Menu
▾
▴
Re: [SM-DEVEL] SQMTRASH being used in place of password (1.4.13)
|
From: Paul L. <pa...@sq...> - 2008-06-19 19:06:22
|
On Thu, Jun 19, 2008 at 9:35 AM, Patrick Muldoon <doo...@in...> wrote: > This just started happenning and not 100% sure where it is coming > from, or what exactly is happening. I am trying to debug it now... > But what makes it hard is that I cannot replicate the problem but i've > modified the imap_login to report to me login failures. > > It only seems to be happening to a couple of different users, and my > limited testing appears that they are all using IE 6. > > Basically what is happening is the following... > > userA attemps to login in with passwordA (and I verify that user > isn't messing this up) by logging $login_username and $secretkey in > redirect.php and verify they are correct). > > but when the call so sqimap_login Which one? The one in src/redirect.php? Where EXACTLY is the password still OK and where does it get lost? Exactly? > come around. SQMTRASH gets passed > in as opposed to their encrypted key, so when we go to decrypt it, it > doesn't work. > > I am trying to track down exactly what is causing this, so any > pointers would be helpful? If you grep the source, you'll see that that value is a placeholder used to wipe the previous key out of existence when destroying the PHP session. This happens whenever there is a login failure as well as any time the login page is visited. Make sure there are not two users using the same browser on the same computer, make sure there are not two windows/tabs open in the same browser, one possibly pointing to (reloading?) the login page. Make sure your PHP session mechanism is working normally, make sure the user browser works with cookies correctly, etc. |