Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-8713

trimming login inputs isn't sensible

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 3.1.0-a1
    • 3.0.5
    • Authentication
    • None
    • PHP Environment: PHP v5.2.8, Windows Server 2003 Standard

      I'm currently working on a custom auth plugin that combines NTLM and LDAP authentication in a custom package.

      Long story short, some of the passwords in Active Directory begin with a space. Somewhere in the phpBB control flow, the password input POST'ed by the user becomes trimmed (or otherwise "sanitized") such that the leading space is removed. Naturally, Active Directory knows the difference between a password beginning with a space and one without, resulting in the affected users being unable to login.

      Is there a reason the password input (and possibly others) are seemingly being trim()'d before being passed along to the respective auth_*.php plugin?

      If not, wouldn't a good workaround be to move the trim()'ing and/or other sanitization into the auth_db.php (the default auth 'plugin') file so that it can be easily modified/removed by custom auth plugins?

            bantu Andreas Fischer [X] (Inactive)
            dead.on# dead.on#
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: