From 4949e1a59059d9e72ba7a98f783cec312c06c6d2 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 12 Mar 2021 07:32:15 +0300
Subject: [PATCH] valid OTP code should not be enough to login, oops

---
 plugins/auth_internal/init.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php
index 9155f8165..e63263a5d 100644
--- a/plugins/auth_internal/init.php
+++ b/plugins/auth_internal/init.php
@@ -50,7 +50,7 @@ class Auth_Internal extends Auth_Base {
 						return false;
 					} */
 
-					if (UserHelper::check_otp($user_id, $otp))
+					if ($this->check_password($user_id, $password) && UserHelper::check_otp($user_id, $otp))
 						return $user_id;
 					else
 						return false;