FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Problem dealing with return value from AUTHENTICATE plugins
Show: Today's Messages :: Unread Messages :: Show Polls :: Message Navigator
| Subscribe to topic | Bookmark topic 
Switch to threaded view of this topic Create a new topic Submit Reply
Problem dealing with return value from AUTHENTICATE plugins [message #185778] Wed, 07 May 2014 17:23
Jon   United Kingdom
Messages: 9
Registered: April 2014
Karma: 0
Junior Member
add to buddy list
ignore all messages by this user
First of all, thanks again for the great software. I hesitate to call this a bug report, but it may be a problem for some users.

The advice for AUTHENTICATE plugins is to return 1 to allow access and return 0 to deny access: http://cvs.prohost.org/index.php/Plugin

This is tested in login.php with:

if (!empty($ok) && $ok != 1){
	login_php_set_err('login', 'Invalid login/password combination.');
}


But this error message is never set, because a zero integer is empty: http://uk1.php.net/empty

This can cause a problem if the user has changed his external password but has not changed his FUDforum password - the result being that he can log in using his old FUDforum password.

A workaround, without changing login.php, is to return 1 to allow access and -1 (or anything non-zero) to deny access.
Quick Reply
Formatting Tools:   
  Switch to threaded view of this topic Create a new topic
Previous Topic: error message
Next Topic: secret admin log in screen (aka batcave)
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed May 24 00:17:17 EDT 2017

Total time taken to generate the page: 0.00517 seconds