Home »
FUDforum Development »
Bug Reports »
Problem dealing with return value from AUTHENTICATE plugins
Problem dealing with return value from AUTHENTICATE plugins [message #185778] |
Wed, 07 May 2014 21:23 |
|
Jon
Messages: 9 Registered: April 2014
Karma:
|
Junior Member |
|
|
First of all, thanks again for the great software. I hesitate to call this a bug report, but it may be a problem for some users.
The advice for AUTHENTICATE plugins is to return 1 to allow access and return 0 to deny access: http://cvs.prohost.org/index.php/Plugin
This is tested in login.php with:
if (!empty($ok) && $ok != 1){
login_php_set_err('login', 'Invalid login/password combination.');
}
But this error message is never set, because a zero integer is empty: http://uk1.php.net/empty
This can cause a problem if the user has changed his external password but has not changed his FUDforum password - the result being that he can log in using his old FUDforum password.
A workaround, without changing login.php, is to return 1 to allow access and -1 (or anything non-zero) to deny access.
|
|
|
Goto Forum:
Current Time: Sat Nov 30 19:56:28 GMT 2024
Total time taken to generate the page: 0.04285 seconds