Make the auth system fail for wrong right-hand password, so members don't get

stuck with bad credentials cached.

lib/auth.php

@@ -87,16 +87,20 @@ CREATE TABLE members (
 				return FALSE;
 			}
 		}
+
+		$ret = FALSE;
+
+		$db = @mysql_pconnect (sqlHost, sqlRWUser, sqlRWPass);
 		$query = "SELECT u_password, 1 AS auth FROM members" .
 				" WHERE u_username='$user'" .
 				" AND u_password=ENCRYPT('$password','$user')";
 		$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
 
-		if ($result[auth]) {
-			return TRUE;
-		} else {
-			return FALSE;
-		}
+		if ($result[auth])
+			$ret = TRUE;
+
+		@mysql_close ($db);
+		return $ret;
 	}
 
 	/*
@@ -119,8 +123,6 @@ CREATE TABLE members (
 		$password = $_SERVER['PHP_AUTH_PW'];
 	}
 
-	$db = @mysql_connect (sqlHost, sqlUser, sqlPass);
-
 	if ($userName && $password) {
 		if (!authProcess ($userName, $password, TRUE)) {
 			authBasicChallenge ($authRealm, "Login incorrect.");
@@ -130,9 +132,9 @@ CREATE TABLE members (
 	}
 	$_SERVER['REMOTE_USER'] = $REMOTE_USER = $userName;
 
+	$db = @mysql_pconnect (sqlHost, sqlRWUser, sqlRWPass);
 	$query = "SELECT * FROM members" .
 			" WHERE u_username='$userName'";
 	$userInfo = @mysql_fetch_assoc (@mysql_db_query (sqlDB, $query));
-
 	@mysql_close ($db);
 ?>