Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-43639

If auth plugin prevents local passwords, then user is updated and event is triggered on every login

    XMLWordPrintable

    Details

      Description

      If you take a look at update_internal_user_password() and the auth plugin of the user prevents local passwords and we are not using the legacy hash system, then the code attempts to verify the password against $user->password which isn't a hash at all.

      Then the code thinks that the password has changed and updates the user record and then also fires the user_updated event on every user login.

        Attachments

          Activity

            People

            Assignee:
            bushido Mark Nielsen
            Reporter:
            bushido Mark Nielsen
            Peer reviewer:
            Damyon Wiese
            Integrator:
            Eloy Lafuente (stronk7)
            Tester:
            Michael de Raadt
            Participants:
            Component watchers:
            Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              8/Sep/14