Bug #1874
closedCaptive Portal Login dies on empty input
90%
Description
If you go to the captive portal login page and click submit without filling in any in the vouchercode-field you´ll get a blank page.
Updated by Ermal Luçi over 13 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 90477318aad050eb1f1b5282fac790f2a985fce3.
Updated by Ermal Luçi over 13 years ago
Applied in changeset 00eda3a2eb5fb7e43ba9504c90ad494f41504888.
Updated by Andreas Böhm over 13 years ago
Is it only for user or pass fixed or also for vouchers?
I ask because im unable to view the changeset :(
Updated by Andreas Böhm over 13 years ago
Just reviewd it on github, the problem is not fixed for usage with voucher codes!
Updated by Andreas Böhm over 13 years ago
The Probleme why it wont work for voucher codes is really simple.
On line 143 in /usr/local/captiveportal/index.php is this "} else if ($_POST['accept'] && $_POST['auth_voucher']) {" but when "auth_voucher" is empty you cannot handle this because it jumps to the end of the file and simply executes the "exit;" there. So we ned to check first if voucher-auth is enabled on line 143 and then check if "auth_voucher" is not empty.
But i could not find out how to check if voucher-auth is enabled. I would submit a patch if someone points in the right direction to check if voucher-auth is enabled.
Updated by Chris Buechler almost 13 years ago
- Status changed from Feedback to Assigned
- Assignee set to Darren Embry
- Priority changed from High to Normal
- Target version set to 2.1
Updated by Darren Embry almost 13 years ago
- Status changed from Assigned to Feedback
- % Done changed from 100 to 90
blind commit, need to test when CP actually starts working.
Applied in changeset bef75b4c9f43c024db19907bf5f6167dd8f82cb8.
https://github.com/bsdperimeter/pfsense/commit/bef75b4c9f43c024db19907bf5f6167dd8f82cb8
Updated by Darren Embry almost 13 years ago
Not able to reproduce a blank page if I revert above changeset.
When I take the following steps:
- set the captive portal to local user / vouchers
- upload a template login page with username, password, and voucher fields
- disable vouchers
- leave username and password blank
- type in a voucher code
I get a screen with username/password boxes and a "Voucher invalid" message.
Updated by Ermal Luçi almost 13 years ago
Yeah i will fix that since already know the fix for it.
Its just that the pages are not updated on enable/disable of voucher or login type.
Updated by Darren Embry over 12 years ago
- Assignee changed from Darren Embry to Ermal Luçi
Ermal, I strongly believe you should be assigned this one then, so I will assign accordingly. :-)
Updated by Michael Newton over 12 years ago
The patch for this broke the ability to use empty passwords. I opened issue 2377 before I realized the changes were recently made for this one.
Rather than if ($_POST['auth_user'] && $_POST['auth_pass'])
the code should test if (isset($_POST['auth_user']) && isset($_POST['auth_pass']))
because empty string evaluates to false.
Updated by Ermal Luçi over 12 years ago
I am sorry but you can use no authentication for empty passwords.
It works as its expected.
Updated by Chris Buechler about 12 years ago
- Status changed from Feedback to Closed