Permalink
Browse files

MDL-19269 Deleted internal auth users - handling is buggy; credit Mar…

…tin Langhoff
  • Loading branch information...
1 parent 3cc5c93 commit 9afbbd3834f3e37c2c14b2376581d154fd956746 skodak committed Sep 26, 2009
Showing with 6 additions and 5 deletions.
  1. +6 −5 lib/moodlelib.php
View
@@ -3139,14 +3139,15 @@ function authenticate_user_login($username, $password) {
error_log('[client '.getremoteaddr()."] $CFG->wwwroot Disabled Login: $username ".$_SERVER['HTTP_USER_AGENT']);
return false;
}
- if (!empty($user->deleted)) {
- add_to_log(0, 'login', 'error', 'index.php', $username);
- error_log('[client '.getremoteaddr()."] $CFG->wwwroot Deleted Login: $username ".$_SERVER['HTTP_USER_AGENT']);
- return false;
- }
$auths = array($auth);
} else {
+ // check if there's a deleted record (cheaply)
+ if (get_field('user', 'id', 'username', $username, 'deleted', 1, '')) {
+ error_log('[client '.$_SERVER['REMOTE_ADDR']."] $CFG->wwwroot Deleted Login: $username ".$_SERVER['HTTP_USER_AGENT']);
+ return false;
+ }
+
$auths = $authsenabled;
$user = new object();
$user->id = 0; // User does not exist

0 comments on commit 9afbbd3

Please sign in to comment.