From: martinlanghoff <martinlanghoff>
Date: Wed, 27 Feb 2008 02:56:48 +0000 (+0000)
Subject: MDL-90 authenticate_user_login() - don't accidentally return a bogus $user
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=a668c808450df1e736865cd36afaeb95fb72cc64;p=moodle.git

MDL-90 authenticate_user_login() - don't accidentally return a bogus $user

While I don't quite understand why we need that $user->id=0, at
_least_ make double sure we don't return it! Callers assume
that if we return an object===success and a user acct that just does
not exist will return an dummy object.
---

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index ab0cd992cb..66c37bff81 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -3059,8 +3059,10 @@ function authenticate_user_login($username, $password) {
             }
         }
 
+        if ($user->id===0) {
+            return false;
+        }
         return $user;
-
     }
 
     // failed if all the plugins have failed