Maia Mailguard

A Spam and Virus Management System

Version 1.0.2c

Thank you ReachOne Internet for hosting our website!

Context Navigation

← Previous Ticket
Next Ticket →

Ticket #427 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

login to linked account causes db corruption

Reported by:	dmorton	Owned by:	dmorton
Priority:	high	Milestone:	1.0.3
Component:	PHP scripts	Version:	1.0.2
Severity:	major	Keywords:
Cc:

Description (last modified by dmorton) (diff)

GD reports that when he logs into an account that was linked to another,

it creates a duplicate policy in the policy table, which causes errors.

external auth, autocreate on, address_rewriting_type 4

Change History

Changed 5 years ago by anonymous

some code from GD:

 /*

 These changes, made to xlogin.php, prevent logging in with a non-primary
 email address.
 This prevents db corruption which comes from logging in with an address
 which is linked
 to another account as non-primary.

 */

       /* This is placed right after elseif ($auth_method == "external)
 clause in xlogin.php ~line 184
        * This is a fix for the problem of logging into a primary account
 which has been linked
        * which in turn causes database corruption. It looks up the current
 address being used
        * to login and will not authenticate if it is not the primary
 address for that account.
        * It is based of the valid assumption in my use case that the
 $user_name is an email address.
        */
       // Only do our little transformations for email_addresses which
 already exist
       if ($current_emailid = get_email_address_id($user_name)) {
           // Got the id of the email used to login with
           // Get the actual owner of that email address
           $owner_id = get_email_address_owner($current_emailid);
           // Get the owners primary e-mail address
           $primary_emailid = get_primary_email_id($owner_id);
           // If the owners primary emailid is different from the current
 one, prevent login
           if ($primary_emailid != $current_emailid) {
               // Set a var with the actually primary address for that user
               // This lets the later output know what error this was and
 what to tell the user
               $primary_login_uname =
 get_email_address_by_id($primary_emailid);
           }
           // Otherwise perform the default authentication action
           else {
               list($authenticated, $email) = auth($user_name, $pwd,
 $address, $nt_domain);
               if ($authenticated === true) {
                   $uid = get_user_id($user_name, $email);
               }
           }
       }
       // Otherwise perform the default authentication action
       else {
           list($authenticated, $email) = auth($user_name, $pwd, $address,
 $nt_domain);
           if ($authenticated === true) {
               $uid = get_user_id($user_name, $email);
           }
       }


    /* This is placed right after $admin_link = "<...>" in xlogin.php ~line
 240
     * This uses the previously set $primary_login_uname which is only
     * This should be integrated with the locale files when someone has the
 chance
     */
    if (isset($primary_login_uname)) {
         $lang['text_login_failed1'] = "The e-mail address used to login,
 ".htmlentities($user_name).", is not the primary for your account.<br
 />Please login with your primary address which is currently:
 ".htmlentities($primary_login_uname).". ";
    }
    else {
         $lang['text_login_failed1'] = sprintf($lang['text_login_failed1'],
 htmlentities($user_name));
    }

Note: See TracTickets for help on using tickets.

Download in other formats: