Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-9936

If the current user is ANONYMOUS one cannot log in

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 3.0.8
    • None
    • Authentication, Sessions
    • None
    • PHP 5.2.6, Firefox 3.6

    Description

      Our site uses an external authentication module to allow users to log in to phpBB with a Django login. If the user is not currently logged in then, when trying to begin a session, phpBB receives an 'ANONYMOUS' user row from the auth module. A recent change to session.php (around line 624) redirects any user who is anonymous or a bot:

      // Bot user, if they have a SID in the Request URI we need to get rid of it
      // otherwise they'll index this page with the SID, duplicate content oh my!
      if (isset($_GET['sid']) && $bot)

      { redirect(build_url(array('sid'))); }

      Since a session is created when the user tries to log in, this redirect interrupts the login process.

      If I understand the situation properly, the auth module is working correctly by returning an anonymous user row, and so this block of code should not run if the user is anonymous and not a bot. My proposed fix is therefore changing:

      if (isset($_GET['sid']))

      to:

      if (isset($_GET['sid']) && $bot)

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. PHPBB3-9912 session redirect for Bot user is executed for usual user

          • Major - Major loss of function.
          • Closed

          Activity

            People

              bantu Andreas Fischer [X] (Inactive)
              fish-face fish-face
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: