mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-03 21:27:25 +02:00
Code Issues Releases Wiki Activity

Do not populate e_user_model as a logged in user if login failed

Browse Source 
Fixes: #4236
This commit is contained in:
Nick Liu
2020-08-24 23:40:25 -05:00
parent daf77daa21
commit 55882c75cb
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
e107_handlers/login.php
View File

@@ -342,8 +342,8 @@ class userlogin
* Note: PASSWORD IS NOT VERIFIED BY THIS ROUTINE * Note: PASSWORD IS NOT VERIFIED BY THIS ROUTINE
* @param string $username - as entered * @param string $username - as entered
* @param boolean $forceLogin - TRUE if login is being forced from clicking signup link; normally FALSE * @param boolean $forceLogin - TRUE if login is being forced from clicking signup link; normally FALSE
* @return TRUE if name exists, and $this->userData array set up * @return boolean TRUE if name exists, and $this->userData array set up
* otherwise FALSE * FALSE otherwise
*/ */
protected function lookupUser($username, $forceLogin) protected function lookupUser($username, $forceLogin)
{ {
@@ -540,7 +540,7 @@ class userlogin
global $pref, $sql; global $pref, $sql;
$doCheck = FALSE; // Flag set if need to ban check $doCheck = FALSE; // Flag set if need to ban check
$this->userData = array();
switch($reason) switch($reason)
{ {

12
e107_tests/tests/unit/e_user_modelTest.php
View File

@@ -377,7 +377,15 @@
} }
*/ */
/**
* @see https://github.com/e107inc/e107/issues/4236
*/
public function testUserLoginWrongCredentialsNotUser()
{
$user = e107::getUser();
$user->login("e107", "DefinitelyTheWrongPassword");
$this->assertFalse($user->isUser());
$this->assertEmpty($user->getData());
}
} }