From b09856545d766eb5fb10d7efde1a7b102a0e5b12 Mon Sep 17 00:00:00 2001
From: Sam Minnee <sam@silverstripe.com>
Date: Wed, 27 Feb 2008 04:36:18 +0000
Subject: [PATCH] Added support for password and old_password encryption
 mechanisms if you're using MySQL

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.2.2@50283 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 security/Security.php | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/security/Security.php b/security/Security.php
index 556606f31..b5aebcf19 100644
--- a/security/Security.php
+++ b/security/Security.php
@@ -647,6 +647,15 @@ class Security extends Controller {
 				}
 			}
 		}
+		
+		// Support for MySQL password() and old_password() functions.  These aren't recommended unless you need them,
+		// but can be helpful for migrating legacy user-sets into a SilverStripe application.
+		// Since DB::getConn() doesn't exist yet, we need to look at $databaseConfig. Gack!
+		global $databaseConfig;
+		if($databaseConfig['type'] == 'MySQLDatabase') {
+			$result[] = 'password';
+			$result[] = 'old_password';
+		}
 
 		return $result;
 	}
@@ -748,6 +757,17 @@ class Security extends Controller {
 			// Just use the default encryption algorithm
 			$algorithm = self::$encryptionAlgorithm;
 		}
+		
+		// Support for MySQL password() and old_password() authentication
+		if(strtolower($algorithm) == 'password' || strtolower($algorithm) == 'old_password') {
+			$SQL_password = Convert::raw2sql($password);
+			$enc = DB::query("SELECT $algorithm('$SQL_password')")->value();
+			return array(
+				'password' => $enc,
+				'salt' => null,
+				'algorithm' => $algorithm,
+			);
+		}
 
 
 		// If no salt was provided but we need one we just generate a random one
@@ -760,7 +780,7 @@ class Security extends Controller {
 		}
 
 
-    // Encrypt the password
+    	// Encrypt the password
 		if(function_exists('hash')) {
 			$password = hash($algorithm, $password . $salt);
 		} else {