From 7972151d0448b99e0ba28c819a698757c27c1d55 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 23 Oct 2014 13:13:09 -0400
Subject: [PATCH] Merge branch 'stable-3.0.5'

---
 interface/web/login/index.php |   18 +++++++++++++++++-
 1 files changed, 17 insertions(+), 1 deletions(-)

diff --git a/interface/web/login/index.php b/interface/web/login/index.php
index 951dbaf..80c4d17 100644
--- a/interface/web/login/index.php
+++ b/interface/web/login/index.php
@@ -160,7 +160,7 @@
 					} else {
 						if(stristr($username, '@')) {
 							//* mailuser login
-							$sql = "SELECT * FROM mail_user WHERE login = '$username'";
+							$sql = "SELECT * FROM mail_user WHERE login = '$username' or email = '$username'";
 							$mailuser = $app->db->queryOneRecord($sql);
 							$user = false;
 							if($mailuser) {
@@ -196,6 +196,13 @@
 								if(substr($saved_password, 0, 3) == '$1$') {
 									//* The password is crypt-md5 encrypted
 									$salt = '$1$'.substr($saved_password, 3, 8).'$';
+
+									if(crypt(stripslashes($passwort), $salt) != $saved_password) {
+										$user = false;
+									}
+								} elseif(substr($saved_password, 0, 3) == '$5$') {
+									//* The password is crypt-sha256 encrypted
+									$salt = '$5$'.substr($saved_password, 3, 16).'$';
 
 									if(crypt(stripslashes($passwort), $salt) != $saved_password) {
 										$user = false;
@@ -318,6 +325,15 @@
 			$error = '<div class="box box_error"><h1>Error</h1>'.$error.'</div>';
 		}
 		
+		$app->load('getconf');
+
+		$security_config = $app->getconf->get_security_config('permissions');
+		if($security_config['password_reset_allowed'] == 'yes') {
+			$app->tpl->setVar('pw_lost_show', 1);
+		} else {
+			$app->tpl->setVar('pw_lost_show', 0);
+		}
+		
 		$app->tpl->setVar('error', $error);
 		$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
 		$app->tpl->setVar('username_txt', $app->lng('username_txt'));

--
Gitblit v1.9.1