mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-05 00:12:42 +02:00
Code Issues Projects Releases Wiki Activity

MDL-63994 login: Improve the logintoken param input

Browse Source 
The logintoken is supposed to arrive as a part of the login form ($frm)
together with the username and password. So it should be handled the
same way - including the opportunity for the auth plugins to provide the
form data via the loginpage_hook().

This also implies that only logintoken coming as a part of the POST
request are taken into account, which is a good thing and another thin
layer in this security mechanism.
This commit is contained in:
David Mudrák 2018-11-15 20:35:46 +01:00
parent 667f564b4d
commit e4a97a7a01
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
login/index.php
View File

@ -31,7 +31,6 @@ redirect_if_major_upgrade_required();
$testsession = optional_param('testsession', 0, PARAM_INT); // test session works properly
$anchor = optional_param('anchor', '', PARAM_RAW); // Used to restore hash anchor to wantsurl.
$logintoken = optional_param('logintoken', '', PARAM_RAW); // Used to validate the request.
$resendconfirmemail = optional_param('resendconfirmemail', false, PARAM_BOOL);
@ -140,6 +139,7 @@ if ($frm and isset($frm->username)) { // Login WITH
$frm = false;
} else {
if (empty($errormsg)) {
$logintoken = isset($frm->logintoken) ? $frm->logintoken : '';
$user = authenticate_user_login($frm->username, $frm->password, false, $errorcode, $logintoken);
}
}