View Issue Details

IDProjectCategoryView StatusLast Update
0025061mantisbtauthenticationpublic2019-01-02 17:25
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Target Version2.19.0Fixed in Version2.19.0 
Summary0025061: Generic error is triggered when anonymous login is not defined
Description

When $g_allow_anonymous_login = ON and $g_anonymous_account = '', a Generic error (APPLICATION ERROR #0) is triggered in auth_flags() when trying to login anonymously.

While this is essentially a configuration error (it does not makes sense to enable anonymous login without specifying the actual account to use for that), we should disable anonymous login, and display a more meaningful / friendlier error message.

TagsNo tags attached.

Activities

Related Changesets

MantisBT: master 91782fe0

2018-05-07 03:10:51

dregad

Details Diff
Anonymous login requires account to be set

To enable anonymous login, we need both allow_anonymous_login and the
anonymous_account to be set.

The former without the latter results in a MantisBT generic error when
trying to login anonymously, as login.php is called with an empty
username.

Fixes 0025061
Affected Issues
0025061
mod - core/authentication_api.php Diff File

MantisBT: master d7ca6fa8

2018-05-07 03:40:16

dregad

Details Diff
Fix generic error when anonymous login not defined

When $g_allow_anonymous_login = ON and $g_anonymous_account = '', a
Generic error is triggered in auth_flags() when trying to login
anonymously. This is due to the fact that $p_user_id parameter is false
in this case.

To prevent this, the function now performs a loose-type check on the
user id, so MantisBT returns to the login page with a friendlier error
message "Your account may be disabled or blocked or the
username/password you entered is incorrect."

Fixes 0025061
Affected Issues
0025061
mod - core/authentication_api.php Diff File