Gossamer Forum
Home : Products : Gossamer Links : Discussions :

How to fix a login bug

Quote Reply
How to fix a login bug
Recently I found a bug in the Links SQL 2.1. I didn't notice it before but now since I redesigned the layout of the site I see some strange behavior and I don't know how to fix it. The problem is when user goes to the login screen he has to enter his username and a password but if user enters only his user name and hits Login button, the logout link appears, even though user has not been authenticated by the system yet. It's is very inconvenient because it's revealing the next step of the authentication process. I assume by looking at the code that it happens because of the tag

<%if Username%>Logout<%endif%>
<%ifnot Username%>Login<%endif%>

Based on the logic of the code, anyone who enters anything in the username text box and hits Login button will see the link surrounded by the first pair of tags because Username variable is not empty and hence the first statement is true. Does anyone know how to fix this problem?




Quote Reply
Re: [bob1980] How to fix a login bug In reply to
in Links::User::Login.pm

in the login_user subroutine, you can change:

Code:
# Make sure we have both a username and password.
if (!$username or !$password) {
print $IN->header();
print Links::SiteHTML::display ('login', { error => Links::language('USER_BADLOGIN'), Username => $username });
return;
}
}

Get rid of the part in red.

That will stop the program from passing back the "Username" field.

There are more elegant fixes, but that fix is definitive until the upgrade, ;)


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.
Quote Reply
Re: [pugdog] How to fix a login bug In reply to
PUGDOG, your fix didn't solve the problem. I also visited betterbeads.com which is listed on your signature they got the same bug. I was able to see registered user menu which has View Cart and Old Invoices links beside those you see when you are not logged in, by just entering something in the username text box. I think someone should come up with the idea on how completely eliminate it.

Quote Reply
Re: [bob1980] How to fix a login bug In reply to
Hi,

I know about the cart bugs, but since they don't do anything if a user clicks them, I figured at worst, it was advertising for the shopping area ;)

The fix should have worked, by not returning the Username field at all.

I'll check to see why, but some things are different between versions of Links.
There is another way to do it, in the HTML end of the system.

Change your menu, or any test for "Username" to be:

<%if Username and Status%>

Status will only be set to a value if the user is logged in. That's the flag for "Registered", "Administrator" etc, so it will always be available if Username is available, and won't be available if it's not. (Unless a plugin or script does something funky).

These variables should really be prefaced with User_ but, not in this version ;)


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.
Quote Reply
Re: [pugdog] How to fix a login bug In reply to
PUGDOG thanks a lot for you fix, it worked. I appreciate your time and knowledge.
Now this bug has been fixed.
It works for the Links SQL 2.1.1

Quote Reply
Re: [bob1980] How to fix a login bug In reply to
You're welcome... I never noticed that bug before, so I did want to see how to swat it.


PUGDOG� Enterprises, Inc.

The best way to contact me is to NOT use Email.
Please leave a PM here.
Quote Reply
Re: [pugdog] How to fix a login bug In reply to
Pugdog, I am back again with a new thing. After you have fixed a login bug everything has been working fine until now I found out that when I want to rate/review a link by clicking on a corresponding rate it and review it links, I get a menu displaying buttons as I am not currently logged in into the system even though I logged in before I was going to rate/review it. I don't know why it doesn't want to show the right menu with the logout and editors buttons. For all other pages it works fine but for rate and review it doesn't. It’s a mystery.
Any ideas?