--- mod_auth_mysql-3.0.0.orig/mod_auth_mysql.c	2005-06-22 18:17:45.000000000 +0200
+++ mod_auth_mysql-3.0.0./mod_auth_mysql.c	2007-03-12 14:40:25.000000000 +0100
@@ -288,6 +288,7 @@
 static short pw_aes(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
 #endif
 static short pw_sha1(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
+static short pw_sha1_base64(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
 static short pw_plain(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt);
 
 static char * format_remote_host(request_rec * r, char ** parm);
@@ -318,7 +319,8 @@
 #if _AES
 					   {"aes", SALT_REQUIRED, pw_aes},
 #endif
-					   {"sha1", NO_SALT, pw_sha1}};
+					   {"sha1", NO_SALT, pw_sha1},
+					   {"sha1base64", NO_SALT, pw_sha1_base64}};
 typedef struct {		/* User formatting patterns */
   char pattern;			/* Pattern to match */
   char * (*func)(request_rec * r, char ** parm);
@@ -856,6 +858,19 @@
   return  strcasecmp(bin2hex(pool, scrambled_sent_pw, enc_len), real_pw) == 0;
 }
 
+/* checks base64 encoded SHA1 passwords */
+static short pw_sha1_base64(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt) {
+  char *sha1base64encoded_pw = PCALLOC(pool, 128);
+#ifdef APACHE2
+  apr_sha1_base64(sent_pw, strlen(sent_pw), sha1base64encoded_pw);
+  sha1base64encoded_pw += APR_SHA1PW_IDLEN;   /* go past {SHA1} eyecatcher */
+#else
+  ap_sha1_base64(sent_pw, strlen(sent_pw), sha1base64encoded_pw);
+  sha1base64encoded_pw += APR_SHA1PW_IDLEN;   /* go past {SHA1} eyecatcher */
+#endif
+  return strcmp(sha1base64encoded_pw, real_pw) == 0;
+}
+
 /* checks plain text passwords */
 static short pw_plain(POOL * pool, const char * real_pw, const char * sent_pw, const char * salt) {
   return strcmp(real_pw, sent_pw) == 0;