From 273884a65274e2688df1b2d3dc37103a46117772 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Mon, 8 Aug 2005 20:52:19 +0000
Subject: - new : external authentication in another users table. Previous
 users table   is divided between users (common properties with any web
 application) and   user_infos (phpwebgallery specific informations). External
 table and   fields can be configured.

- modification : profile.php is not reachable through administration anymore
  (not useful).

- modification : in profile.php, current password is mandatory only if user
  tries to change his password. Username can't be changed.

- deletion : of obsolete functions get_user_restrictions,
  update_user_restrictions, get_user_all_restrictions, is_user_allowed,
  update_user

- modification : $user['forbidden_categories'] equals at least "-1" so that
  category_id NOT IN ($user['forbidden_categories']) can always be used.

- modification : user_forbidden table becomes user_cache so that not only
  restriction informations can be stored in this table.


git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 identification.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'identification.php')

diff --git a/identification.php b/identification.php
index 5b7a776ef..2301934dd 100644
--- a/identification.php
+++ b/identification.php
@@ -33,14 +33,16 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
 $errors = array();
 if (isset($_POST['login']))
 {
+  $username = mysql_escape_string($_POST['username']);
   // retrieving the encrypted password of the login submitted
   $query = '
-SELECT id, password
+SELECT '.$conf['user_fields']['id'].' AS id,
+       '.$conf['user_fields']['password'].' AS password
   FROM '.USERS_TABLE.'
-  WHERE username = \''.$_POST['username'].'\'
+  WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
 ;';
   $row = mysql_fetch_array(pwg_query($query));
-  if ($row['password'] == md5($_POST['password']))
+  if ($row['password'] == $conf['pass_convert']($_POST['password']))
   {
     $session_length = $conf['session_length'];
     if ($conf['authorize_remembering']
-- 
cgit v1.2.3