wups forgot the stupid mysql pw mojo fix

1 files changed, 16 insertions, 1 deletions

diff --git a/modules/vauth/auth.lib.php b/modules/vauth/auth.lib.php
index fdd3060d..8061c17d 100644
--- a/modules/vauth/auth.lib.php
+++ b/modules/vauth/auth.lib.php
@@ -55,7 +55,22 @@ function vauth_mysql_auth($username,$password) {
 	$username = sql_escape($username);
 	$password = sql_escape($password);
 
-	$sql = "SELECT username FROM user WHERE username='$username' AND password=PASSWORD('$password')";
+        $password_check_sql = "PASSWORD('$password')";
+
+	$sql = "SELECT password FROM user WHERE username='$username'";
+	$db_results = mysql_query($sql, vauth_dbh());
+	$row = mysql_fetch_row($db_results);
+
+        $sql = "SELECT version()";
+        $db_results = mysql_query($sql, vauth_dbh());
+        $version = mysql_fetch_row($db_results);
+        $mysql_version = substr(preg_replace("/(\d+)\.(\d+)\.(\d+).*/","$1$2$3",$version[0]),0,3);
+        
+	if ($mysql_version > "409" AND substr($row[0],0,1) !== "*") {
+	        $password_check_sql = "OLD_PASSWORD('$password')";
+        }
+
+	$sql = "SELECT username FROM user WHERE username='$username' AND $password_check_sql";
 	$db_results = mysql_query($sql, vauth_dbh());
 
 	$results = mysql_fetch_assoc($db_results);