On 07/30/2014 09:25 AM, Edi Füllemann wrote: > I updated from 0.10 to 0.12 and realized that any username / password is > accepted by the web frontend. The installation is configured to use internal > authentication. First I suspected the upgrade process somehow went wrong and > tried a fresh install. But the problem persisted. When I login with a > fantasy username, it gets even added to the database. > > After trying to follow the logon process in the source with my limited php > knowledge, I suspect the software is using external authentication instead > of internal. > > I could fix the problem for now by commenting out the following part of the > function userLogin in include/admfuncs.php. This is where the external > authentication is done an new user accounts added.
Did you change or set the value of $authRealm in your configuration file maybe? I just tried this on 0.12 but couldn't reproduce it somehow.