--- dbmail-1.0/mysql/dbauthmysql.c	2002-12-03 18:32:16.000000000 +0200
+++ dbmail-1.0-md5/mysql/dbauthmysql.c	2003-02-04 18:20:36.000000000 +0200
@@ -628,13 +628,19 @@
   char timestr[30];
   time_t td;
   struct tm tm;
+  char salt[13];
+  char checkstring[40];
+  unsigned char *md5hash;
+  
+  char *cryptres, *cryptpass;
+  int res;
+         
 
   time(&td);              /* get time */
   tm = *localtime(&td);   /* get components */
   strftime(timestr, sizeof(timestr), "%G-%m-%d %H:%M:%S", &tm);
 
-  snprintf(__auth_query_data, AUTH_QUERY_SIZE, "SELECT user_idnr, passwd, encryption_type FROM users "
-	   "WHERE userid = '%s'", user);
+  snprintf(__auth_query_data, AUTH_QUERY_SIZE, "SELECT user_idnr, passwd, encryption_type FROM users WHERE userid = '%s'", user);
 
   if (__auth_query(__auth_query_data)==-1)
     {
@@ -653,9 +659,14 @@
   if (!__auth_row)
     {
       /* user does not exist */
+      trace (TRACE_DEBUG,"auth_validate(): no such user");
       mysql_free_result(__auth_res);
       return 0;
     }
+    
+   trace (TRACE_DEBUG,"auth_validate(): user_idnr: %s", __auth_row[0]);
+   trace (TRACE_DEBUG,"auth_validate(): passwd: %s", __auth_row[1]);
+   trace (TRACE_DEBUG,"auth_validate(): encryptype: %s", __auth_row[2]);
 
   if (!__auth_row[2] || strcasecmp(__auth_row[2], "") == 0)
     {
@@ -667,6 +678,25 @@
       trace (TRACE_DEBUG,"auth_validate(): validating using crypt() encryption");
       is_validated = (strcmp( crypt(password, __auth_row[1]), __auth_row[1]) == 0) ? 1 : 0;
     }
+  else if ( strcasecmp(__auth_row[2], "md5") == 0)
+    {
+      trace (TRACE_DEBUG,"auth_validate(): validating using MD5 hash comparison");
+      
+      cryptpass = (char *) __auth_row[1];
+      cryptres = (char *) malloc(34*sizeof(char));
+      strncpy (salt, __auth_row[1], 12);
+      
+      trace (TRACE_DEBUG,"auth_validate(): using salt: %s", salt);      
+      strcpy(cryptres, (char *) crypt(password, cryptpass));
+      trace (TRACE_DEBUG,"auth_validate(): hash   : %s", cryptpass);
+      trace (TRACE_DEBUG,"auth_validate(): crypt(): %s", cryptres);
+      
+      
+      res = strcmp(cryptpass, cryptres);
+      
+      is_validated = (strcmp(cryptpass, cryptres) == 0) ? 1 : 0;
+    }
+                       
   
   if (is_validated)
     {
@@ -726,7 +756,7 @@
 	
   __auth_row = mysql_fetch_row(__auth_res);
 	
-	/* now authenticate using MD5 hash comparisation 
+	/* now authenticate using MD5 hash comparison 
 	 * __auth_row[0] contains the password */
 
   trace (TRACE_DEBUG,"auth_md5_validate(): apop_stamp=[%s], userpw=[%s]",apop_stamp,__auth_row[0]);