From c13ed298bb7a48bf25d52eeb6c5addcb70d8daaa Mon Sep 17 00:00:00 2001
From: ntoniazzi <nicolas@toniazzi.net>
Date: Mon, 21 Nov 2016 14:44:17 +0100
Subject: [PATCH] Fix APR1_MD5::check call

$password and $crypted where swapped
---
 modules/authcrypt/lib/Auth/Source/Htpasswd.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/authcrypt/lib/Auth/Source/Htpasswd.php b/modules/authcrypt/lib/Auth/Source/Htpasswd.php
index 9d416bd05..99923e18f 100644
--- a/modules/authcrypt/lib/Auth/Source/Htpasswd.php
+++ b/modules/authcrypt/lib/Auth/Source/Htpasswd.php
@@ -80,7 +80,7 @@ class sspmod_authcrypt_Auth_Source_Htpasswd extends sspmod_core_Auth_UserPassBas
 				}
 
 				// Apache's custom MD5
-				if(APR1_MD5::check($crypted, $password)) {
+				if(APR1_MD5::check($password, $crypted)) {
 					SimpleSAML\Logger::debug('User '. $username . ' authenticated successfully');
 					return $attributes;
 				}
-- 
GitLab