From 07182c8e7681b146012bcd4eda1ebd5894a00761 Mon Sep 17 00:00:00 2001
From: Kumi <git@kumi.email>
Date: Sun, 21 Aug 2022 06:29:56 +0000
Subject: [PATCH] Improve user_login

---
 auth.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/auth.php b/auth.php
index 4c3a22e..3eb5441 100644
--- a/auth.php
+++ b/auth.php
@@ -59,7 +59,9 @@ class auth_plugin_crewauth extends auth_plugin_base {
     function user_login ($username, $password) {
         global $CFG, $DB;
         if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id))) {
-            return $password == $user->password || validate_internal_user_password($user, $password);
+            # Rationale: It seems the password is hashed the first time this is called,
+            # but it still returns false. Calling it twice works around that.
+            return validate_internal_user_password($user, $password) || validate_internal_user_password($user, $password);
         }
 
         if (is_numeric($username) && ((string)(int) $username) != $username) {