$ret = "pass";
$_CONFIG['cache_hits']++;
} else {
+ $ADD = "";
+ if (GET_EXT_VERSION("admins") >= "0.7.0") {
+ // Load them here
+ $ADD = ", login_failtures, UNIX_TIMESTAMP(last_failture) AS last_failture";
+ } // END - if
+
// Get password from DB
- $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT password".$ADD." FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1",
array($admin_login), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1) {
+ // Login password found
$ret = "pass";
- list($pass) = SQL_FETCHROW($result);
- SQL_FREERESULT($result);
- }
+
+ // Fetch data
+ $data = SQL_FETCHARRAY($result);
+ } // END - if
+
+ // Free result
+ SQL_FREERESULT($result);
}
- //* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."<br />";
- if ((strlen($pass) == 32) && ($pass == md5($password))) {
+ //* DEBUG: */ echo "*".$data['password']."/".md5($password)."/".$ret."<br />";
+ if ((strlen($data['password']) == 32) && ($data['password'] == md5($password))) {
// Generate new hash
- $pass = generateHash($password);
+ $data['password'] = generateHash($password);
// Is the sql_patches not installed, than we cannot have a valid hashed password here!
if (($ret == "pass") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done";
}
// Generate salt of password
- define('__SALT', substr($pass, 0, -40));
+ define('__SALT', substr($data['password'], 0, -40));
$salt = __SALT;
// Check if password is same
- //* DEBUG: */ echo "*".$ret.",".$pass.",".$password.",".$salt."*<br >\n";
- if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) {
+ //* DEBUG: */ echo "*".$ret.",".$data['password'].",".$password.",".$salt."*<br >\n";
+ if (($ret == "pass") && ($data['password'] == generateHash($password, $salt)) && (!empty($salt))) {
// Change the passord hash here
- $pass = generateHash($password);
+ $data['password'] = generateHash($password);
+
+ // Do we have 0.7.0 of admins or later?
+ // Remmeber login failtures if available
+ if (GET_EXT_VERSION("admins") >= "0.7.0") {
+ // Store it in session
+ set_session("mxchange_admin_failtures", $data['login_failtures']);
+ ses_session("mxchange_admin_last_fail", $data['last_failture']);
+ } // END - if
// Update password
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
- array($pass, $admin_login), __FILE__, __LINE__);
+ array($data['password'], $admin_login), __FILE__, __LINE__);
// Shall I remove the cache file?
if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) {
if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
- }
+ } // END - if
// Login has failed by default... ;-)
$ret = "failed";
// Password matches so login here
- if (LOGIN_ADMIN($admin_login, $pass)) {
+ if (LOGIN_ADMIN($admin_login, $data['password'])) {
// All done now
$ret = "done";
- }
+ } // END - if
} elseif ((empty($salt)) && ($ret == "pass")) {
// Something bad went wrong
$ret = "failed";
} elseif ($ret == "done") {
// Try to login here if we have the old hashing way (sql_patches not installed?)
- if (!LOGIN_ADMIN($admin_login, $pass)) {
+ if (!LOGIN_ADMIN($admin_login, $data['password'])) {
// Something went wrong
$ret = "failed";
}