From dbef43c3a859518367f9ee0dde8e895ec677af23 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 16 May 2008 21:14:01 +0000 Subject: [PATCH] More fixes for admin password hashing --- inc/db/lib-mysql3.php | 7 +- inc/functions.php | 7 +- inc/language/de.php | 1 + inc/modules/admin.php | 21 +++-- inc/modules/admin/admin-inc.php | 129 +++++++++++++------------- inc/modules/admin/what-extensions.php | 8 +- inc/mysql-connect.php | 20 ++-- inc/mysql-manager.php | 49 ++++++---- 8 files changed, 142 insertions(+), 100 deletions(-) diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php index f9f1e74d02..6bb648c436 100644 --- a/inc/db/lib-mysql3.php +++ b/inc/db/lib-mysql3.php @@ -84,10 +84,13 @@ function SQL_QUERY($sql_string, $F, $L) { // SQL num rows function SQL_NUMROWS($result) { - if ($result != false) { + // Is the result a valid resource? + if (is_resource($result)) { + // Get the count of rows from database $lines = @mysql_num_rows($result); - if (empty($lines)) $lines = "0"; + // Is the result empty? Then we have an error! + if (empty($lines)) $lines = "0"; } else { // No resource given, no lines found! $lines = "0"; diff --git a/inc/functions.php b/inc/functions.php index e24be85a2d..bfa97b999a 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1805,7 +1805,7 @@ function CREATE_EMAIL_LINK($email, $table="admins") { return $EMAIL; } // Generate a hash for extra-security for all passwords -function generateHash($plainText, $salt = "") { +function generateHash ($plainText, $salt = "") { global $_CONFIG, $_SERVER; // Is the required extension "sql_patches" there? @@ -1997,6 +1997,11 @@ function generatePassString($passHash) { //* DEBUG: */ die($passHash."
".$newHash." (".strlen($newHash).")"); $ret = generateHash($newHash, $_CONFIG['master_salt']); + } else { + // Hash it simple + //* DEBUG: */ echo "--".$passHash."--
\n"; + $ret = md5($passHash); + //* DEBUG: */ echo "++".$ret."++
\n"; } // Return result diff --git a/inc/language/de.php b/inc/language/de.php index ff35894d31..29d0037634 100644 --- a/inc/language/de.php +++ b/inc/language/de.php @@ -1104,6 +1104,7 @@ define('ADMIN_CONFIG_MAILID_REDIRECT_INDEX', "Auf Hauptseite weiterleiten."); define('ADMIN_CONFIG_MAILID_REDIRECT_REJECT', "Auf Ablehnungsseite umleiten."); define('REASON_DIRECT_PAYMENT', "Direkte Gutschrift (siehe evtl. vorangegangene Mail)"); define('SUBJECT_DIRECT_PAYMENT', "Direkte {!POINTS!}-Gutschrift durch das System"); +define('ADMIN_LOGOUT_SQL_PATCHES_DONE', "Sie wurden automatisch ausgeloggt, da Sie die Erweiterung sql_patches installiert haben und dabei das Passort-Hashing geändert/verbessert wurde. Bitte erneut einloggen!"); // ?> diff --git a/inc/modules/admin.php b/inc/modules/admin.php index c0e1fdf48a..a8d2d13419 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -49,15 +49,12 @@ require_once(PATH."inc/modules/admin/admin-inc.php"); // Fix "deleted" cookies in PHP4 (PHP5 does remove them, PHP4 sets them to deleted!) FIX_DELETED_COOKIES(array('admin_login', 'admin_md5', 'admin_last', 'admin_to')); -// Is the logout empty? -if (empty($_GET['logout'])) $_GET['logout'] = ""; - if (!isBooleanConstantAndTrue('admin_registered')) { // Admin is not registered so we have to inform the user if ((isset($_POST['ok'])) && ((empty($_POST['login'])) || (empty($_POST['pass'])) || (strlen($_POST['pass']) < 4))) $_POST['ok'] = "***"; if ((isset($_POST['ok'])) && ($_POST['ok'] != "***")) { // Hash the password with the old function because we are here in install mode - $hashedPass = md5($hashedPass); + $hashedPass = md5($_POST['pass']); // Do registration $ret = REGISTER_ADMIN($_POST['login'], $hashedPass); @@ -86,6 +83,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Any other kind $ret = "done"; } + if (!isBooleanConstantAndTrue('admin_registered')) { // Write to config that registration is done admin_WriteData(PATH."inc/config.php", "ADMIN-SETUP", "define('admin_registered', ", ");", "true", 0); @@ -97,6 +95,8 @@ if (!isBooleanConstantAndTrue('admin_registered')) { break; } } + + // Whas that action okay? if ($ret != "done") { // Fixes another "Notice" if (!empty($_POST['login'])) { @@ -250,7 +250,7 @@ if (!isBooleanConstantAndTrue('admin_registered')) { // Load login form template LOAD_TEMPLATE("admin_login_form", false, $content); } -} elseif ($_GET['logout'] == "1") { +} elseif (isset($_GET['logout'])) { // Only try to remove cookies if (set_session("admin_login", "") && set_session("admin_md5", "") && set_session("admin_last", "") && set_session("admin_to", "")) { // Also remove array elements @@ -263,7 +263,13 @@ if (!isBooleanConstantAndTrue('admin_registered')) { @session_destroy(); // Load logout template - LOAD_TEMPLATE("admin_logout"); + if (isset($_GET['sql_patches'])) { + // Special logout redirect for sql_patchrs + LOAD_TEMPLATE("admin_logout_sql_patches"); + } else { + // Logged out normally + LOAD_TEMPLATE("admin_logout"); + } } else { // Something went wrong here... OUTPUT_HTML("".ADMIN_LOGOUT_FAILED.""); @@ -274,7 +280,8 @@ if (!isBooleanConstantAndTrue('admin_registered')) { } else { // Maybe an Admin want's to login? $ret = CHECK_ADMIN_COOKIES(SQL_ESCAPE(get_session('admin_login')), SQL_ESCAPE(get_session('admin_md5'))); - switch ($ret) { + switch ($ret) + { case "done": // Cookie-Data accepted if ((set_session("admin_md5", SQL_ESCAPE(get_session('admin_md5')))) && (set_session("admin_login", SQL_ESCAPE(get_session('admin_login')))) && (set_session("admin_last", time())) && (set_session("admin_to", bigintval(get_session('admin_to'))))) { diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index f9f775a003..8f4623b052 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -39,20 +39,17 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) } // -function REGISTER_ADMIN ($user, $md5) +function REGISTER_ADMIN ($user, $md5, $email=WEBMASTER) { $ret = "failed"; $result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($user), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 0) - { + if (SQL_NUMROWS($result) == 0) { // Ok, let's create the admin login - $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '".WEBMASTER."')", - array($user, $md5), __FILE__, __LINE__); + $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_admins (login, password, email) VALUES('%s', '%s', '%s')", + array($user, $md5, $email), __FILE__, __LINE__); $ret = "done"; - } - else - { + } else { // Free memory SQL_FREERESULT($result); @@ -66,35 +63,30 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) { global $cacheArray, $_CONFIG, $cacheInstance; $ret = "404"; $pass = ""; - if (!empty($cacheArray['admins']['aid'][$admin_login])) - { + if (!empty($cacheArray['admins']['aid'][$admin_login])) { // Get password from cache $pass = $cacheArray['admins']['password'][$admin_login]; $ret = "pass"; $_CONFIG['cache_hits']++; - } - else - { + } else { // Get password from DB $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin_login), __FILE__, __LINE__); - if (SQL_NUMROWS($result) == 1) - { + if (SQL_NUMROWS($result) == 1) { $ret = "pass"; list($pass) = SQL_FETCHROW($result); SQL_FREERESULT($result); } } - //* DEBUG: */ echo "*".$pass."/".$password."/".$ret."
"; - if ((strlen($pass) == 32) && ($pass == md5($password))) - { + //* DEBUG: */ echo "*".$pass."/".md5($password)."/".$ret."
