From c8144edb537a2447d78cda4a2e6c53616a63c876 Mon Sep 17 00:00:00 2001 From: anuko Date: Mon, 4 Sep 2017 21:05:50 +0000 Subject: [PATCH] Fixed legacy password handling. --- WEB-INF/lib/auth/Auth_db.class.php | 6 +++--- WEB-INF/templates/footer.tpl | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/WEB-INF/lib/auth/Auth_db.class.php b/WEB-INF/lib/auth/Auth_db.class.php index 40743b4e..4861552c 100644 --- a/WEB-INF/lib/auth/Auth_db.class.php +++ b/WEB-INF/lib/auth/Auth_db.class.php @@ -56,19 +56,19 @@ class Auth_db extends Auth { if ($val['id'] > 0) { return array('login'=>$login,'id'=>$val['id']); } else { - + // If the OLD_PASSWORDS option is defined - set it. if (defined('OLD_PASSWORDS') && isTrue(OLD_PASSWORDS)) { $sql = "SET SESSION old_passwords = 1"; $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) { die($res->getMessage()); - } + } } // Try legacy password match. This is needed for compatibility with older versions of TT. $sql = "SELECT id FROM tt_users - WHERE login = ".$mdb2->quote($login)." AND password = password(".$mdb2->quote($password).") AND status = 1"; + WHERE login = ".$mdb2->quote($login)." AND password = old_password(".$mdb2->quote($password).") AND status = 1"; $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) { die($res->getMessage()); diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index e1dd94bb..3b022934 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.11.48.3661 | Copyright © Anuko | +  Anuko Time Tracker 1.11.48.3662 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} -- 2.20.1