More phplib fun!We're using de …

More phplib fun!

We’re using default_auth on our site and thanks to some help I managed to make phplib play nicely with our template system. That is, until my boss tested it and discovered that if you enter an incorrect username/password the phplib loginform appears. Look around line 174 of auth.inc for the culprit.
After I was almost finished a long email to the phplib list I figured out what to do. If the user types in an incorrect username/password then log them in as “nobody”!
The fix to do that took all of 5 seconds and is below:

Edit local.inc, look for auth_validatelogin(), this is around line 146 of my local.inc, and modify those lines to look like the following:

if( $this->db->num_rows() )
{
    while($this->db->next_record())
    {   
        $uid = $this->db->f(“uid”);
        $this->auth[“perm”]  = $this->db->f(“perms”);
        $this->auth[“uname”] = $this->db->f(“username”);
    }
}
else
{
    // Log them in as “nobody”
    $this->auth[“perm”]  = “”;
    $this->auth[“uid”] = “nobody”;
    $uid = “nobody”;
}

When you try and login now with incorrect details the loginform will be printed again within the confines of your site templates and nobody will be the wiser as to the grief this caused you!


You might also like

If you like this post then please subscribe to my full RSS feed. You can also click here to subscribe by email. There are also my fabulous photos to explore too!

Published by

Donncha

Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Google+ and Twitter.

Leave a Reply