PHPDevShell

PluggableAuth crashes if the entered password was wrong

Bug #1020928 reported by Adrian Liechti on 2012-07-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	PHPDevShell	Fix Committed	Low	Greg	PHPDevShell 3.5 "Dawn"

Bug Description

Fix ("/PluggableAuth/includes/AUTH_login.class.php", line 83):

/**
* @author Adrian Liechti
* If the Passwort does not have a length of 32 chars, it must be a Source.
*
* If the Password does have a length of 32 chars, the login has failed
* because it was checked before, it has to be a wrong Password.
*
* @important This means that a Source must not have a name with a lengt of 32 chars.
*/
if (strlen($source) !== 32) {
$plugin = $this->getAuthPlugin($source);
if ($plugin->lookupUser(array('username' => $username, 'password' => $password))) {
return $user;
}
}

Related branches

lp:~phpdevshell/phpdevshell/3.2.1

lp:phpdevshell

Revision history for this message

Greg (gregfr) wrote on 2012-07-04:

In fact the problem was a typo:
if (is_a($auth, 'iAUTH_plugin') && ($plugin->lookupUser(array('username' => $username, 'password' => $password)))) {
instead of
if (is_a($plugin, 'iAUTH_plugin') && ($plugin->lookupUser(array('username' => $username, 'password' => $password)))) {

Fixed at rev 910.

Changed in phpdevshell:
status:	New → Fix Committed
assignee:	nobody → Greg (gregfr)
importance:	Undecided → Low

Greg (gregfr) on 2012-07-27

Changed in phpdevshell:
milestone:	none → 3.2.1-stable

Greg (gregfr) on 2013-06-11

Changed in phpdevshell:
milestone:	3.2.1-stable → 3.5

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.