"; + if ((strlen($pass) == 32) && ($pass == md5($password))) { // Generate new hash $pass = generateHash($password); - if (($ret == "pass") && (GET_EXT_VERSION("sql_patches") < "0.3.6")) $ret = "done"; - } - elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) - { + + // Is the sql_patches not installed, than we cannot have a valid hashed password here! + if (($ret == "pass") && ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == ""))) $ret = "done"; + } elseif ((GET_EXT_VERSION("sql_patches") < "0.3.6") || (GET_EXT_VERSION("sql_patches") == "")) { // Old hashing way return $ret; } @@ -104,28 +96,25 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) $salt = __SALT; // Check if password is same - if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) - { + if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) { // Update password $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1", array($pass, $admin_login), __FILE__, __LINE__); // Shall I remove the cache file? - if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) - { + if ((EXT_IS_ACTIVE("cache")) && ($cacheInstance != false)) { if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy(); } // Password matches! $ret = "done"; - } - elseif ((empty($salt)) && ($ret == "pass")) - { + } elseif ((empty($salt)) && ($ret == "pass")) { // Something bad went wrong $ret = "failed"; } return $ret; } + // Only be executed on cookie checking function CHECK_ADMIN_COOKIES ($admin_login, $password) { global $cacheArray, $_CONFIG; @@ -140,16 +129,21 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { $result = SQL_QUERY_ESC("SELECT password FROM "._MYSQL_PREFIX."_admins WHERE login='%s' LIMIT 1", array($admin_login), __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { + // Entry found $ret = "pass"; + + // Fetch password list($pass) = SQL_FETCHROW($result); - SQL_FREERESULT($result); } + + // Free result + SQL_FREERESULT($result); } - //* DEBUG: */ echo "*".$pass."/".$password."
"; + //* DEBUG: */ echo __FUNCTION__.":".$pass."/".$password."
"; // Check if password matches - if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password))) { + if (($ret == "pass") && ((generatePassString($pass) == $password) || ($pass == $password) || ((strlen($pass) == 32) && (md5($password) == $pass)))) { // Passwords matches! $ret = "done"; } @@ -158,66 +152,75 @@ function CHECK_ADMIN_COOKIES ($admin_login, $password) { return $ret; } // -function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) -{ - $done = false; $seek++; $found = false; - if (file_exists($file)) - { +function admin_WriteData ($file, $comment, $prefix, $suffix, $DATA, $seek=0) { + // Initialize some variables + $done = false; + $seek++; + $found = false; + + // Is the file there and read-/write-able? + if ((file_exists($file)) && (is_readable($file)) && (is_writeable($file))) { $search = "CFG: ".$comment; $tmp = $file.".tmp"; - $fp = fopen($file, 'r') or OUTPUT_HTML("READ: ".$file."
"); - if ($fp) - { - $fp_tmp = fopen($tmp, 'w') or OUTPUT_HTML("WRITE: ".$tmp."
"); - if ($fp_tmp) - { - while (! feof($fp)) - { + + // Open the source file + $fp = @fopen($file, 'r') or OUTPUT_HTML("READ: ".$file."
"); + + // Is the resource valid? + if (is_resource($fp)) { + // Open temporary file + $fp_tmp = @fopen($tmp, 'w') or OUTPUT_HTML("WRITE: ".$tmp."
"); + + // Is the resource again valid? + if (is_resource($fp_tmp)) { + while (!feof($fp)) { + // Read from source file $line = fgets ($fp, 1024); + if (strpos($line, $search) > -1) { $next = 0; $found = true; } - if ($next > -1) - { - if ($next == $seek) - { + + if ($next > -1) { + if ($next == $seek) { $next = -1; $line = $prefix . $DATA . $suffix."\n"; - } - else - { + } else { $next++; } } + + // Write to temp file fputs($fp_tmp, $line); } + + // Close temp file fclose($fp_tmp); + // Finished writing tmp file $done = true; } + + // Close source file fclose($fp); - if (($done) && ($found)) - { + + if (($done) && ($found)) { // Copy back tmp file and delete tmp :-) @copy($tmp, $file); @unlink($tmp); define('_FATAL', false); - } - elseif (!$found) - { + } elseif (!$found) { OUTPUT_HTML("CHANGE: 404!"); define('_FATAL', true); - } - else - { + } else { OUTPUT_HTML("TMP: UNDONE!"); define('_FATAL', true); } } - } - else - { + } else { + // File not found, not readable or writeable OUTPUT_HTML("404: ".$file."
