From 200e0d4ebbd98da452c3eb120cb55b155764f614 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Thu, 16 Aug 2012 16:00:50 +0400
Subject: save module user authenticated with, only allow password change if
 module is 'internal'

---
 include/functions.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'include/functions.php')

diff --git a/include/functions.php b/include/functions.php
index dfe48c596..a2e164416 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -693,7 +693,10 @@
 
 					$user_id = (int) $authenticator->authenticate($login, $password);
 
-					if ($user_id) break;
+					if ($user_id) {
+						$_SESSION["auth_module"] = $module;
+						break;
+					}
 
 				} else {
 					print T_sprintf("Fatal: authentication module %s not found.", $module);
@@ -734,7 +737,6 @@
 
 			$_SESSION["hide_hello"] = true;
 			$_SESSION["hide_logout"] = true;
-			$_SESSION["hide_change_password"] = true;
 
 			if (!$_SESSION["csrf_token"]) {
 				$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
-- 
cgit v1.2.3