Menu

#37 bug in index.php causing sql constraint violation on login

Unstable_(example)
open
None
4
2014-09-02
2014-09-01
Luke Bigum
No

Here is a patch for a logic bug in index.php where the $ip variable is not populated
if WEB_AUTH === 'Y', causing an SQL constraint violation.

--- webcollab/index.php.orig 2014-09-01 13:13:53.499068278 +0000
+++ webcollab/index.php 2014-09-01 13:09:17.850052911 +0000
@@ -168,16 +168,16 @@
$password = '0';
$session_key = '';

+//log ip address
+if( ! ($ip = $_SERVER['REMOTE_ADDR'] ) ) {
+ secure_error('Unable to determine ip address');
+}
+
// 1. Password login authentication
if(isset($_POST['username']) && isset($_POST['password']) && strlen($_POST['username']) > 0 && strlen($_POST['password']) > 0 && ACTIVE_DIRECTORY != 'Y' ) {

include_once(BASE.'database/database.php');

  • //log ip address
  • if( ! ($ip = $_SERVER['REMOTE_ADDR'] ) ) {
  • secure_error('Unable to determine ip address');
  • }


    $username = safe_data($_POST['username'] );

//check for account locked

Discussion

  • Andrew Simpson

    Andrew Simpson - 2014-09-02
    • assigned_to: Andrew Simpson
     
  • Andrew Simpson

    Andrew Simpson - 2014-09-02

    Thanks. I will add this to the Git tree shortly.

    I think I may have coded like that for a reason, I'll have to check if there was a reason, or it was just an error.

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.