Fix [ 1722235 ] Encryption for password wrongly managed

2008-02-14 03:32:55 +00:00 · 2008-02-14 03:32:55 +00:00 · 50d0a61176
parent 8459f86e36
commit 50d0a61176
1 changed files with 2 additions and 1 deletions
--- a/base/src/org/compiere/util/Login.java
+++ b/base/src/org/compiere/util/Login.java
@ -254,7 +254,8 @@ public class Login
 			.append(" AND u.IsActive='Y'")
 			.append(" AND EXISTS (SELECT * FROM AD_Client c WHERE u.AD_Client_ID=c.AD_Client_ID AND c.IsActive='Y')");
 		if (app_pwd != null)
-			sql.append(" AND (u.Password=? OR u.Password=?)");	//  #2/3
+			sql.append(" AND ((u.Password=? AND (SELECT IsEncrypted FROM AD_Column WHERE AD_Column_ID=417)='N') " 
+					+     "OR (u.Password=? AND (SELECT IsEncrypted FROM AD_Column WHERE AD_Column_ID=417)='Y'))");	//  #2/3
 		sql.append(" ORDER BY r.Name");
 		PreparedStatement pstmt = null;
 		ResultSet rs = null;