On 07/30/2014 09:25 AM, Edi Füllemann wrote:
> I updated from 0.10 to 0.12 and realized that any username / password is
> accepted by the web frontend. The installation is configured to use internal
> authentication. First I suspected the upgrade process somehow went wrong and
> tried a fresh install. But the problem persisted. When I login with a
> fantasy username, it gets even added to the database.
>
> After trying to follow the logon process in the source with my limited php
> knowledge, I suspect the software is using external authentication instead
> of internal.
>
> I could fix the problem for now by commenting out the following part of the
> function userLogin in include/admfuncs.php. This is where the external
> authentication is done an new user accounts added.
Did you change or set the value of $authRealm in your configuration file
maybe?
I just tried this on 0.12 but couldn't reproduce it somehow.