From 93011c98833f1a737c817fde4a8ce4ad5c8fef52 Mon Sep 17 00:00:00 2001
From: james <james>
Date: Mon, 19 Nov 2007 21:28:15 +0000
Subject: [PATCH] Cannot check for valid password when authenticating, because
 people might have passwords that dont match the "new" requirements Also
 simplify some of the code (why bother assigning temp vars just to compare?)

---
 user_login.php | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/user_login.php b/user_login.php
index 42c9e1e3..f62216fb 100644
--- a/user_login.php
+++ b/user_login.php
@@ -30,13 +30,16 @@
  {
 	/* Ensure sanity of inputs, user should be an email address, but it's stored
 	 * in the username field */
-	$x = isEmailAddress($user);
-	if($x == false) {
+	if(!isEmailAddress($user)) {
 		/* It's possible that it's a username */
-		if(user_valid_user($user) == false) return false;
+		if(!user_valid_user($user)) return false;
 	}
-	$x = user_valid_password($pass);
-	if($x == false) return false;
+
+	//we cannot check for a valid_password here, because converted users dont enforce password length of 6 which user_valid_password does.
+	//all we can do is check if its a length >0
+	//$x = user_valid_password($pass);
+	if(!strlen($pass))
+		return false;
 
 	$q = mysql_query("SELECT id,username,password 
 				FROM users