Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

can't log in to any account if non-existent or disabled btUsername cookie #113

Open
RedDragonWebDesign opened this issue Jan 25, 2024 · 0 comments · May be fixed by #132
Open

can't log in to any account if non-existent or disabled btUsername cookie #113

RedDragonWebDesign opened this issue Jan 25, 2024 · 0 comments · May be fixed by #132
Labels
bug-v4 Bugs that appear in the original scripts.

Comments

@RedDragonWebDesign
Copy link
Owner

I made a previous patch for this ( 0c5d173 ) but reverted it ( 9b5268d ) because it broke the sign out system.

Setting cookies in JavaScript was a poor approach anyway. I have discovered that a better place to set cookies is in include_header.php. I've drafted up the following code which I may use in a patch for this. This code by itself doesn't solve the ticket though so I still have to debug some more.

One approach I may also try is getting rid of the $MAIN_ROOT in setcookie(). Setting a cookie path ($MAIN_ROOT in this case) lets you do things like install two copies of BlueThrust under the same domain in different folders and lets the cookies not conflict, but it comes at the cost of complexity.

To be continued.

// If user's username cookie is for a disabled or non-existent user, delete it.
if ( $_COOKIE['btUsername'] ) {
	$checkMember = new Member($mysqli);
	$checkMember->select($_COOKIE['btUsername']);
	$memberInfo = $checkMember->get_info();
	$usernameExists = ($memberInfo['username'] ?? '') != "";
	if ( !$usernameExists || $memberInfo['disabled']) {
		setcookie("btUsername", '', -1, $MAIN_ROOT);
		setcookie("btPassword", '', -1, $MAIN_ROOT);
		setcookie("btSession", '', -1, $MAIN_ROOT); // may need to fix the cookie path for btSession for this to work, right now btSession doesn't use $MAIN_ROOT
		unset($_COOKIE['btUsername']);
		unset($_COOKIE['btPassword']);
		unset($_COOKIE['btSession']);
	}
}
@RedDragonWebDesign RedDragonWebDesign added the bug-v4 Bugs that appear in the original scripts. label Jan 25, 2024
@deepend-tildeclub deepend-tildeclub linked a pull request Jan 30, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug-v4 Bugs that appear in the original scripts.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant