Page 1 of 1
Login bug: 1 failed login blocks future logins
Posted: Tue Mar 30, 2004 12:54 pm
by steltek
c.f. subject. If I try to login and mistype my password, I cannot login at all any more. I keep getting redirected to the login page even if I am 100% certain that I typed the correct userid and pw. Only after restarting the browser (or manually wiping out the ZMSESSID cookie) are logins possible again.
I have verified this on 2 machines running PHP 4.3.3/4.3.4 and Apache/1.3.29. Could it be a PHP configuration problem or is this a bug that other people see too?
Re: Login bug: 1 failed login blocks future logins
Posted: Wed Mar 31, 2004 9:39 am
by zoneminder
Hi Michel,
Thanks for reporting this, I will look into it and try and get a fix in for the next release.
Phil,
Re: Login bug: 1 failed login blocks future logins
Posted: Wed Mar 31, 2004 12:19 pm
by fernando
this is an old "bug".. but i found this usefull to prevent unautorized logins..
Re: Login bug: 1 failed login blocks future logins
Posted: Fri Apr 02, 2004 11:35 am
by karlg
this is actually really easy to fix.
in zp_funcs.php, line 38:
else
{
unset( $user );
}
add 2 lines:
else
{
unset( $user );
session_unset();
session_destroy();
}
Re: Login bug: 1 failed login blocks future logins
Posted: Fri Apr 02, 2004 11:40 am
by karlg
also, for logic sake, looks like the session_write_close(); should be in the if statement that tests the results of the mysql query: (since, you're only going to write_close the session, only if the login is valid, otherwise it's going to unset/destroy the session)
if ( $db_user = mysql_fetch_assoc( $result ) )
{
$HTTP_SESSION_VARS['user'] = $user = $db_user;
<b>session_write_close();</b>
}
i've tested these 2 changes on my ZM, and seems to fix the broken login problem.