@@ -124,11 +124,12 @@ function password_check($oldpassword, $profile_id) $db_pass = $data_passchk[$db_user_password]; $initString = '$H$'; - $testVal = $pwd_hasher->CheckPassword($oldpassword, $db_pass); + $testVal = $pwd_hasher->CheckPassword($oldpassword, $db_pass, $initString); + if ($testVal) - return 0; + return TRUE; else - return 1; + return FALSE; } function phpraid_login() @@ -162,7 +163,6 @@ function phpraid_login() ); $result = $db_raid->sql_query($sql) or print_error($sql, mysql_error(), 1); - //WRM database //$sql = sprintf("SELECT username, password FROM " . $phpraid_config['db_prefix'] . "profile WHERE username = %s", // quote_smart($username) @@ -299,4 +299,4 @@ if (!isset($_SESSION['initiated'])) { } } -?> \ No newline at end of file +?> auth/auth_phpbb3.php 9415e32a0e7259c88519a7e20c875fed9e382ae7 Douglas Wagner dwagner@wstldwagner2.rgare.net http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a 7dd6367ae85003dd5d715431b6ab695f2c2f200a 2008-10-13T14:26:19-07:00 2008-10-13T14:26:19-07:00 Bug Fix: Fixes problem with phpBB3 bridge allowing login with ANY password. 0b8762860383f1afb7fb50732e2a63f5f152c69d Douglas Wagner dwagner@wstldwagner2.rgare.net