From fd3ba131307c9cc54f69d8f7186b2786e73da9a6 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 18 Oct 2015 21:33:47 +0200
Subject: [PATCH] FIX #3541 Bypass authentication when user was created using
 LDAP

---
 htdocs/core/login/functions_dolibarr.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/login/functions_dolibarr.php b/htdocs/core/login/functions_dolibarr.php
index 36596165191..c421fdb1aeb 100644
--- a/htdocs/core/login/functions_dolibarr.php
+++ b/htdocs/core/login/functions_dolibarr.php
@@ -91,7 +91,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=
 				if (! $passok)
 				{
 					if ((! $passcrypted || $passtyped)
-						&& ($passtyped == $passclear))
+						&& ($passclear && ($passtyped == $passclear)))
 					{
 						$passok=true;
 						dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - found pass in database");