Previous patch still contained a typo. Here's a new version.
--- davical-0.9.9.4.orig/inc/HTTPAuthSession.php
+++ davical-0.9.9.4/inc/HTTPAuthSession.php
@@ -215,6 +215,14 @@
function CheckPassword( $username, $password ) {
global $c;
+ if ( ( $usr = getUserByName($username) ) &&
+ ( !isset($c->authenticate_hook) || isset($c->authenticate_hook['optional']) && $c->authenticate_hook['optional'] ) ) {
+ dbg_error_log( "BasicAuth", ":CheckPassword: Name:%s, Pass:%s, File:%s, Active:%s", $username, $password, $usr->password, ($usr->active?'Yes':'No') );
+ if ( $usr->active && session_validate_password( $password, $usr->password ) ) {
+ return $usr;
+ }
+ }
+
if ( isset($c->authenticate_hook) && isset($c->authenticate_hook['call']) && function_exists($c->authenticate_hook['call']) ) {
/**
* The authenticate hook needs to:
@@ -239,12 +247,6 @@
}
}
- if ( $usr = getUserByName($username) ) {
- dbg_error_log( "BasicAuth", ":CheckPassword: Name:%s, Pass:%s, File:%s, Active:%s", $username, $password, $usr->password, ($usr->active?'Yes':'No') );
- if ( $usr->active && session_validate_password( $password, $usr->password ) ) {
- return $usr;
- }
- }
return false;
}