MDL-32572 always lookpup passwords only in records from current auth plugin
authorPetr Škoda <commits@skodak.org>
Tue, 18 Sep 2012 07:10:42 +0000 (09:10 +0200)
committerPetr Škoda <commits@skodak.org>
Tue, 18 Sep 2012 08:38:29 +0000 (10:38 +0200)
This bug should not be creating any problems thanks to our design of login process, but it should be fixed anyway.

auth/db/auth.php

index 5709513..fb0b95a 100644 (file)
@@ -65,7 +65,7 @@ class auth_plugin_db extends auth_plugin_base {
                 $authdb->Close();
                 // user exists externally
                 // check username/password internally
-                if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id))) {
+                if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id, 'auth'=>$this->authtype))) {
                     return validate_internal_user_password($user, $password);
                 }
             } else {