From d8619b9a84be8dcfd2f218a498f6f82f18f14033 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Thu, 17 Sep 2020 16:50:34 +0300
Subject: [PATCH] auth_internal: cast OTP code to integer before trying to
 check it

---
 plugins/auth_internal/init.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php
index d029e249e..0ad3e9436 100644
--- a/plugins/auth_internal/init.php
+++ b/plugins/auth_internal/init.php
@@ -22,7 +22,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
 
 		$pwd_hash1 = encrypt_password($password);
 		$pwd_hash2 = encrypt_password($password, $login);
-		$otp = $_REQUEST["otp"];
+		$otp = (int)$_REQUEST["otp"];
 
 		if (get_schema_version() > 96) {