- $res = $globals->db->query( "SELECT user_id,password FROM {$globals->tauth['native']} WHERE username='{$_REQUEST['login']}'");
-
- if (!list($uid,$password) = mysql_fetch_row($res)) {
+ // lookup user
+ $res = $globals->db->query("SELECT user_id,username,password,firstname,lastname,perms FROM {$globals->tauth['native']} WHERE username='{$_REQUEST['login']}'");
+ if (!list($uid,$username,$password,$firstname,$lastname,$perms) = mysql_fetch_row($res)) {
$page->info(__("Authentication error!"));
$this->doLogin($page);
}
$page->info(__("Authentication error!"));
$this->doLogin($page);
}
+ mysql_free_result($res);
+ // check response
if ($_REQUEST['response'] != md5("{$_REQUEST['login']}:$password:{$this->challenge}"))
{
// log the login failure
if ($_REQUEST['response'] != md5("{$_REQUEST['login']}:$password:{$this->challenge}"))
{
// log the login failure
@@ -73,8+74,10 @@ class DiogenesSession extends DiogenesCoreSession {
}
// retrieve user info
}
// retrieve user info
- $res = $globals->db->query("select user_id,username,firstname,lastname,perms from {$globals->tauth['native']} where username='{$_REQUEST['login']}'");