yetangitu/ampache
1
0
Fork 0
mirror of https://github.com/Yetangitu/ampache synced 2025-10-06 03:49:56 +02:00
Code Issues Releases Wiki Activity

wups forgot the stupid mysql pw mojo fix

Browse source
This commit is contained in:
Karl 'vollmerk' Vollmer 2006-01-13 09:57:35 +00:00
parent 10c147aa5e
commit ac70ee39d8
1 changed files with 16 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
modules/vauth/auth.lib.php
View file

@ -55,7 +55,22 @@ function vauth_mysql_auth($username,$password) {
$username = sql_escape($username); $username = sql_escape($username);
$password = sql_escape($password); $password = sql_escape($password);
$sql = "SELECT username FROM user WHERE username='$username' AND password=PASSWORD('$password')"; $password_check_sql = "PASSWORD('$password')";
$sql = "SELECT password FROM user WHERE username='$username'";
$db_results = mysql_query($sql, vauth_dbh());
$row = mysql_fetch_row($db_results);
$sql = "SELECT version()";
$db_results = mysql_query($sql, vauth_dbh());
$version = mysql_fetch_row($db_results);
$mysql_version = substr(preg_replace("/(\d+)\.(\d+)\.(\d+).*/","$1$2$3",$version[0]),0,3);
if ($mysql_version > "409" AND substr($row[0],0,1) !== "*") {
$password_check_sql = "OLD_PASSWORD('$password')";
}
$sql = "SELECT username FROM user WHERE username='$username' AND $password_check_sql";
$db_results = mysql_query($sql, vauth_dbh()); $db_results = mysql_query($sql, vauth_dbh());
$results = mysql_fetch_assoc($db_results); $results = mysql_fetch_assoc($db_results);