function mysql_authenticate($username, $password)
{
$encrypted_old = md5($password);
$row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", array($username));
if ($row['username'] && $row['username'] == $username) {
// Migrate from old, unhashed password
if ($row['password'] == $encrypted_old) {
$row = dbFetchRow("DESCRIBE `users` `password`");
if ($row['Type'] == 'varchar(34)') {
mysql_auth_change_password($username, $password);
}
return 1;
}
if ($row['password'] == crypt($password, $row['password'])) {
return 1;
}
}
session_logout();
return 0;
}
/**
* Check username and password against MySQL authentication backend.
* Cut short if remote_user setting is on, as we assume the user has already authed against Apache.
*
* @param string $username User name to check
* @param string $password User password to check
* @return int Authentication success (0 = fail, 1 = success) FIXME bool
*/
function mysql_authenticate($username, $password)
{
$encrypted_old = md5($password);
$row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", array($username));
if ($row['username'] && $row['username'] == $username) {
// Migrate from old, unhashed password
// CLEANME remove this at r8000 but not before CE late 2015
if ($row['password'] == $encrypted_old) {
$row = dbFetchRow("DESCRIBE `users` `password`");
if ($row['Type'] == 'varchar(34)') {
mysql_auth_change_password($username, $password);
}
return 1;
}
if ($config['auth']['remote_user'] || $row['password'] == crypt($password, $row['password'])) {
return 1;
}
}
//session_logout();
return 0;
}
