diff options
Diffstat (limited to 'phpBB/includes/auth/auth_db.php')
| -rw-r--r-- | phpBB/includes/auth/auth_db.php | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/phpBB/includes/auth/auth_db.php b/phpBB/includes/auth/auth_db.php index d91655ff04..3666eeb105 100644 --- a/phpBB/includes/auth/auth_db.php +++ b/phpBB/includes/auth/auth_db.php @@ -1,24 +1,27 @@ <?php +// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. // -// Authentication plug-ins is largely down to -// Sergey Kanareykin, our thanks to him. +// This is for authentication via the integrated user table // +// You can do any kind of checking you like here ... the return data format is +// either the resulting row of user information, an integer zero (indicating an +// inactive user) or some error string function login_db(&$username, &$password) { - global $db, $board_config; + global $db, $config; $sql = "SELECT user_id, username, user_password, user_email, user_active FROM " . USERS_TABLE . " - WHERE username = '" . str_replace("\'", "''", $username) . "'"; + WHERE username = '" . $db->sql_escape($username) . "'"; $result = $db->sql_query($sql); - if ( $row = $db->sql_fetchrow($result) ) + if ($row = $db->sql_fetchrow($result)) { $db->sql_freeresult($result); - if ( md5($password) == $row['user_password'] && $row['user_active'] ) + if (md5($password) == $row['user_password']) { - return $row; + return (empty($row['user_active'])) ? 0 : $row; } } |