save module user authenticated with, only allow password change if module is 'internal'

diff --git a/classes/auth_remote.php b/classes/auth_remote.php
index 789976050eafb5c98a1586ef73c54f640b521d2a..6892a3528b6d79f4f82b5b5c71586d247e1f6c10 100644 (file)
--- a/classes/auth_remote.php
+++ b/classes/auth_remote.php
@@ -31,7 +31,6 @@ class Auth_Remote extends Auth_Base {
                                $_SESSION["fake_password"] = "******";
                                $_SESSION["hide_hello"] = true;
                                $_SESSION["hide_logout"] = true;
-                               $_SESSION["hide_change_password"] = true;
 
                                // LemonLDAP can send user informations via HTTP HEADER
                                if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){

diff --git a/classes/pref_prefs.php b/classes/pref_prefs.php
index 9d2095217518fcecfe2ad9b6517cfc009533738a..5339095bac4d0e4c614bba7534d79ae6c07ab118 100644 (file)
--- a/classes/pref_prefs.php
+++ b/classes/pref_prefs.php
@@ -214,7 +214,7 @@ class Pref_Prefs extends Protected_Handler {
 
                print "</form>";
 
-               if (!SINGLE_USER_MODE && !$_SESSION["hide_change_password"]) {
+               if (!SINGLE_USER_MODE && $_SESSION["auth_module"] == 'internal') {
 
                        $result = db_query($this->link, "SELECT id FROM ttrss_users
                                WHERE id = ".$_SESSION["uid"]." AND pwd_hash

diff --git a/include/functions.php b/include/functions.php
index dfe48c596a0a167567caf13586580b84ee5ade47..a2e164416a5f0fc7fd276021b47390c67c7122df 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -693,7 +693,10 @@
 
                                        $user_id = (int) $authenticator->authenticate($login, $password);
 
-                                       if ($user_id) break;
+                                       if ($user_id) {
+                                               $_SESSION["auth_module"] = $module;
+                                               break;
+                                       }
 
                                } else {
                                        print T_sprintf("Fatal: authentication module %s not found.", $module);
@@ -734,7 +737,6 @@
 
                        $_SESSION["hide_hello"] = true;
                        $_SESSION["hide_logout"] = true;
-                       $_SESSION["hide_change_password"] = true;
 
                        if (!$_SESSION["csrf_token"]) {
                                $_SESSION["csrf_token"] = sha1(uniqid(rand(), true));