"); } } + // function ADMIN_DO_ACTION($wht) { diff --git a/inc/modules/admin/what-extensions.php b/inc/modules/admin/what-extensions.php index fb0f2f2c26..ce97012cdd 100644 --- a/inc/modules/admin/what-extensions.php +++ b/inc/modules/admin/what-extensions.php @@ -304,7 +304,13 @@ case "register": // Register new extension // ... so we can finally register and load it in registration mode $status = EXTENSION_REGISTER($ext_name, $id); - if ($status) { + if ($status == true) { + // Is this sql_patches? Then we need to auto-logout! + if ($ext_name == "sql_patches") { + // Auto-logout here + LOAD_URL("admin.php?module=admin&logout=1&sql_patches=1"); + } + // Extension was found and successfully registered LOAD_TEMPLATE("admin_settings_saved", false, ADMIN_EXTENSION_REGISTERED); diff --git a/inc/mysql-connect.php b/inc/mysql-connect.php index e01516610f..813bcb6762 100644 --- a/inc/mysql-connect.php +++ b/inc/mysql-connect.php @@ -32,8 +32,7 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } @@ -65,7 +64,6 @@ if ((empty($MySQL['login'])) && (!isBooleanConstantAndTrue('mxchange_installing' echo "".LANG_WARNING.": ".WARN_NULL_PASSWORD; } - // Init configuration arrays $_CONFIG = array( 'code_length' => 0 @@ -97,6 +95,9 @@ if ((!isBooleanConstantAndTrue('mxchange_installing')) && (isBooleanConstantAndT // Is it a valid resource? if ($db === true) { + // Load more include files + require_once(PATH."inc/mysql-manager.php"); // Functions which interact with the database + // Load configuration stuff $result = SQL_QUERY("SELECT pass_len, points_register, points_ref, least_cats, check_double_email, check_double_pass, admin_notify, url_tlock, test_text, max_tlength, test_subj, autosend_active, max_send, url_blacklist, auto_purge, auto_purge_active, last_update, unconfirmed, profile_lock, online_timeout, mad_timestamp, mad_count, profile_update, send_prof_update, resend_profile_update, code_length, patch_level, patch_ctime, guest_stats, ref_payout, activate_xchange, order_multi_page, display_refid, ip_timeout, allow_direct_pay, config FROM "._MYSQL_PREFIX."_config @@ -105,7 +106,7 @@ LIMIT 1", __FILE__, __LINE__); if (SQL_NUMROWS($result) == 1) { // Load data when previous SQL query did not fail - if (!$result) { + if (!is_resource($result)) { // Something went wrong ADD_FATAL(FATAL_CANNOT_LOAD_CONFIG); return; @@ -117,9 +118,6 @@ LIMIT 1", __FILE__, __LINE__); // Initialize include-file-pool $INC_POOL = array(); - // Load more include files - require_once(PATH."inc/mysql-manager.php"); // Functions which interact with the database - // Run daily reset if ((date("d", $_CONFIG['last_update']) != date("d", time()) || ((isBooleanConstantAndTrue('DEBUG_MODE')))) && (!isBooleanConstantAndTrue('mxchange_installing')) && (isBooleanConstantAndTrue('mxchange_installed')) && (isBooleanConstantAndTrue('admin_registered')) && (!isset($_GET['register'])) && ($CSS != 1)) { // Do daily things in external PHP file but only when script is completely setup @@ -133,7 +131,7 @@ LIMIT 1", __FILE__, __LINE__); require_once(PATH."inc/load_extensions.php"); // Loading patching system is required here... - require_once(PATH."inc/patch-system.php"); // Initialize patch system + require_once(PATH."inc/patch-system.php"); // Initialize patch system // Functions which are related to themes require_once(PATH."inc/theme-manager.php"); @@ -191,12 +189,18 @@ LIMIT 1", __FILE__, __LINE__); $dummy = CHECK_MODULE($GLOBALS['module']); if ($dummy == "done") COUNT_MODULE($GLOBALS['module']); unset($dummy); + + // Shall we activate the exchange? if ($_CONFIG['activate_xchange'] > 0) activateExchange(); } else { // If you will read following error message you probably need to contact me (webmaster@mxchange.org) // and download the sql-upgrades extension from my server. Please ask me which SQL file(s) you need to // import *BEFORE* you import them! ADD_FATAL(FATAL_CANNOT_LOAD_CONFIG); + + // Reset link and db here, close database first + SQL_CLOSE($link, __FILE__, __LINE__); + $link = false; $db = false; } // Free memory diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index e4bcad187c..723f61ecb6 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -32,8 +32,7 @@ ************************************************************************/ // Some security stuff... -if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) -{ +if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) { $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php"; require($INC); } @@ -73,6 +72,7 @@ function ADD_MODULE_TITLE($mod) { } return $name; } + // Check validity of a given module name (no file extension) function CHECK_MODULE($mod) { // We need them now here... @@ -187,9 +187,9 @@ function CHECK_MODULE($mod) { // Return the value return $ret; } + // Add menu description pending on given file name (without path!) -function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) -{ +function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) { global $DEPTH, $_CONFIG; $LINK_ADD = ""; $OUT = ""; $AND = ""; // First we have to do some analysis... @@ -251,12 +251,16 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) if (!$return) $DEPTH++; $prefix = ""; } + $prefix .= " -> "; + if (ereg(".php", $search)) { $search = substr($search, 0, strpos($search, ".php")); } + $result = SQL_QUERY_ESC("SELECT title FROM "._MYSQL_PREFIX."_%s_menu WHERE %s='%s' ".$AND." LIMIT 1", array($ACC_LVL, $type, $search), __FILE__, __LINE__); + if (SQL_NUMROWS($result) == 1) { list($ret) = SQL_FETCHROW($result); SQL_FREERESULT($result); @@ -287,22 +291,28 @@ function ADD_DESCR($ACC_LVL, $file, $return = false, $output = true) // function ADD_MENU($MODE, $act, $wht) { global $_CONFIG; + + // Init some variables + $main_cnt = 0; + $AND = ""; + $main_action = ""; + $sub_what = ""; + if (!VALIDATE_MENU_ACTION($MODE, $act, $wht, true)) return CODE_MENU_NOT_VALID; - $main_cnt = 0; $AND = ""; $main_action = ""; $sub_what = ""; - if (!IS_ADMIN()) - { + + // Non-admin shall not see all menus + if (!IS_ADMIN()) { $AND = "AND visible='Y' AND locked='N'"; } + // Load SQL data and add the menu to the output stream... $result_main = SQL_QUERY_ESC("SELECT title, action FROM "._MYSQL_PREFIX."_%s_menu WHERE what='' ".$AND." ORDER BY sort", array($MODE), __FILE__, __LINE__); //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*
\n"; - if (SQL_NUMROWS($result_main) > 0) - { + if (SQL_NUMROWS($result_main) > 0) { OUTPUT_HTML(""); // There are menus available, so we simply display them... :) - while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) - { + while (list($main_title, $main_action) = SQL_FETCHROW($result_main)) { //* DEBUG: */ echo __LINE__."/".$main_cnt."/".$main_action."/".$sub_what.":".$GLOBALS['what']."*
\n"; // Load menu header template $BLOCK_MODE = false; $act = $main_action; @@ -311,11 +321,10 @@ function ADD_MENU($MODE, $act, $wht) { $result_sub = SQL_QUERY_ESC("SELECT title, what FROM "._MYSQL_PREFIX."_%s_menu WHERE action='%s' AND what != '' ".$AND." ORDER BY sort", array($MODE, $main_action), __FILE__, __LINE__); $ctl = SQL_NUMROWS($result_sub); - if ($ctl > 0) - { + if ($ctl > 0) { $cnt=0; - while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) - { + while (list($sub_title, $sub_what) = SQL_FETCHROW($result_sub)) { + // Init content $content = ""; // Full file name for checking menu @@ -390,7 +399,9 @@ function IS_ADMIN($admin="") // If admin login is not given take current from cookies... if ((empty($admin)) && (isSessionVariableSet('admin_login')) && (isSessionVariableSet('admin_md5'))) { - $admin = SQL_ESCAPE(get_session('admin_login')); $passCookie = get_session('admin_md5'); + // Get admin login and password from session/cookies + $admin = SQL_ESCAPE(get_session('admin_login')); + $passCookie = SQL_ESCAPE(get_session('admin_md5')); } //* DEBUG: */ echo __LINE__."ADMIN:".$admin."/".$passCookie."
"; @@ -411,6 +422,8 @@ function IS_ADMIN($admin="") if (SQL_NUMROWS($result) == 1) { // Admin login was found so let's load password from DB list($passDB) = SQL_FETCHROW($result); + + // Generate password hash $valPass = generatePassString($passDB); } @@ -420,8 +433,8 @@ function IS_ADMIN($admin="") if (!empty($valPass)) { // Check if password is valid - //* DEBUG: */ echo __LINE__."*".$valPass."/".$passCookie)."*
"; - $ret = (($valPass == $passCookie) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache")))); + //* DEBUG: */ echo __FUNCTION__."*".$valPass."/".$passCookie."*
\n"; + $ret = (($valPass == $passCookie) || ((strlen($valPass) == 32) && ($valPass == md5($passCookie))) || (($valPass == "*FAILED*") && (!EXT_IS_ACTIVE("cache")))); } // Return result of comparision -- 2.30.2