switch order in authenticate, fixes #5622

Closes #5622

Merge request studip/studip!4236

1 files changed, 6 insertions, 4 deletions

diff --git a/app/controllers/ilias_auth.php b/app/controllers/ilias_auth.php
index fd642dc..7f6f0a2 100644
--- a/app/controllers/ilias_auth.php
+++ b/app/controllers/ilias_auth.php
@@ -32,10 +32,6 @@ class IliasAuthController extends StudipController
     public function authenticate_action()
     {
         $authenticated = false;
-        $auth_status = StudipAuthAbstract::checkAuthentication(Request::get('login'), Request::get('password'));
-        if ($auth_status['uid']) {
-            $authenticated = true;
-        }
         $query = "SELECT external_user_token_valid_until FROM auth_extern WHERE external_user_name = ? AND external_user_token = ?";
         $result = DBManager::get()->fetchOne($query, [Request::get('login'), Request::get('password')]);
         if (count($result)) {
@@ -43,6 +39,12 @@ class IliasAuthController extends StudipController
                 $authenticated = true;
             }
         }
+        if (!$authenticated) {
+            $auth_status = StudipAuthAbstract::checkAuthentication(Request::get('login'), Request::get('password'));
+            if (!empty($auth_status['uid'])) {
+                $authenticated = true;
+            }
+        }
         if ($authenticated) {
             $this->render_text('authenticated');
         } else {