From a43416dbb2019980913fbb6449adbe2e6a3fbea9 Mon Sep 17 00:00:00 2001
From: Nils Adermann <naderman@naderman.de>
Date: Sat, 31 Mar 2007 16:44:18 +0000
Subject: - acp popup, shouldn't require 700 px width - throw an error if an
 image that's edited into an imageset doesn't exist - convert the password not
 its hash ;-) - only update user_login_attempts if necessary - make password
 requirements even clearer

git-svn-id: file:///svn/phpbb/trunk@7250 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/auth/auth_db.php | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'phpBB/includes/auth/auth_db.php')

diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php
index afea47d1c1..ff073c1fb7 100644
--- a/phpBB/includes/auth/auth_db.php
+++ b/phpBB/includes/auth/auth_db.php
@@ -114,7 +114,7 @@ function login_db(&$username, &$password)
 			}
 
 			// cp1252 is phpBB2's default encoding, characters outside ASCII range might work when converted into that encoding
-			if (md5($password_old_format) == $row['user_password'] || utf8_to_cp1252(md5($password_old_format)) == $row['user_password'])
+			if (md5($password_old_format) == $row['user_password'] || md5(utf8_to_cp1252($password_old_format)) == $row['user_password'])
 			{
 				// Update the password in the users table to the new format and remove user_pass_convert flag
 				$sql = 'UPDATE ' . USERS_TABLE . '
@@ -147,11 +147,14 @@ function login_db(&$username, &$password)
 	// Check password ...
 	if (!$row['user_pass_convert'] && md5($password) == $row['user_password'])
 	{
-		// Successful, reset login attempts (the user passed all stages)
-		$sql = 'UPDATE ' . USERS_TABLE . '
-			SET user_login_attempts = 0
-			WHERE user_id = ' . $row['user_id'];
-		$db->sql_query($sql);
+		if ($row['user_login_attempts'] != 0)
+		{
+			// Successful, reset login attempts (the user passed all stages)
+			$sql = 'UPDATE ' . USERS_TABLE . '
+				SET user_login_attempts = 0
+				WHERE user_id = ' . $row['user_id'];
+			$db->sql_query($sql);
+		}
 
 		// User inactive...
 		if ($row['user_type'] == USER_INACTIVE || $row['user_type'] == USER_IGNORE)
-- 
cgit v1.2.1