#proc_doc ad_check_password { user_id password_from_form } { Returns 1 if the password is correct for the given user ID. } {
#
#    if { ![db_0or1row password_select {select password, salt from users where user_id = :user_id}] } {
#	return 0
#    }
#
#    if { [string compare $password [ns_sha1 "$password_from_form$salt"]] } {
#	return 0
#    }
#
#    return 1
#}

# modified password-checking to support legacy ACS3.x passwords
# (omitted) is hard-coded as the crypt salt that is passed to ns_crypt, which we found by looking at the parameters file.
proc_doc ad_check_password { user_id password_from_form } { Returns 1 if the password is correct for the given user ID. } {

    if { ![db_0or1row password_select {select password, salt from users where user_id = :user_id}] } {
	return 0
    }

    if { [string equal [string trim $password] [string trim [ns_sha1 "$password_from_form$salt"]]] } {
	return 1
    } elseif { [string equal [string trim $password] [string trim [ns_crypt $password_from_form (omitted)]]] } {
	return 1
    } else {
	return 0
    }
}