[dev] Auth::authenticate() doesn't work as documented
Eric Rostetter
eric.rostetter at physics.utexas.edu
Fri Dec 6 19:09:12 2002
While playing with passwd, I tried to use Auth::authenticate() but found
it not to work as documented (so used Auth::setAuth() instead).
It says:
* Find out if a set of login credentials are valid, and if
* requested, mark the user as logged in in the current session.
When what it really does is more like:
* Check if a user is logged in. If not, validate if the set of passed
* login credentials are valid. If the credentials are valid, and if
* requested, mark the user as logged in in the current session.
The main point is, if the user (via username) is already considered logged
in, the credentials (e.g. password) are *never* checked.
So the questions is: Are the docs/comments wrong, or is the function wrong?
--
Eric Rostetter
The Department of Physics
The University of Texas at Austin
Why get even? Get odd!
More information about the dev
mailing list