Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-9936

If the current user is ANONYMOUS one cannot log in

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • 3.0.8
    • Authentication, Sessions
    • None
    • PHP 5.2.6, Firefox 3.6

      Our site uses an external authentication module to allow users to log in to phpBB with a Django login. If the user is not currently logged in then, when trying to begin a session, phpBB receives an 'ANONYMOUS' user row from the auth module. A recent change to session.php (around line 624) redirects any user who is anonymous or a bot:

      // Bot user, if they have a SID in the Request URI we need to get rid of it
      // otherwise they'll index this page with the SID, duplicate content oh my!
      if (isset($_GET['sid']) && $bot)

      { redirect(build_url(array('sid'))); }

      Since a session is created when the user tries to log in, this redirect interrupts the login process.

      If I understand the situation properly, the auth module is working correctly by returning an anonymous user row, and so this block of code should not run if the user is anonymous and not a bot. My proposed fix is therefore changing:

      if (isset($_GET['sid']))

      to:

      if (isset($_GET['sid']) && $bot)

            bantu Andreas Fischer [X] (Inactive)
            fish-face fish-face
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: