\n"; echo "-161\n"; echo "\n"; exit(); } db_init(); xml_header(); $email_addr = get_str("email_addr"); $passwd_hash = process_user_text(get_str("passwd_hash")); $user = lookup_user_email_addr($email_addr); if (!$user) { error(); } $auth_hash = md5($user->authenticator.$user->email_addr); // if no password set, set password to account key // if (!strlen($user->passwd_hash)) { $user->passwd_hash = $auth_hash; mysql_query("update user set passwd_hash='$user->passwd_hash' where id=$user->id"); } // if the given password hash matches (auth+email), accept it // if ($user->passwd_hash == $passwd_hash || $auth_hash == $passwd_hash) { echo "\n"; echo "$user->authenticator\n"; echo "\n"; } else { error(); } ?>