bug in index.php causing sql constraint violation on login
Brought to you by:
andrewsimpson
Here is a patch for a logic bug in index.php where the $ip variable is not populated
if WEB_AUTH === 'Y', causing an SQL constraint violation.
--- webcollab/index.php.orig 2014-09-01 13:13:53.499068278 +0000
+++ webcollab/index.php 2014-09-01 13:09:17.850052911 +0000
@@ -168,16 +168,16 @@
$password = '0';
$session_key = '';
+//log ip address
+if( ! ($ip = $_SERVER['REMOTE_ADDR'] ) ) {
+ secure_error('Unable to determine ip address');
+}
+
// 1. Password login authentication
if(isset($_POST['username']) && isset($_POST['password']) && strlen($_POST['username']) > 0 && strlen($_POST['password']) > 0 && ACTIVE_DIRECTORY != 'Y' ) {
include_once(BASE.'database/database.php');
//check for account locked
Thanks. I will add this to the Git tree shortly.
I think I may have coded like that for a reason, I'll have to check if there was a reason, or it was just an error.