}
}
- //* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."<br />";
+ /* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."<br />";
if ((strlen($pass) == 32) && ($pass == md5($password))) {
// Generate new hash
$pass = generateHash($password);
$salt = __SALT;
// Check if password is same
+ //* DEBUG: */ echo "*".$ret.",".$pass.",".$password.",".$salt."*<br >\n";
if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) {
+ // Change the passord hash here
+ $pass = generateHash($password);
+
// Update password
$result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
array($pass, $admin_login), __FILE__, __LINE__);
if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
}
- // Password matches!
- $ret = "done";
+ // Login has failed by default... ;-)
+ $ret = "failed";
+
+ // Password matches so login here
+ if (LOGIN_ADMIN($admin_login, $pass)) {
+ // All done now
+ $ret = "done";
+ }
} elseif ((empty($salt)) && ($ret == "pass")) {
// Something bad went wrong
$ret = "failed";
+ } elseif ($ret == "done") {
+ // Try to login here if we have the old hashing way (sql_patches not installed?)
+ if (!LOGIN_ADMIN($admin_login, $pass)) {
+ // Something went wrong
+ $ret = "failed";
+ }
}
+
+ // Return the result
+ //* DEBUG: */ die("RETURN=".$ret);
return $ret;
}
+// Try to login the admin by setting some session/cookie variables
+function LOGIN_ADMIN ($adminLogin, $passHash) {
+ // Now set all session variables and return the result
+ return (
+ (
+ set_session("admin_md5", generatePassString($passHash))
+ ) && (
+ set_session("admin_login", $adminLogin)
+ ) && (
+ set_session("admin_last", time())
+ ) && (
+ set_session("admin_to", $_POST['timeout'])
+ )
+ );
+}
+
// Only be executed on cookie checking
function CHECK_ADMIN_COOKIES ($admin_login, $password) {
global $cacheArray, $_CONFIG;
SQL_FREERESULT($result);
}
- //* DEBUG: */ echo __FUNCTION__.":".$pass."/".$password."<br />";
+ //* DEBUG: */ echo __FUNCTION__.":".$pass."(".strlen($pass).")/".$password."(".strlen($password).")<br />\n";
// Check if password matches
if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) {