FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum Development » Bug Reports » Problem dealing with return value from AUTHENTICATE plugins
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Problem dealing with return value from AUTHENTICATE plugins [message #185778] Wed, 07 May 2014 21:23
Jon   United Kingdom
Messages: 9
Registered: April 2014
Karma: 0
Junior Member
First of all, thanks again for the great software. I hesitate to call this a bug report, but it may be a problem for some users.

The advice for AUTHENTICATE plugins is to return 1 to allow access and return 0 to deny access: http://cvs.prohost.org/index.php/Plugin

This is tested in login.php with:

if (!empty($ok) && $ok != 1){
	login_php_set_err('login', 'Invalid login/password combination.');
}


But this error message is never set, because a zero integer is empty: http://uk1.php.net/empty

This can cause a problem if the user has changed his external password but has not changed his FUDforum password - the result being that he can log in using his old FUDforum password.

A workaround, without changing login.php, is to return 1 to allow access and -1 (or anything non-zero) to deny access.
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: error message
Next Topic: secret admin log in screen (aka batcave)
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 17:46:16 GMT 2024

Total time taken to generate the page: 0.03769 seconds