From d7c284244bd8f74962d71d55c432e5e73081de1f Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Mon, 31 Dec 2007 11:56:30 +0000
Subject: [PATCH] Fix: Test mot de passe incorrect en mode crypte

---
 htdocs/main.inc.php | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 3b708e04de0..e1b6b0a33fe 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -211,7 +211,10 @@ if (! isset($_SESSION["dol_login"]))
 			$table = MAIN_DB_PREFIX."user";
 	    	$usernamecol = 'login';
 	    	
-	    	$sql='SELECT '.$fieldtotest.' as password from '.$table.' where '.$usernamecol." = '".addslashes($_POST["username"])."'";
+	    	$sql ='SELECT pass, pass_crypted';
+	    	$sql.=' from '.$table;
+	    	$sql.=' where '.$usernamecol." = '".addslashes($_POST["username"])."'";
+
 	    	dolibarr_syslog("main.inc::get password sql=".$sql);
 	    	$resql=$db->query($sql);
 	    	if ($resql)
@@ -219,9 +222,23 @@ if (! isset($_SESSION["dol_login"]))
 	    		$obj=$db->fetch_object($resql);
 	    		if ($obj)
 	    		{
-	    			$password=$obj->password;
-	    			if ($cryptType == 'md5') $password=md5($password);
-	    			if ($password == $_POST["password"])
+	    			$passclear=$obj->pass;
+	    			$passcrypted=$obj->pass_crypted;
+	    			$passtyped=$_POST["password"];
+
+	    			$passok=false;
+	    			if ($cryptType == 'md5') 
+	    			{
+	    				if (md5($passtyped) == $passcrypted) $passok=true;
+	    			}
+	    			// For compatibility with old versions
+	    			if (! $passok)
+	    			{
+	    				if ($passtyped == $passclear) $passok=true;
+	    			}
+	    			
+	    			// Password ok ?
+	    			if ($passok)
 	    			{
 	        			dolibarr_syslog("Authentification ok (en mode Base Dolibarr)");
 	    				$login=$_POST["username"];