[dev] Auth::authenticate() doesn't work as documented

Jan Schneider jan at horde.org
Sat Dec 7 10:54:53 2002


Zitat von Chuck Hagenbuch <chuck@horde.org>:

> Quoting Eric Rostetter <eric.rostetter@physics.utexas.edu>:
> 
> >      * Find out if a set of login credentials are valid, and if
> >      * requested, mark the user as logged in in the current session.
> >
> > When what it really does is more like:
> >
> >      * Check if a user is logged in. If not, validate if the set of
> passed
> >      * login credentials are valid.  If the credentials are valid,  and
> if
> >      * requested, mark the user as logged in in the current session.
> >
> > The main point is, if the user (via username) is already considered
> > logged in, the credentials (e.g. password) are *never* checked.
> >
> > So the questions is:  Are the docs/comments wrong, or is the function
> > wrong?
> 
> Hmm. I think the docs, but I'm open to feedback.

I think we can change the function to match the docs. That's at least what
I'd associate from the function name. And it doesn't produce too much
overhead as the function is called only once anyway.

Jan.

--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft


More information about the dev mailing list