From: Will Budic Date: Wed, 4 Mar 2020 01:21:26 +0000 (+1100) Subject: Bug 20 fixed. X-Git-Url: https://lifelog.hopto.org/gitweb/?a=commitdiff_plain;h=7debe3751bfc6ac3cc7716dba70a6134508608dc;p=LifeLog.git Bug 20 fixed. --- diff --git a/Current Development Check List.md b/Current Development Check List.md index 2ba24a3..b19835a 100644 --- a/Current Development Check List.md +++ b/Current Development Check List.md @@ -7,19 +7,16 @@ This version is not compatible in data structure to prior versions. Data migrati ## LifeLog Development -### v.1.8 This is v.1.8 SUN STABLE. +### v.1.8 Encountered -* Automated install module script **`./install_modules.sh `** -* Has Secure Backup/Restore. Providing accurate full data restore and merging with existing for live databases. -* New category selection, storing approuch. -* Better and more efficient application configuration and setup. -* Numerous fixes, and better exception handling. +* ✔ Autologin bypasses actual wanted login. + * This is bug 20. ### v.1.7 Encountered * ✔ Database backup tgz ball, upload and download button on config page. * You must have the password you logged in to unscramble the backup. - * Alias -> pass -> backup password. Information required. + * Alias -> pass -> backup password. Information required. * Application log needed in the background for System based logs. * New CNF Development. * ✔ Migration is currently hard to maintain and data export and import is wrongly reliant to CVS. @@ -94,6 +91,10 @@ This version is not compatible in data structure to prior versions. Data migrati ## Bugs +### v. 1.9 Encountered/Fixed + +* ✔ Bug 20 - Autologin bypasses, wanted new alias login (on logoff). + ### v. 1.8 Encountered/Fixed * ✔ Bug 19 - Same day datediff is displaying wrong report in time stack on the page. diff --git a/htdocs/cgi-bin/login_ctr.cgi b/htdocs/cgi-bin/login_ctr.cgi index ef02d33..3cf8703 100755 --- a/htdocs/cgi-bin/login_ctr.cgi +++ b/htdocs/cgi-bin/login_ctr.cgi @@ -149,6 +149,11 @@ sub checkAutologinSet { } close $fh; if(@cre &&scalar(@cre)>1){##TODO we already connected here to the db, why do it again later? + + if($alias && $passw && $alias ne $cre[0]){ # Is this an new alias login attempt? + return; # Note, we do assign entered password even passw as autologin is set. Not entering one bypasses this. + } # If stricter access is required set it to zero in main.cnf, or disable in config. + $passw = $cre[1] if (!$passw); my $database = &Settings::logPath.'data_'.$cre[0].'_log.db'; my $dsn= "DBI:SQLite:dbname=$database"; my $db = DBI->connect($dsn, $cre[0], $cre[1], { RaiseError => 1 }) @@ -159,7 +164,7 @@ sub checkAutologinSet { my @set = $st->fetchrow_array(); if(@set && $set[0]=="1"){ $alias = $cre[0]; - $passw = $cre[1]; + $passw = $passw; #same as entered, by the not knowing to leave it blank. &Settings::removeOldSessions; } $db->disconnect();