From ab3475f512a6c3ee43c18040a83278f0ccaaf5df Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 27 Mar 2018 13:44:48 +0200
Subject: [PATCH] do not set user for controller, because it is not set at that
 time

---
 op/op.Login.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/op/op.Login.php b/op/op.Login.php
index b558e8af9..ddbd82942 100644
--- a/op/op.Login.php
+++ b/op/op.Login.php
@@ -39,7 +39,7 @@ function _printMessage($heading, $message) { /* {{{ */
 } /* }}} */
 
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
-$controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user));
+$controller = Controller::factory($tmp[1], array('dms'=>$dms));
 
 if (isset($_REQUEST["sesstheme"]) && strlen($_REQUEST["sesstheme"])>0 && is_numeric(array_search($_REQUEST["sesstheme"],UI::getStyles())) ) {
 	$theme = $_REQUEST["sesstheme"];
@@ -131,10 +131,10 @@ if ($user->isAdmin() && ($_SERVER['REMOTE_ADDR'] != $settings->_adminIP ) && ( $
 }
 
 if($settings->_enable2FactorAuthentication) {
-	if($secret = $user->getSecret()) {
+	if($user->getSecret()) {
 		require "vendor/autoload.php";
 		$tfa = new \RobThree\Auth\TwoFactorAuth('SeedDMS');
-		if($tfa->verifyCode($secret, $_POST['twofactauth']) !== true) {
+		if($tfa->verifyCode($user->getSecret(), $_POST['twofactauth']) !== true) {
 			_printMessage(getMLText("login_error_title"),	getMLText("login_error_text"));
 			exit;
 		}