save module user authenticated with, only allow password change if module is 'internal'

3 files changed, 5 insertions, 4 deletions

diff --git a/classes/auth_remote.php b/classes/auth_remote.php
index 789976050..6892a3528 100644
--- a/classes/auth_remote.php
+++ b/classes/auth_remote.php
@@ -31,7 +31,6 @@ class Auth_Remote extends Auth_Base {
 				$_SESSION["fake_password"] = "******";
 				$_SESSION["hide_hello"] = true;
 				$_SESSION["hide_logout"] = true;
-				$_SESSION["hide_change_password"] = true;
 
 				// LemonLDAP can send user informations via HTTP HEADER
 				if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
diff --git a/classes/pref_prefs.php b/classes/pref_prefs.php
index 9d2095217..5339095ba 100644
--- a/classes/pref_prefs.php
+++ b/classes/pref_prefs.php
@@ -214,7 +214,7 @@ class Pref_Prefs extends Protected_Handler {
 
 		print "</form>";
 
-		if (!SINGLE_USER_MODE && !$_SESSION["hide_change_password"]) {
+		if (!SINGLE_USER_MODE && $_SESSION["auth_module"] == 'internal') {
 
 			$result = db_query($this->link, "SELECT id FROM ttrss_users
 				WHERE id = ".$_SESSION["uid"]." AND pwd_hash
diff --git a/include/functions.php b/include/functions.php
index dfe48c596..a2e164416 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -693,7 +693,10 @@
 
 					$user_id = (int) $authenticator->authenticate($login, $password);
 
-					if ($user_id) break;
+					if ($user_id) {
+						$_SESSION["auth_module"] = $module;
+						break;
+					}
 
 				} else {
 					print T_sprintf("Fatal: authentication module %s not found.", $module);
@@ -734,7 +737,6 @@
 
 			$_SESSION["hide_hello"] = true;
 			$_SESSION["hide_logout"] = true;
-			$_SESSION["hide_change_password"] = true;
 
 			if (!$_SESSION["csrf_token"]) {
 				$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));