diff --git a/code/web/public_php/login/class/ConnectionHandler.php b/code/web/public_php/login/class/ConnectionHandler.php index a4d805e34..6a29fbb2a 100644 --- a/code/web/public_php/login/class/ConnectionHandler.php +++ b/code/web/public_php/login/class/ConnectionHandler.php @@ -40,16 +40,15 @@ class ConnectionHandler private function askSalt($login, $lang) { setMsgLanguage($lang); - $escaped_login = $mysqli->escape_string($login); + $escaped_login = $this->db_Connection->escape_string($login); if ($stmt = $this->db_Connection->prepare('SELECT Password FROM user WHERE Login=\'?\' LIMIT 1')) { - if ($stmt = mysqli_prepare('SELECT TOP 1 Password FROM user WHERE Login=\'?\'')) { $stmt->bind_param("s", $escaped_login); $stmt->execute(); - $stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link))); - if ($stmt->num_rows == 1 && $stmt->fetch()) { - $salt = get_salt($password); + $stmt->bind_result($password) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, $this->db_Connection->error)); + if ($stmt->fetch() && $stmt->num_rows == 1) { + $salt = '1:' . get_salt($password); } else { - die(errorMsgBlock(2001, $login, 'askSalt')); + $salt = errorMsgBlock(2001, $login, 'askSalt'); } $stmt->close(); } @@ -113,10 +112,10 @@ class ConnectionHandler { switch ($command->cmd) { case 'ask': - echo '1:' . askSalt($command->login, $command->submittedLang); + echo askSalt($command->login, $command->submittedLang); break; case 'login-https': - $salt = askSalt($command->login, $command->submittedLang); + $salt = substr(askSalt($command->login, $command->submittedLang), 2); $generated_password = crypt($command->password, sprintf('$6$rounds=%d$%s$', 5000, $salt)); login($command->login, $generated_password, $command->clientApplication, $command->cp, $command->submittedLang); break;