Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9936

If the current user is ANONYMOUS one cannot log in

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 3.0.8
    • Fix Version/s: None
    • Component/s: Authentication, Sessions
    • Labels:
      None
    • Environment:
      PHP 5.2.6, Firefox 3.6

      Description

      Our site uses an external authentication module to allow users to log in to phpBB with a Django login. If the user is not currently logged in then, when trying to begin a session, phpBB receives an 'ANONYMOUS' user row from the auth module. A recent change to session.php (around line 624) redirects any user who is anonymous or a bot:

      // Bot user, if they have a SID in the Request URI we need to get rid of it
      // otherwise they'll index this page with the SID, duplicate content oh my!
      if (isset($_GET['sid']) && $bot)

      { redirect(build_url(array('sid'))); }

      Since a session is created when the user tries to log in, this redirect interrupts the login process.

      If I understand the situation properly, the auth module is working correctly by returning an anonymous user row, and so this block of code should not run if the user is anonymous and not a bot. My proposed fix is therefore changing:

      if (isset($_GET['sid']))

      to:

      if (isset($_GET['sid']) && $bot)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bantu Andreas Fischer
                Reporter:
                fish-face fish-face
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: