More phplib fun!We're using de …

More phplib fun!

We’re using default_auth on our site and thanks to some help I managed to make phplib play nicely with our template system. That is, until my boss tested it and discovered that if you enter an incorrect username/password the phplib loginform appears. Look around line 174 of for the culprit.
After I was almost finished a long email to the phplib list I figured out what to do. If the user types in an incorrect username/password then log them in as “nobody”!
The fix to do that took all of 5 seconds and is below:

Edit, look for auth_validatelogin(), this is around line 146 of my, and modify those lines to look like the following:

if( $this->db->num_rows() )
        $uid = $this->db->f(“uid”);
        $this->auth[“perm”]  = $this->db->f(“perms”);
        $this->auth[“uname”] = $this->db->f(“username”);
    // Log them in as “nobody”
    $this->auth[“perm”]  = “”;
    $this->auth[“uid”] = “nobody”;
    $uid = “nobody”;

When you try and login now with incorrect details the loginform will be printed again within the confines of your site templates and nobody will be the wiser as to the grief this caused you!

By Donncha

Donncha Ó Caoimh is a software developer at Automattic and WordPress plugin developer. He posts photos at In Photos and can also be found on Twitter.

Leave a Reply