Merge remote-tracking branch 'upstream/master'

1 files changed, 13 insertions, 10 deletions

diff --git a/include/security.php b/include/security.php
index d4ebe0024..2a9a6e39e 100644
--- a/include/security.php
+++ b/include/security.php
@@ -18,20 +18,13 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 
 	$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
 
+	$lastlog_updated = false;
+
 	if(x($user_record, 'account_id')) {
 		$a->account = $user_record;
 		$_SESSION['account_id'] = $user_record['account_id'];
 		$_SESSION['authenticated'] = 1;
 
-		if($login_initial || $update_lastlog) {
-			q("update account set account_lastlog = '%s' where account_id = %d",
-				dbesc(datetime_convert()),
-				intval($_SESSION['account_id'])
-			);
-			$a->account['account_lastlog'] = datetime_convert();
-			call_hooks('logged_in', $a->account);
-
-		}
 
 		$uid_to_load = (((x($_SESSION,'uid')) && (intval($_SESSION['uid']))) 
 			? intval($_SESSION['uid']) 
@@ -42,9 +35,19 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 			change_channel($uid_to_load);
 		}
 
+		if($login_initial || $update_lastlog) {
+			q("update account set account_lastlog = '%s' where account_id = %d",
+				dbesc(datetime_convert()),
+				intval($_SESSION['account_id'])
+			);
+			$a->account['account_lastlog'] = datetime_convert();
+			$lastlog_updated = true;
+			call_hooks('logged_in', $a->account);
+		}
+
 	}
 
-	if($login_initial) {
+	if(($login_initial) && (! $lastlog_updated)) {
 
 		call_hooks('logged_in', $user_record);