It does, if you will look closely at PluginsfGuardUserTable.php
class PluginsfGuardUserTable extends Doctrine_Table
{
public static function retrieveByUsername($username, $isActive =
true)
{
return Doctrine_Query::create()
->from('sfGuardUser u')
->where('u.username = ?', $username)
->addWhere('u.is_active = ?', $isActive)
->fetchOne();
}
}
On May 7, 4:09 am, Gary Rojas <[email protected]> wrote:
> I was reviewing how sfDoctrineGuardPlugin control the sign in and i
> found that this plugin doesn't make any validation about the status of
> the user (i think this should be with the is_active field). I realized
> about this because i have a user with is_active = 0 and this user can
> sign in without any problems.
>
> My doubt is if this behavior is normal and we have to ensure or maybe
> is a security problem.
>
> Thanks for your answers.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
