From 7f16656eb7aea169fca6732ccd74ceffd13a1984 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@bah.spb.su>
Date: Tue, 7 Mar 2006 12:25:44 +0100
Subject: remove support for plain-text passwords

---
 functions.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'functions.php')

diff --git a/functions.php b/functions.php
index 931774cfd..a7a17f9b5 100644
--- a/functions.php
+++ b/functions.php
@@ -740,8 +740,7 @@
 		$pwd_hash = 'SHA1:' . sha1($password);
 
 		$result = db_query($link, "SELECT id,login,access_level FROM ttrss_users WHERE 
-			login = '$login' AND ((pwd_hash = '$password' AND '$password' = 'password')
-				OR pwd_hash = '$pwd_hash')");
+			login = '$login' AND pwd_hash = '$pwd_hash'");
 
 		if (db_num_rows($result) == 1) {
 			$_SESSION["uid"] = db_fetch_result($result, 0, "id");
-- 
cgit v1.2.3-54-g00ecf