2010-12-09, 07:35:43
Hi,
I'm having a strange issue with authentication. I installed GetSimple yesterday, using trunk revision 273, everything worked well until I logged out.
Today when trying to login to the admin panel I always get an invalid username or password error. I know my password is OK the problem is the username that always fails to validate.
In my data/users folder I have a file named knitter.xml with the username Knitter inside. If I debug the authentication process with xDebug I can see that in the login_functions.php file, line 49, the comparison between the $userid and $USR fails as one is in lower caps and the other in upper caps.
So, why is the userid being changed into lowercase in line 21 of that file, why is the username even being changed without the user knowing?
Looking at SVN logs, this change was introduced in the current revision, from 272 to 273.
I'm having a strange issue with authentication. I installed GetSimple yesterday, using trunk revision 273, everything worked well until I logged out.
Today when trying to login to the admin panel I always get an invalid username or password error. I know my password is OK the problem is the username that always fails to validate.
In my data/users folder I have a file named knitter.xml with the username Knitter inside. If I debug the authentication process with xDebug I can see that in the login_functions.php file, line 49, the comparison between the $userid and $USR fails as one is in lower caps and the other in upper caps.
So, why is the userid being changed into lowercase in line 21 of that file, why is the username even being changed without the user knowing?
Looking at SVN logs, this change was introduced in the current revision, from 272 to 273.
Rejoice! For very bad things are about to happen.