From 23f5e53a41c763b4253dcba797c23b7c39b6ef41 Mon Sep 17 00:00:00 2001
From: Brett Profitt <brett.profitt@gmail.com>
Date: Tue, 24 Apr 2012 15:27:47 -0700
Subject: Fixed problem in web services where users with incorrect passwords
 could gain an access token.

---
 engine/lib/sessions.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'engine/lib/sessions.php')

diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 9982d9fe8..419d36707 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -127,6 +127,10 @@ function elgg_is_admin_user($user_guid) {
 /**
  * Perform user authentication with a given username and password.
  *
+ * @warning This returns an error message on failure. Use the identical operator to check
+ * for access: if (true === elgg_authenticate()) { ... }.
+ *
+ *
  * @see login
  *
  * @param string $username The username
-- 
cgit v1.2.3