valid OTP code should not be enough to login, oops

This commit is contained in:
Andrew Dolgov 2021-03-12 07:32:15 +03:00
parent 146b1e0feb
commit 4949e1a590
1 changed files with 1 additions and 1 deletions

View File

@ -50,7 +50,7 @@ class Auth_Internal extends Auth_Base {
return false;
} */
if (UserHelper::check_otp($user_id, $otp))
if ($this->check_password($user_id, $password) && UserHelper::check_otp($user_id, $otp))
return $user_id;
else
return false;