[dev] Auth::authenticate() doesn't work as documented

[Chuck Hagenbuch]

Quoting Eric Rostetter <eric.rostetter@physics.utexas.edu>:

>      * Find out if a set of login credentials are valid, and if
>      * requested, mark the user as logged in in the current session.
> 
> When what it really does is more like:
> 
>      * Check if a user is logged in. If not, validate if the set of passed
>      * login credentials are valid.  If the credentials are valid,  and if
>      * requested, mark the user as logged in in the current session.
> 
> The main point is, if the user (via username) is already considered
> logged in, the credentials (e.g. password) are *never* checked.
> 
> So the questions is:  Are the docs/comments wrong, or is the function
> wrong?

Hmm. I think the docs, but I'm open to feedback.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"People ask me all the time what it will be like living without otters."
 - Google, thanks to Harpers