Can still connect if option do not save clear password is reversed.

03010ac7 · Laurent Destailleur · 3ad5d6b5 · 03010ac7 · 03010ac7 · 03010ac7
Commit 03010ac7 authored 16 years ago by Laurent Destailleur
--- a/htdocs/admin/security.php
+++ b/htdocs/admin/security.php
@@ -61,9 +61,11 @@ if ($_GET["action"] == 'activate_encrypt')
 	$db->begin();
 	
    dolibarr_set_const($db, "DATABASE_PWD_ENCRYPTED", "1");
+
    $sql = "UPDATE ".MAIN_DB_PREFIX."user as u";
-	$sql.= " SET u.pass = NULL AND u.pass_crypted = MD5(u.pass)";
+	$sql.= " SET u.pass_crypted = MD5(u.pass), u.pass = NULL";
 	$sql.= " WHERE u.pass IS NOT NULL AND LENGTH(u.pass) < 32";	// Not a MD5 value
+	$sql.= " AND MD5(u.pass) IS NOT NULL";

 	//print $sql;
 	$result = $db->query($sql);
@@ -75,6 +77,7 @@ if ($_GET["action"] == 'activate_encrypt')
 	}
 	else
 	{
+		$db->rollback();
 		dolibarr_print_error($db,'');
 	}
 }

--- a/htdocs/includes/login/functions_dolibarr.php
+++ b/htdocs/includes/login/functions_dolibarr.php
@@ -63,23 +63,33 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
 				
 				// Check crypted password
 				$cryptType='';
-				if ($conf->global->DATABASE_PWD_ENCRYPTED) $cryptType='md5';
+				if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) $cryptType=$conf->global->DATABASE_PWD_ENCRYPTED;
+				// By default, we used MD5
+				if (! in_array($cryptType,array('md5'))) $cryptType='md5'; 
+				// Check crypted password according to crypt algorithm 
 				if ($cryptType == 'md5') 
 				{
-					if (md5($passtyped) == $passcrypted) $passok=true;
+					if (md5($passtyped) == $passcrypted) 
+					{
+						$passok=true;
+						dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok");
+					}
 				}

 				// For compatibility with old versions
 				if (! $passok)
 				{
 					if ((! $passcrypted || $passtyped) 
-						&& ($passtyped == $passclear)) $passok=true;
+						&& ($passtyped == $passclear)) 
+					{
+						$passok=true;
+						dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found pass in database");
+					}
 				}
 				
 				// Password ok ?
 				if ($passok)
 				{
-					dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok");
 					$login=$_POST["username"];
 				}
 				else

--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -19,9 +19,9 @@
 */

 /**
- \file       htdocs/index.php
- \brief      Page accueil par defaut
- \version    $Id$
+ *	\file       htdocs/index.php
+ *	\brief      Page accueil par defaut
+ *	\version    $Id$
 */

 require("./pre.inc.php");