Hi,

$auth_password initialized above (see lines 133-142 and 160 in same file).

$_SESSION['password'] not used anymore, it always empty and your code incorrect.

what is AuthBasicFake, for what auth mechanism it is for?


On Tue, Oct 25, 2016 at 5:16 AM, <Peter.Hine@familycourt.gov.au> wrote:


Adam,

First up, this happened a long time ago. It's just taken till now to find
why it broke (cause i have free time, i'm testing 0.16.9.8118 and found the
error again)

The problem lies in line 200 of html/includes/authenticate.inc.php
(v0.16.9.8118)
 if (!$_SESSION['authenticated'] && (authenticate($_SESSION['username'],
$auth_password) ||                       // login/password

in older versions, "$auth_password" was "$_SESSION['password']".

by replacing "$auth_password" with "$_SESSION['password']"., AuthBasicFake
works again.


I can't see where "$auth_password" is initialized but it's not my code so
i'll not assume too much more than that.



thanks



Peter Hine
Senior Technical Support Engineer (Servers)
Corporate Services | Federal Court of Australia




**********************************************************************
The information contained in this e-mail (including any attachments)
is for the exclusive use of the addressee. If you are not the intended
recipient please notify the sender immediately and delete this e-mail.
It is noted that legal privilege is not waived because you have read
this e-mail.
**********************************************************************

_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium



--
Mike Stupalov
http://observium.org/