[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SF.net SVN: ledger-smb:[3168] trunk/LedgerSMB/Auth/DB.pm
- Subject: SF.net SVN: ledger-smb:[3168] trunk/LedgerSMB/Auth/DB.pm
- From: ..hidden..
- Date: Sun, 22 May 2011 23:47:14 +0000
Revision: 3168
http://ledger-smb.svn.sourceforge.net/ledger-smb/?rev=3168&view=rev
Author: einhverfr
Date: 2011-05-22 23:47:14 +0000 (Sun, 22 May 2011)
Log Message:
-----------
Patch 294667, adding logging when user is not found in users table in db
Modified Paths:
--------------
trunk/LedgerSMB/Auth/DB.pm
Modified: trunk/LedgerSMB/Auth/DB.pm
===================================================================
--- trunk/LedgerSMB/Auth/DB.pm 2011-05-22 23:41:57 UTC (rev 3167)
+++ trunk/LedgerSMB/Auth/DB.pm 2011-05-22 23:47:14 UTC (rev 3168)
@@ -146,6 +146,12 @@
return 1;
}
+ my $fetchUserID = $dbh->prepare(
+ "SELECT id
+ FROM users
+ WHERE username = ?;"
+ );
+
# TODO Change this to use %myconfig
my $deleteExisting = $dbh->prepare(
"DELETE
@@ -164,6 +170,15 @@
WHERE username = SESSION_USER), ?, ?);"
);
+# Fail early if the user isn't in the users table
+ $fetchUserID->execute($login)
+ || $lsmb->dberror( __FILE__ . ':' . __LINE__ . ': Fetch login id: ' );
+ my ( $userID ) = $fetchUserID->fetchrow_array;
+ unless($userID) {
+ $logger->error(__FILE__ . ':' . __LINE__ . ": no such user: $login");
+ http_error('401');
+ }
+
# this is assuming that the login is safe, which might be a bad assumption
# so, I'm going to remove some chars, which might make previously valid
# logins invalid --CM
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.