Fixed problem in web services where users with incorrect passwords could gain an access token.

author: Brett Profitt <brett.profitt@gmail.com> 2012-04-24 15:27:47 -0700
committer: Brett Profitt <brett.profitt@gmail.com> 2012-04-24 15:27:47 -0700
commit: 23f5e53a41c763b4253dcba797c23b7c39b6ef41 (patch)
tree: 2d44f91d211665b9662861f889ac4352f9a7e8c7 /engine/lib/sessions.php
parent: ec474c8f70406149ec515a0e09020ecd1b5292ec (diff)
download: elgg-23f5e53a41c763b4253dcba797c23b7c39b6ef41.tar.gz
elgg-23f5e53a41c763b4253dcba797c23b7c39b6ef41.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 9982d9fe8..419d36707 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -127,6 +127,10 @@ function elgg_is_admin_user($user_guid) {
 /**
  * Perform user authentication with a given username and password.
  *
+ * @warning This returns an error message on failure. Use the identical operator to check
+ * for access: if (true === elgg_authenticate()) { ... }.
+ *
+ *
  * @see login
  *
  * @param string $username The username
author	Brett Profitt <brett.profitt@gmail.com>	2012-04-24 15:27:47 -0700
committer	Brett Profitt <brett.profitt@gmail.com>	2012-04-24 15:27:47 -0700
commit	23f5e53a41c763b4253dcba797c23b7c39b6ef41 (patch)
tree	2d44f91d211665b9662861f889ac4352f9a7e8c7 /engine/lib/sessions.php
parent	ec474c8f70406149ec515a0e09020ecd1b5292ec (diff)
download	elgg-23f5e53a41c763b4253dcba797c23b7c39b6ef41.tar.gz elgg-23f5e53a41c763b4253dcba797c23b7c39b6ef41.tar.bz2