Changeset 1304 for trunk/wifidog-auth/wifidog/login/index.php

Timestamp:

10/22/07 15:06:20 (5 years ago)

Author:

benoitg

Message:

• Major security fix: Fix the authenticator for a security breach where a user could get Internet access using an empty username. LocalUser? and LDAP were definitely vulnerable, RADIUS may have been.

Files:

• trunk/wifidog-auth/wifidog/login/index.php (modified) (1 diff)

trunk/wifidog-auth/wifidog/login/index.php

@@ -199 +199 @@
     $user = User::getCurrentUser();
     if (!$user) {
-        //Normally, we already have a user logged-in (precessed by process_login_out.php).  But we try again, if only to display the error
+        //Normally, we already have a user logged-in (processed by process_login_out.php).  But we try again, if only to display the error
         Authenticator::processLoginUI($errmsg);
     }
-
+//echo "DEBUG: user: "; echo $user->getUsername();
     if ($user != null) {
         if (!empty($gw_address) && !empty($gw_port)) {