valid OTP code should not be enough to login, oops

3 years ago · 4949e1a590
parent 146b1e0feb
commit 4949e1a590
1 changed files with 1 additions and 1 deletions
--- a/plugins/auth_internal/init.php
+++ b/plugins/auth_internal/init.php
@ -50,7 +50,7 @@ class Auth_Internal extends Auth_Base {
 						return false;
 					} */

-					if (UserHelper::check_otp($user_id, $otp))
+					if ($this->check_password($user_id, $password) && UserHelper::check_otp($user_id, $otp))
 						return $user_id;
 					else
 						return false;