Make the auth system fail for wrong right-hand password, so members don't get

stuck with bad credentials cached.
This commit is contained in:
Jeff Teunissen 2007-03-16 17:18:16 +00:00
parent 23505842f1
commit 5754d54a63

View file

@ -87,16 +87,20 @@ CREATE TABLE members (
return FALSE;
}
}
$ret = FALSE;
$db = @mysql_pconnect (sqlHost, sqlRWUser, sqlRWPass);
$query = "SELECT u_password, 1 AS auth FROM members" .
" WHERE u_username='$user'" .
" AND u_password=ENCRYPT('$password','$user')";
$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
if ($result[auth]) {
return TRUE;
} else {
return FALSE;
}
if ($result[auth])
$ret = TRUE;
@mysql_close ($db);
return $ret;
}
/*
@ -119,8 +123,6 @@ CREATE TABLE members (
$password = $_SERVER['PHP_AUTH_PW'];
}
$db = @mysql_connect (sqlHost, sqlUser, sqlPass);
if ($userName && $password) {
if (!authProcess ($userName, $password, TRUE)) {
authBasicChallenge ($authRealm, "Login incorrect.");
@ -130,9 +132,9 @@ CREATE TABLE members (
}
$_SERVER['REMOTE_USER'] = $REMOTE_USER = $userName;
$db = @mysql_pconnect (sqlHost, sqlRWUser, sqlRWPass);
$query = "SELECT * FROM members" .
" WHERE u_username='$userName'";
$userInfo = @mysql_fetch_assoc (@mysql_db_query (sqlDB, $query));
@mysql_close ($db);
?>