Browse Source

valid OTP code should not be enough to login, oops

master
Andrew Dolgov 1 year ago
parent
commit
4949e1a590
  1. 2
      plugins/auth_internal/init.php

2
plugins/auth_internal/init.php

@ -50,7 +50,7 @@ class Auth_Internal extends Auth_Base {
return false;
} */
if (UserHelper::check_otp($user_id, $otp))
if ($this->check_password($user_id, $password) && UserHelper::check_otp($user_id, $otp))
return $user_id;
else
return false;

Loading…
Cancel
Save