- revert feature 564: log the login of each user; but add the possibility to be

done by a plugin
- create a "standard" way to define PHP functions that we use but might not be
available in the current php version
- when a comment is rejected (spam, anti-flood etc), put the content back to the
browser in case there is a real user behind it
- now a comment can be entered only if the page was retrieved between 2 seconds
ago and 1 hour ago

git-svn-id: http://piwigo.org/svn/trunk@1744 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 1 insertions, 13 deletions

diff --git a/include/ws_functions.inc.php b/include/ws_functions.inc.php
index 849407ef2..61310265b 100644
--- a/include/ws_functions.inc.php
+++ b/include/ws_functions.inc.php
@@ -494,20 +494,8 @@ function ws_session_login($params, &$service)
   {
     return new PwgError(400, "This method requires POST");
   }
-
-  $username = $params['username'];
-  // retrieving the encrypted password of the login submitted
-  $query = '
-SELECT '.$conf['user_fields']['id'].' AS id,
-       '.$conf['user_fields']['password'].' AS password
-  FROM '.USERS_TABLE.'
-  WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
-;';
-  $row = mysql_fetch_assoc(pwg_query($query));
-
-  if ($row['password'] == $conf['pass_convert']($params['password']))
+  if (try_log_user($params['username'], $params['password'],false))
   {
-    log_user($row['id'], false);
     return true;
   }
   return new PwgError(999, 'Invalid username/password');