aboutsummaryrefslogtreecommitdiffstats
path: root/identification.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2005-08-08 20:52:19 +0000
committerplegall <plg@piwigo.org>2005-08-08 20:52:19 +0000
commit273884a65274e2688df1b2d3dc37103a46117772 (patch)
tree6d0756672c6b415c38abea4c8ea831cdeb3673fb /identification.php
parent8b97a8154ebb024c1c2610d82646e48b913721bc (diff)
- new : external authentication in another users table. Previous users table
is divided between users (common properties with any web application) and user_infos (phpwebgallery specific informations). External table and fields can be configured. - modification : profile.php is not reachable through administration anymore (not useful). - modification : in profile.php, current password is mandatory only if user tries to change his password. Username can't be changed. - deletion : of obsolete functions get_user_restrictions, update_user_restrictions, get_user_all_restrictions, is_user_allowed, update_user - modification : $user['forbidden_categories'] equals at least "-1" so that category_id NOT IN ($user['forbidden_categories']) can always be used. - modification : user_forbidden table becomes user_cache so that not only restriction informations can be stored in this table. git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'identification.php')
-rw-r--r--identification.php8
1 files changed, 5 insertions, 3 deletions
diff --git a/identification.php b/identification.php
index 5b7a776ef..2301934dd 100644
--- a/identification.php
+++ b/identification.php
@@ -33,14 +33,16 @@ include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
$errors = array();
if (isset($_POST['login']))
{
+ $username = mysql_escape_string($_POST['username']);
// retrieving the encrypted password of the login submitted
$query = '
-SELECT id, password
+SELECT '.$conf['user_fields']['id'].' AS id,
+ '.$conf['user_fields']['password'].' AS password
FROM '.USERS_TABLE.'
- WHERE username = \''.$_POST['username'].'\'
+ WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
;';
$row = mysql_fetch_array(pwg_query($query));
- if ($row['password'] == md5($_POST['password']))
+ if ($row['password'] == $conf['pass_convert']($_POST['password']))
{
$session_length = $conf['session_length'];
if ($conf['authorize_remembering']