function mysql_authenticate($username, $password) { $encrypted_old = md5($password); $row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", array($username)); if ($row['username'] && $row['username'] == $username) { // Migrate from old, unhashed password if ($row['password'] == $encrypted_old) { $row = dbFetchRow("DESCRIBE `users` `password`"); if ($row['Type'] == 'varchar(34)') { mysql_auth_change_password($username, $password); } return 1; } if ($row['password'] == crypt($password, $row['password'])) { return 1; } } session_logout(); return 0; }
/** * Check username and password against MySQL authentication backend. * Cut short if remote_user setting is on, as we assume the user has already authed against Apache. * * @param string $username User name to check * @param string $password User password to check * @return int Authentication success (0 = fail, 1 = success) FIXME bool */ function mysql_authenticate($username, $password) { $encrypted_old = md5($password); $row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", array($username)); if ($row['username'] && $row['username'] == $username) { // Migrate from old, unhashed password // CLEANME remove this at r8000 but not before CE late 2015 if ($row['password'] == $encrypted_old) { $row = dbFetchRow("DESCRIBE `users` `password`"); if ($row['Type'] == 'varchar(34)') { mysql_auth_change_password($username, $password); } return 1; } if ($config['auth']['remote_user'] || $row['password'] == crypt($password, $row['password'])) { return 1; } } //session_logout(); return 0; }