diff options
| -rwxr-xr-x | docs/CHANGELOG | 3 | ||||
| -rw-r--r-- | lib/class/vauth.class.php | 57 |
2 files changed, 4 insertions, 56 deletions
diff --git a/docs/CHANGELOG b/docs/CHANGELOG index 950e7484..b180bffa 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,6 +4,7 @@ -------------------------------------------------------------------------- v.3.6-future + - Removed support for extremely old passwords - Playlists imported from M3U now retain their ordering (patch by Florent Fourcot) - Removed HTML entity encoding of plaintext email (reported by USMC Guy) @@ -11,6 +12,7 @@ (reported by Istarion) - Fixed ASF tag parsing regression (reported by cygn) +-------------------------------------------------------------------------- v.3.6-Alpha2 2012-08-15 - Fixed CLI database load to work regardless of whether it's run from the top-level directory (reported by porthose) @@ -74,7 +76,6 @@ - Added Fresh theme - Fixed spurious API handshake failure output - -------------------------------------------------------------------------- v.3.6-Alpha1 04/27/2011 - Fixed forced transcoding diff --git a/lib/class/vauth.class.php b/lib/class/vauth.class.php index 5e928039..d9e623f2 100644 --- a/lib/class/vauth.class.php +++ b/lib/class/vauth.class.php @@ -515,10 +515,8 @@ class vauth { /** * mysql_auth - * This is the core function of our built-in authentication. It checks - * their current password and then tries to figure out if it can use the - * new SHA password hash or if it needs to fall back on the old mysql - * method. + * + * This is the core function of our built-in authentication. */ private static function mysql_auth($username, $password) { @@ -530,13 +528,6 @@ class vauth { $db_results = Dba::read($sql); if ($row = Dba::fetch_assoc($db_results)) { - // If it's using the old method - if (substr($row['password'], 0, 1) == '*' || - strlen($row['password']) < 32) { - $password = Dba::escape(scrub_in($password)); - return self::vieux_mysql_auth($username, $password); - } - // Use SHA2 now... cooking with fire. // For backwards compatibility, we hash a couple // of different variations of the password. @@ -571,50 +562,6 @@ class vauth { } // mysql_auth /** - * vieux_mysql_auth - * This is a private function, it should only be called by authenticate - */ - private static function vieux_mysql_auth($username, $password) { - - $password_check_sql = "PASSWORD('$password')"; - - // This has to still be here because lots of people use - // old_password in their config file - $sql = "SELECT `password` FROM `user` WHERE `username`='$username'"; - $db_results = Dba::read($sql); - $row = Dba::fetch_assoc($db_results); - - $sql = 'SELECT version()'; - $db_results = Dba::read($sql); - $version = Dba::fetch_row($db_results); - $mysql_version = substr( - preg_replace("/(\d+)\.(\d+)\.(\d+).*/", "$1$2$3", - $version[0]), - 0, 3); - - if ($mysql_version > '409' && - substr($row['password'], 0, 1) !== "*") { - $password_check_sql = "OLD_PASSWORD('$password')"; - } - - $sql = "SELECT `username`,`id` FROM `user` WHERE `username`='$username' AND `password`=$password_check_sql"; - $db_results = Dba::read($sql); - - if (Dba::fetch_assoc($db_results)) { - $results['type'] = 'mysql'; - $results['password'] = 'old'; - $results['success'] = true; - } - else { - $results['success'] = false; - $results['error'] = 'Old MySQL login attempt failed'; - } - - return $results; - - } // vieux_mysql_auth - - /** * local_auth * Check to make sure the pam_auth function is implemented (module is * installed), then check the credentials. |