diff options
| author | Paul Arthur <paul.arthur@flowerysong.com> | 2012-09-21 13:40:08 -0400 |
|---|---|---|
| committer | Paul Arthur <paul.arthur@flowerysong.com> | 2012-09-21 14:28:53 -0400 |
| commit | 92e29041a4400612e30d0d92a2dbf5380c449308 (patch) | |
| tree | 8badff3db4701a7ddffecc49d842e62f5dc2445b /lib/class/vauth.class.php | |
| parent | a24b711143080d3819034e831aaed6c44cb5b9b0 (diff) | |
| download | ampache-92e29041a4400612e30d0d92a2dbf5380c449308.tar.gz ampache-92e29041a4400612e30d0d92a2dbf5380c449308.tar.bz2 ampache-92e29041a4400612e30d0d92a2dbf5380c449308.zip | |
Drop support for old passwords
Diffstat (limited to 'lib/class/vauth.class.php')
| -rw-r--r-- | lib/class/vauth.class.php | 57 |
1 files changed, 2 insertions, 55 deletions
diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php index 5e928039..d9e623f2 100644 --- a/lib/class/vauth.class.php +++ b/lib/class/vauth.class.php @@ -515,10 +515,8 @@ class vauth { /** * mysql_auth - * This is the core function of our built-in authentication. It checks - * their current password and then tries to figure out if it can use the - * new SHA password hash or if it needs to fall back on the old mysql - * method. + * + * This is the core function of our built-in authentication. */ private static function mysql_auth($username, $password) { @@ -530,13 +528,6 @@ class vauth { $db_results = Dba::read($sql); if ($row = Dba::fetch_assoc($db_results)) { - // If it's using the old method - if (substr($row['password'], 0, 1) == '*' || - strlen($row['password']) < 32) { - $password = Dba::escape(scrub_in($password)); - return self::vieux_mysql_auth($username, $password); - } - // Use SHA2 now... cooking with fire. // For backwards compatibility, we hash a couple // of different variations of the password. @@ -571,50 +562,6 @@ class vauth { } // mysql_auth /** - * vieux_mysql_auth - * This is a private function, it should only be called by authenticate - */ - private static function vieux_mysql_auth($username, $password) { - - $password_check_sql = "PASSWORD('$password')"; - - // This has to still be here because lots of people use - // old_password in their config file - $sql = "SELECT `password` FROM `user` WHERE `username`='$username'"; - $db_results = Dba::read($sql); - $row = Dba::fetch_assoc($db_results); - - $sql = 'SELECT version()'; - $db_results = Dba::read($sql); - $version = Dba::fetch_row($db_results); - $mysql_version = substr( - preg_replace("/(\d+)\.(\d+)\.(\d+).*/", "$1$2$3", - $version[0]), - 0, 3); - - if ($mysql_version > '409' && - substr($row['password'], 0, 1) !== "*") { - $password_check_sql = "OLD_PASSWORD('$password')"; - } - - $sql = "SELECT `username`,`id` FROM `user` WHERE `username`='$username' AND `password`=$password_check_sql"; - $db_results = Dba::read($sql); - - if (Dba::fetch_assoc($db_results)) { - $results['type'] = 'mysql'; - $results['password'] = 'old'; - $results['success'] = true; - } - else { - $results['success'] = false; - $results['error'] = 'Old MySQL login attempt failed'; - } - - return $results; - - } // vieux_mysql_auth - - /** * local_auth * Check to make sure the pam_auth function is implemented (module is * installed), then check the credentials. |