Project

General

Profile

Actions

Bug #1874

closed

Captive Portal Login dies on empty input

Added by Andreas Böhm about 13 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ermal Luçi
Category:
Captive Portal
Target version:
Start date:
09/13/2011
Due date:
% Done:

90%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

If you go to the captive portal login page and click submit without filling in any in the vouchercode-field you´ll get a blank page.

Actions #1

Updated by Ermal Luçi about 13 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Ermal Luçi about 13 years ago

Actions #3

Updated by Andreas Böhm about 13 years ago

Is it only for user or pass fixed or also for vouchers?
I ask because im unable to view the changeset :(

Actions #4

Updated by Andreas Böhm about 13 years ago

Just reviewd it on github, the problem is not fixed for usage with voucher codes!

Actions #5

Updated by Andreas Böhm about 13 years ago

The Probleme why it wont work for voucher codes is really simple.

On line 143 in /usr/local/captiveportal/index.php is this "} else if ($_POST['accept'] && $_POST['auth_voucher']) {" but when "auth_voucher" is empty you cannot handle this because it jumps to the end of the file and simply executes the "exit;" there. So we ned to check first if voucher-auth is enabled on line 143 and then check if "auth_voucher" is not empty.

But i could not find out how to check if voucher-auth is enabled. I would submit a patch if someone points in the right direction to check if voucher-auth is enabled.

Actions #6

Updated by Chris Buechler over 12 years ago

  • Status changed from Feedback to Assigned
  • Assignee set to Darren Embry
  • Priority changed from High to Normal
  • Target version set to 2.1
Actions #7

Updated by Darren Embry over 12 years ago

  • Status changed from Assigned to Feedback
  • % Done changed from 100 to 90
Actions #8

Updated by Darren Embry over 12 years ago

Not able to reproduce a blank page if I revert above changeset.

When I take the following steps:
- set the captive portal to local user / vouchers
- upload a template login page with username, password, and voucher fields
- disable vouchers
- leave username and password blank
- type in a voucher code

I get a screen with username/password boxes and a "Voucher invalid" message.

Actions #9

Updated by Ermal Luçi over 12 years ago

Yeah i will fix that since already know the fix for it.
Its just that the pages are not updated on enable/disable of voucher or login type.

Actions #10

Updated by Darren Embry over 12 years ago

  • Assignee changed from Darren Embry to Ermal Luçi

Ermal, I strongly believe you should be assigned this one then, so I will assign accordingly. :-)

Actions #11

Updated by Michael Newton over 12 years ago

The patch for this broke the ability to use empty passwords. I opened issue 2377 before I realized the changes were recently made for this one.

Rather than if ($_POST['auth_user'] && $_POST['auth_pass']) the code should test if (isset($_POST['auth_user']) && isset($_POST['auth_pass'])) because empty string evaluates to false.

Actions #12

Updated by Ermal Luçi over 12 years ago

I am sorry but you can use no authentication for empty passwords.
It works as its expected.

Actions #13

Updated by Chris Buechler almost 12 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF