-
- $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
- $res = $globals->xdb->query(
- "SELECT u.user_id, u.password
- FROM auth_user_md5 AS u
- INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' )
- WHERE a.$field = {?} AND u.perms IN('admin','user')", $login);
-
- $logger =& Session::getMixed('log');
- if (list($uid, $password) = $res->fetchOneRow()) {
- require_once('secure_hash.inc.php');
- $expected_response=hash_encrypt("$uname:$password:{$session->challenge}");
- // le password de la base est peut-être encore encodé en md5
- if (Env::get('response') != $expected_response) {
- $new_password = hash_xor(Env::get('xorpass'), $password);
- $expected_response = hash_encrypt("$uname:$new_password:{$session->challenge}");
- if (Env::get('response') == $expected_response) {
- $globals->xdb->execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}", $new_password, $uid);
- }
- }
- if (Env::get('response') == $expected_response) {
- if (Env::has('domain')) {
- if (($domain = Env::get('domain', 'login')) == 'alias') {
- setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
- } else {
- setcookie('ORGdomain', '', (time()-3600), '/', '', 0);
- }
- // pour que la modification soit effective dans le reste de la page
- $_COOKIE['ORGdomain'] = $domain;
+ }
+
+ $field = (!$redirect && preg_match('/^\d*$/', $uname)) ? 'id' : 'alias';
+ $res = XDB::query(
+ "SELECT u.user_id, u.password
+ FROM auth_user_md5 AS u
+ INNER JOIN aliases AS a ON ( a.id=u.user_id AND type!='homonyme' )
+ WHERE a.$field = {?} AND u.perms IN('admin','user')", $login);
+
+ $logger = S::v('log');
+ if (list($uid, $password) = $res->fetchOneRow()) {
+ require_once('secure_hash.inc.php');
+ $expected_response = hash_encrypt("$uname:$password:".S::v('challenge'));
+ // le password de la base est peut-être encore encodé en md5
+ if (Env::v('response') != $expected_response) {
+ $new_password = hash_xor(Env::v('xorpass'), $password);
+ $expected_response = hash_encrypt("$uname:$new_password:".S::v('challenge'));
+ if (Env::v('response') == $expected_response) {
+ XDB::execute("UPDATE auth_user_md5 SET password = {?} WHERE user_id = {?}",
+ $new_password, $uid);
+ }
+ }
+ if (Env::v('response') == $expected_response) {
+ if (Env::has('domain')) {
+ if (($domain = Env::v('domain', 'login')) == 'alias') {
+ setcookie('ORGdomain', "alias", (time()+25920000), '/', '', 0);
+ } else {
+ setcookie('ORGdomain', '', (time()-3600), '/', '', 0);