colspan="2">&nbsp;</td></tr>
+{/if}
   <tr>
     <td width="35%" class="tableHeader">{$i18n.label.thing_name}</td>
     <td width="35%" class="tableHeader">{$i18n.label.description}</td>
     <td class="tableHeader">{$i18n.label.edit}</td>
     <td class="tableHeader">{$i18n.label.delete}</td>
   </tr>
-{if $groups}
-  {foreach $groups as $group}
+{if $subgroups}
+  {foreach $subgroups as $subgroup}
   <tr bgcolor="{cycle values="#f5f5f5,#ffffff"}">
-    <td>{$group.name|escape}</td>
-    <td>{$group.description|escape}</td>
-    <td><a href="group_edit.php?id={$group.id}">{$i18n.label.edit}</a></td>
-    <td><a href="group_delete.php?id={$group.id}">{$i18n.label.delete}</a></td>
+    <td>{$subgroup.name|escape}</td>
+    <td>{$subgroup.description|escape}</td>
+    <td><a href="group_edit.php?id={$subgroup.id}">{$i18n.label.edit}</a></td>
+    <td><a href="group_delete.php?id={$subgroup.id}">{$i18n.label.delete}</a></td>
   </tr>
   {/foreach}
 {/if}
 </table>
+{$forms.groupsForm.close}
 
 <table width="100%">
   <tr>
diff --git a/groups.php b/groups.php
index 12e54da2..7f4937c9 100644
--- a/groups.php
+++ b/groups.php
@@ -39,7 +39,21 @@ if (!ttAccessAllowed('manage_subgroups')) {
 }
 // End of access checks.
 
-$smarty->assign('groups', $user->getSubgroups());
+$form = new Form('groupsForm');
+$groups = $user->getGroups();
+if (count($groups) > 1) {
+  $form->addInput(array('type'=>'combobox',
+    'onchange'=>'this.form.submit();',
+    'name'=>'onBehalfGroup',
+    'style'=>'width: 250px;',
+    'value'=>$on_behalf_group_id,
+    'data'=>$groups,
+    'datakeys'=>array('id','name')));
+  $smarty->assign('on_behalf_group_control', 1);
+}
+
+$smarty->assign('subgroups', $user->getSubgroups());
+$smarty->assign('forms', array($form->getName()=>$form->toArray()));
 $smarty->assign('title', $i18n->get('label.subgroups'));
 $smarty->assign('content_page_name', 'groups.tpl');
 $smarty->display('index.tpl');