MDL-34101 use current mnethostide when verifying if user deleted

authenticate_user_login() is supposed to work with local accounts only, mnet accounts must be ignored.
moodle · Jul 6, 2012 · 13951f0 · 13951f0
1 parent 2cbdaa7
commit 13951f0
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -4037,8 +4037,8 @@ function authenticate_user_login($username, $password) {
         $auths = array($auth);
 
     } else {
-        // check if there's a deleted record (cheaply)
-        if ($DB->get_field('user', 'id', array('username'=>$username, 'deleted'=>1))) {
+        // Check if there's a deleted record (cheaply), this should not happen because we mangle usernames in delete_user().
+        if ($DB->get_field('user', 'id', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id,  'deleted'=>1))) {
             error_log('[client '.getremoteaddr()."]  $CFG->wwwroot  Deleted Login:  $username  ".$_SERVER['HTTP_USER_AGENT']);
             return false;
         }