From c406d09b7c4263bcb8e5f95b8d5bd6a2aab6f25c Mon Sep 17 00:00:00 2001
From: Dave MacFarlane <driusan@gmail.com>
Date: Tue, 31 Jan 2012 10:02:00 -0500
Subject: [PATCH 1/2] Change username/password checking to user prepared
 statement

---
 php/libraries/SinglePointLogin.class.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/php/libraries/SinglePointLogin.class.inc b/php/libraries/SinglePointLogin.class.inc
index fde51a64657..f9792a78020 100644
--- a/php/libraries/SinglePointLogin.class.inc
+++ b/php/libraries/SinglePointLogin.class.inc
@@ -237,8 +237,8 @@ class SinglePointLogin extends PEAR
         }
 
         // check users table to see if we have a valid user
-        $query = "SELECT COUNT(*) AS User_count, Password_md5, Password_expiry, Active FROM users WHERE UserID = '".$_POST['username']."' GROUP BY UserID";
-        $DB->selectRow($query, $row);
+        $query = "SELECT COUNT(*) AS User_count, Password_md5, Password_expiry, Active FROM users WHERE UserID = :username GROUP BY UserID";
+        $row = $DB->pselectRow($query, array('username' => $_POST['username']));
         if (PEAR::isError($row)) {
             return PEAR::raiseError("DB Error: ".$row->getMessage());
         }

From 5f3887f947dbfc315d2904207f80d200f6636900 Mon Sep 17 00:00:00 2001
From: Dave MacFarlane <driusan@gmail.com>
Date: Tue, 31 Jan 2012 10:02:29 -0500
Subject: [PATCH 2/2] Delete legacy section of code that says to delete it.

---
 php/libraries/SinglePointLogin.class.inc | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/php/libraries/SinglePointLogin.class.inc b/php/libraries/SinglePointLogin.class.inc
index f9792a78020..91bc32165ba 100644
--- a/php/libraries/SinglePointLogin.class.inc
+++ b/php/libraries/SinglePointLogin.class.inc
@@ -262,22 +262,6 @@ class SinglePointLogin extends PEAR
                 $this->_username = $_POST['username'];
                 return true;
             }
-            // !!! DELETE ONCE ALL PASSWORDS HAVE BEEN SET TO MD5 SALTS
-            else {
-                // check users table to see if we have a valid user
-                $query = "SELECT COUNT(*) AS User_count FROM users WHERE UserID = '".$_POST['username']."' AND Password = PASSWORD('".$_POST['password']."')";
-                $DB->selectRow($query, $row2);
-                if (PEAR::isError($row2)) {
-                    return PEAR::raiseError("DB Error: ".$row2->getMessage());
-                }
-
-                // user is logged in
-                if ($row2['User_count'] == 1) {
-                    // force password expiry screen
-                    $this->showPasswordExpiryScreen();
-                }
-            }
-            // !!! END DELETE
             // bad usename or password
         }