View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0025061 | mantisbt | authentication | public | 2018-12-10 06:22 | 2019-01-02 17:25 |
| Reporter | dregad | Assigned To | dregad | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Target Version | 2.19.0 | Fixed in Version | 2.19.0 | ||
| Summary | 0025061: Generic error is triggered when anonymous login is not defined | ||||
| Description | When While this is essentially a configuration error (it does not makes sense to enable anonymous login without specifying the actual account to use for that), we should disable anonymous login, and display a more meaningful / friendlier error message. | ||||
| Tags | No tags attached. | ||||
|
MantisBT: master 91782fe0 2018-05-06 23:10 Details Diff |
Anonymous login requires account to be set To enable anonymous login, we need both allow_anonymous_login and the anonymous_account to be set. The former without the latter results in a MantisBT generic error when trying to login anonymously, as login.php is called with an empty username. Fixes 0025061 |
Affected Issues 0025061 |
|
| mod - core/authentication_api.php | Diff File | ||
|
MantisBT: master d7ca6fa8 2018-05-06 23:40 Details Diff |
Fix generic error when anonymous login not defined When $g_allow_anonymous_login = ON and $g_anonymous_account = '', a Generic error is triggered in auth_flags() when trying to login anonymously. This is due to the fact that $p_user_id parameter is false in this case. To prevent this, the function now performs a loose-type check on the user id, so MantisBT returns to the login page with a friendlier error message "Your account may be disabled or blocked or the username/password you entered is incorrect." Fixes 0025061 |
Affected Issues 0025061 |
|
| mod - core/authentication_api.php | Diff File | ||
