PluggableAuth crashes if the entered password was wrong

Bug #1020928 reported by Adrian Liechti on 2012-07-04
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

Fix ("/PluggableAuth/includes/AUTH_login.class.php", line 83):

 * @author Adrian Liechti
 * If the Passwort does not have a length of 32 chars, it must be a Source.
 * If the Password does have a length of 32 chars, the login has failed
 * because it was checked before, it has to be a wrong Password.
 * @important This means that a Source must not have a name with a lengt of 32 chars.
if (strlen($source) !== 32) {
 $plugin = $this->getAuthPlugin($source);
 if ($plugin->lookupUser(array('username' => $username, 'password' => $password))) {
  return $user;

Greg (gregfr) wrote :

In fact the problem was a typo:
if (is_a($auth, 'iAUTH_plugin') && ($plugin->lookupUser(array('username' => $username, 'password' => $password)))) {
instead of
if (is_a($plugin, 'iAUTH_plugin') && ($plugin->lookupUser(array('username' => $username, 'password' => $password)))) {

Fixed at rev 910.

Changed in phpdevshell:
status: New → Fix Committed
assignee: nobody → Greg (gregfr)
importance: Undecided → Low
Greg (gregfr) on 2012-07-27
Changed in phpdevshell:
milestone: none → 3.2.1-stable
Greg (gregfr) on 2013-06-11
Changed in phpdevshell:
milestone: 3.2.1-stable → 3.5
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers