From 45a6d31c4f9fec79066e2dc3f8ca198f31817b44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20S=CC=8Ckoda?= <commits@skodak.org>
Date: Tue, 18 Sep 2012 09:10:42 +0200
Subject: [PATCH] MDL-32572 always lookpup passwords only in records from
 current auth plugin

This bug should not be creating any problems thanks to our design of login process, but it should be fixed anyway.
---
 auth/db/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth/db/auth.php b/auth/db/auth.php
index 57095139adca6..fb0b95ac117a6 100644
--- a/auth/db/auth.php
+++ b/auth/db/auth.php
@@ -65,7 +65,7 @@ function user_login($username, $password) {
                 $authdb->Close();
                 // user exists externally
                 // check username/password internally
-                if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id))) {
+                if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id, 'auth'=>$this->authtype))) {
                     return validate_internal_user_password($user, $password);
                 }
             } else {