From 03010ac770f4d25e092d5db2bd0b1a9993aa0094 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Wed, 19 Nov 2008 18:19:51 +0000
Subject: [PATCH] Can still connect if option do not save clear password is
 reversed.

---
 htdocs/admin/security.php                    |  5 ++++-
 htdocs/includes/login/functions_dolibarr.php | 18 ++++++++++++++----
 htdocs/index.php                             |  6 +++---
 3 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php
index ca8c4609f35..08d7b4f073f 100644
--- a/htdocs/admin/security.php
+++ b/htdocs/admin/security.php
@@ -61,9 +61,11 @@ if ($_GET["action"] == 'activate_encrypt')
 	$db->begin();
 	
     dolibarr_set_const($db, "DATABASE_PWD_ENCRYPTED", "1");
+
     $sql = "UPDATE ".MAIN_DB_PREFIX."user as u";
-	$sql.= " SET u.pass = NULL AND u.pass_crypted = MD5(u.pass)";
+	$sql.= " SET u.pass_crypted = MD5(u.pass), u.pass = NULL";
 	$sql.= " WHERE u.pass IS NOT NULL AND LENGTH(u.pass) < 32";	// Not a MD5 value
+	$sql.= " AND MD5(u.pass) IS NOT NULL";
 
 	//print $sql;
 	$result = $db->query($sql);
@@ -75,6 +77,7 @@ if ($_GET["action"] == 'activate_encrypt')
 	}
 	else
 	{
+		$db->rollback();
 		dolibarr_print_error($db,'');
 	}
 }
diff --git a/htdocs/includes/login/functions_dolibarr.php b/htdocs/includes/login/functions_dolibarr.php
index 482f968e7b8..daa32926823 100644
--- a/htdocs/includes/login/functions_dolibarr.php
+++ b/htdocs/includes/login/functions_dolibarr.php
@@ -63,23 +63,33 @@ function check_user_password_dolibarr($usertotest,$passwordtotest)
 				
 				// Check crypted password
 				$cryptType='';
-				if ($conf->global->DATABASE_PWD_ENCRYPTED) $cryptType='md5';
+				if (! empty($conf->global->DATABASE_PWD_ENCRYPTED)) $cryptType=$conf->global->DATABASE_PWD_ENCRYPTED;
+				// By default, we used MD5
+				if (! in_array($cryptType,array('md5'))) $cryptType='md5'; 
+				// Check crypted password according to crypt algorithm 
 				if ($cryptType == 'md5') 
 				{
-					if (md5($passtyped) == $passcrypted) $passok=true;
+					if (md5($passtyped) == $passcrypted) 
+					{
+						$passok=true;
+						dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok");
+					}
 				}
 
 				// For compatibility with old versions
 				if (! $passok)
 				{
 					if ((! $passcrypted || $passtyped) 
-						&& ($passtyped == $passclear)) $passok=true;
+						&& ($passtyped == $passclear)) 
+					{
+						$passok=true;
+						dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found pass in database");
+					}
 				}
 				
 				// Password ok ?
 				if ($passok)
 				{
-					dolibarr_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok");
 					$login=$_POST["username"];
 				}
 				else
diff --git a/htdocs/index.php b/htdocs/index.php
index e183933843f..1608caea122 100644
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -19,9 +19,9 @@
  */
 
 /**
- \file       htdocs/index.php
- \brief      Page accueil par defaut
- \version    $Id$
+ *	\file       htdocs/index.php
+ *	\brief      Page accueil par defaut
+ *	\version    $Id$
  */
 
 require("./pre.inc.php");