Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Login problems
#1
Hi,

I'm having a strange issue with authentication. I installed GetSimple yesterday, using trunk revision 273, everything worked well until I logged out.

Today when trying to login to the admin panel I always get an invalid username or password error. I know my password is OK the problem is the username that always fails to validate.

In my data/users folder I have a file named knitter.xml with the username Knitter inside. If I debug the authentication process with xDebug I can see that in the login_functions.php file, line 49, the comparison between the $userid and $USR fails as one is in lower caps and the other in upper caps.

So, why is the userid being changed into lowercase in line 21 of that file, why is the username even being changed without the user knowing?

Looking at SVN logs, this change was introduced in the current revision, from 272 to 273.
Rejoice! For very bad things are about to happen.
Reply
#2
The username should be converted to lowercase letter before saving a user file IE:
Username.XML -> username.xml.

The same should be done before attempting to login.

This is dine because php files are case sensitive meaning it would require your username be an exact match as the username.XML file. Make sense?
JWH Technologies
Have any marketing ideas for Get-Simple? Let me hear them!
Reply
#3
I understand that, the problem is not in the file naming but in the file's content.

GetSimple is comparing a lowercase version of the username I provide with an uppercase version of the same username, that is present in the XML file.

My username was registered as 'Knitter', the knitter.xml file has that username in it, exactly as I typed. When I'm at the login page and I type 'Knitter' in the username field, that field is changed to lowercase and the comparison is then between 'knitter' and 'Knitter', which is wrong.

The XML name is a different matter, I don't think it is the best option having a completely normal XML with usernames and passwords inside a public folder, even with .htaccess files, but that's another problem. The issue here is that GetSimple saved my username in the XML file without changes, but is changing it every time I try to login.

Now, the problem can be in the login functions or in the functions that created the XML file, because the XML file has one username in it, and if I try to use that username I can never login.
Rejoice! For very bad things are about to happen.
Reply
#4
Try changing line 45:
Code:
                        $USR = $data->USR;
to:
Code:
                        $USR = lowercase($data->USR);

In admin/inc/login_functions.php

This could be fixed other ways but I think this would be the easiest.
JWH Technologies
Have any marketing ideas for Get-Simple? Let me hear them!
Reply
#5
Hi,

Thanks for the reply, but I just wanted to know if it's a bug or if the "issue" was intentional. I had already fixed it locally but decided to revert my changes until I understand why the problem was happening.

For the moment I'll work around the issue by using an username with only lowercase letters.
Rejoice! For very bad things are about to happen.
Reply
#6
r274 in the SVN shouold fix this problem now.
Not sure why we were converting the UserID to lowercase as its not saved as lowercase from the settings page.

Thanks Knitter, would never have noticed as I would never use upper and lower for a UserID.

Mike....
My Github Repos: Github
Website: DigiMute
Reply




Users browsing this thread: 1 Guest(s)