From: skodak Date: Sat, 26 Sep 2009 20:17:57 +0000 (+0000) Subject: MDL-19269 Deleted internal auth users - handling is buggy; credit Martin Langhoff X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=6d7fa5d8d862370410ed701cfdedf18d51edb7c2;p=moodle.git MDL-19269 Deleted internal auth users - handling is buggy; credit Martin Langhoff --- diff --git a/lib/moodlelib.php b/lib/moodlelib.php index d9f8842315..013273660e 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -3493,14 +3493,15 @@ function authenticate_user_login($username, $password) { error_log('[client '.getremoteaddr()."] $CFG->wwwroot Disabled Login: $username ".$_SERVER['HTTP_USER_AGENT']); return false; } - if (!empty($user->deleted)) { - add_to_log(0, 'login', 'error', 'index.php', $username); - error_log('[client '.getremoteaddr()."] $CFG->wwwroot Deleted Login: $username ".$_SERVER['HTTP_USER_AGENT']); - return false; - } $auths = array($auth); } else { + // check if there's a deleted record (cheaply) + if ($DB->get_field('user', 'id', array('username'=>$username, 'deleted'=>1))) { + error_log('[client '.$_SERVER['REMOTE_ADDR']."] $CFG->wwwroot Deleted Login: $username ".$_SERVER['HTTP_USER_AGENT']); + return false; + } + $auths = $authsenabled; $user = new object(); $user->id = 0; // User does not exist