save module user authenticated with, only allow password change if module is 'internal'

2025-12-19 11:41:29 +00:00 · 2012-08-16 16:00:50 +04:00
parent 1e666f0aeb
commit 200e0d4ebb
3 changed files with 5 additions and 4 deletions
--- a/include/functions.php
+++ b/include/functions.php
@@ -693,7 +693,10 @@

 					$user_id = (int) $authenticator->authenticate($login, $password);

-					if ($user_id) break;
+					if ($user_id) {
+						$_SESSION["auth_module"] = $module;
+						break;
+					}

 				} else {
 					print T_sprintf("Fatal: authentication module %s not found.", $module);
@@ -734,7 +737,6 @@

 			$_SESSION["hide_hello"] = true;
 			$_SESSION["hide_logout"] = true;
-			$_SESSION["hide_change_password"] = true;

 			if (!$_SESSION["csrf_token"]) {
 				$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));