From ac70ee39d84aefa6f34e35e9156c279fe1bbfe32 Mon Sep 17 00:00:00 2001
From: Karl 'vollmerk' Vollmer <vollmer@ampache.org>
Date: Fri, 13 Jan 2006 09:57:35 +0000
Subject: wups forgot the stupid mysql pw mojo fix

---
 modules/vauth/auth.lib.php | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/vauth/auth.lib.php b/modules/vauth/auth.lib.php
index fdd3060d..8061c17d 100644
--- a/modules/vauth/auth.lib.php
+++ b/modules/vauth/auth.lib.php
@@ -55,7 +55,22 @@ function vauth_mysql_auth($username,$password) {
 	$username = sql_escape($username);
 	$password = sql_escape($password);
 
-	$sql = "SELECT username FROM user WHERE username='$username' AND password=PASSWORD('$password')";
+        $password_check_sql = "PASSWORD('$password')";
+
+	$sql = "SELECT password FROM user WHERE username='$username'";
+	$db_results = mysql_query($sql, vauth_dbh());
+	$row = mysql_fetch_row($db_results);
+
+        $sql = "SELECT version()";
+        $db_results = mysql_query($sql, vauth_dbh());
+        $version = mysql_fetch_row($db_results);
+        $mysql_version = substr(preg_replace("/(\d+)\.(\d+)\.(\d+).*/","$1$2$3",$version[0]),0,3);
+        
+	if ($mysql_version > "409" AND substr($row[0],0,1) !== "*") {
+	        $password_check_sql = "OLD_PASSWORD('$password')";
+        }
+
+	$sql = "SELECT username FROM user WHERE username='$username' AND $password_check_sql";
 	$db_results = mysql_query($sql, vauth_dbh());
 
 	$results = mysql_fetch_assoc($db_results);
-- 
cgit