Disable enhancedauth by default

Admins can still enable it via config.php

2 files changed, 4 insertions, 4 deletions

diff --git a/lib/json.php b/lib/json.php
index cc504907261..cc6cee6caff 100644
--- a/lib/json.php
+++ b/lib/json.php
@@ -83,7 +83,7 @@ class OC_JSON{
 	* Check if the user verified the login with his password
 	*/
 	public static function verifyUser() {
-		if(OC_Config::getValue('enhancedauth', true) === true) {
+		if(OC_Config::getValue('enhancedauth', false) === true) {
 			if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
 				$l = OC_L10N::get('lib');
 				self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
diff --git a/lib/util.php b/lib/util.php
index a847c02872e..c5f41be324b 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -398,7 +398,7 @@ class OC_Util {
 	* If not, the user will be shown a password verification page
 	*/
 	public static function verifyUser() {
-		if(OC_Config::getValue('enhancedauth', true) === true) {
+		if(OC_Config::getValue('enhancedauth', false) === true) {
 					// Check password to set session
 			if(isset($_POST['password'])) {
 				if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
@@ -419,12 +419,12 @@ class OC_Util {
 	* @return bool
 	*/
 	public static function isUserVerified() {
-		if(OC_Config::getValue('enhancedauth', true) === true) {
+		if(OC_Config::getValue('enhancedauth', false) === true) {
 			if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
 				return false;
 			}
-			return true;
 		}
+		return true;
 	}
 	
 	/**