Development

#5891 ([PATCH] Inactive users can still login to the system)

You must first sign up to be able to contribute.

Ticket #5891 (closed defect: fixed)

Opened 4 years ago

Last modified 3 years ago

[PATCH] Inactive users can still login to the system

Reported by: colnector Assigned to: fabien
Priority: major Milestone:
Component: sfGuardPlugin Version: 1.2.4
Keywords: Cc:
Qualification: Ready for core team

Description

When the is_active field in sf_guard_user table is set to 0, the user can still login successfully to the system.

Attachments

sfGuardValidatorUser.patch (0.6 kB) - added by Garfield-fr on 03/08/09 22:08:39.
sf13.5891.patch (0.6 kB) - added by alecs on 11/19/09 21:46:38.
sf12.5891.patch (0.6 kB) - added by alecs on 11/19/09 21:46:52.
sf11.5891.patch (0.6 kB) - added by alecs on 11/19/09 21:47:02.

Change History

02/13/09 23:21:36 changed by colnector

Proposed fix in PluginsfGuardUser?.php

Add if (!$this->getIsActive()) return false; as the first line of checkPassword() 

  public function checkPassword($password)
  {
  	if (!$this->getIsActive()) return false;
    if ($callable = sfConfig::get('app_sf_guard_plugin_check_password_callable'))
    {
      return call_user_func_array($callable, array($this->getUsername(), $password, $this));
    }
    else
    {
      return $this->checkPasswordByGuard($password);
    }
  }

02/26/09 22:00:50 changed by Jonathan.Wage

  • status changed from new to closed.
  • resolution set to fixed.

(In [15836]) [1.1, 1.2, 1.3] Fixes issue with non active users still being able to login (closes #5891)

03/03/09 14:06:18 changed by tonypiper

  • status changed from closed to reopened.
  • resolution deleted.
  • version changed from 1.1.6 to 1.2.4.
  • component changed from sfDoctrineGuardPlugin to sfGuardPlugin.

this also applies to the propel version, sfGuardPlugin.

03/03/09 20:09:47 changed by Jonathan.Wage

  • owner changed from Jonathan.Wage to fabien.
  • status changed from reopened to new.

03/08/09 22:08:39 changed by Garfield-fr

  • attachment sfGuardValidatorUser.patch added.

11/19/09 21:46:21 changed by alecs

  • summary changed from Inactive users can still login to the system to [PATCH] Inactive users can still login to the system.

you can apply last 3 patches

11/19/09 21:46:38 changed by alecs

  • attachment sf13.5891.patch added.

11/19/09 21:46:52 changed by alecs

  • attachment sf12.5891.patch added.

11/19/09 21:47:02 changed by alecs

  • attachment sf11.5891.patch added.

11/19/09 21:47:20 changed by alecs

  • qualification changed from Unreviewed to Ready for core team.

07/16/10 16:07:01 changed by fabien

  • status changed from new to closed.
  • resolution set to fixed.

in r30261