<span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13.333333969116211px;white-space:nowrap;background-color:rgb(255,255,255)">Nabalcom,</span><div><font color="#222222" face="arial, sans-serif"><span style="white-space:nowrap"><br>
</span></font></div><div><font color="#222222" face="arial, sans-serif"><span style="white-space:nowrap">Thanks for the alert (we applied the fix) - </span></font></div><div><font color="#222222" face="arial, sans-serif"><span style="white-space:nowrap">this issue cropped in previous testing cycle specially related to PHP crypt types clash.</span></font></div>
<div><font color="#222222" face="arial, sans-serif"><span style="white-space:nowrap"><br></span></font></div><div><font color="#222222" face="arial, sans-serif"><span style="white-space:nowrap">Regards,<br>Prasad</span></font></div>
<div><font color="#222222" face="arial, sans-serif"><span style="white-space:nowrap"><b><br clear="all"></b></span></font><div><span style="border-collapse:collapse;font-family:arial,sans-serif;font-size:13px"><b>Connect with us on: </b><a href="http://twitter.com/vtigercrm" style="color:rgb(0,0,204)" target="_blank">Twitter</a> <b>I</b> <a href="http://www.facebook.com/pages/vtiger/226866697333578?sk=wall" style="color:rgb(0,0,204)" target="_blank">Facebook</a> <b>I</b> <a href="http://blog.vtiger.com/" style="color:rgb(0,0,204)" target="_blank">Blog</a><b> I</b> <a href="http://wiki.vtiger.com/index.php/Main_Page" style="color:rgb(0,0,204)" target="_blank">Wiki</a> <b>I </b><a href="http://forums.vtiger.com/" style="color:rgb(0,0,204)" target="_blank">Forums </a><b>I</b> <a href="http://vtiger.com/" style="color:rgb(0,0,204)" target="_blank">Website</a></span></div>
<br><br><div class="gmail_quote">On Wed, Jul 3, 2013 at 4:31 PM, Nabalcom <span dir="ltr"><<a href="mailto:info@nablacom.it" target="_blank">info@nablacom.it</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div lang="x-western"> <br>
In User Class (modules/Users/Users.php) into the function doLogin
at line 381 there is a SEVERE ERROR: the user will be always
logged with any password. So, if you try to login as admin you can
use "admin/any password" and the system will accept your login
credentials. <br>
In the following the source code:<br>
<pre cols="72"> $query = "SELECT * from $this->table_name where user_name=? AND user_password=? AND status = ?";
$result = $this->db->requirePsSingleResult($query, array($usr_name, $encrypted_password, 'Active'), false);
if (empty($result)) {
<font color="#cc0000"> return true;</font>
} else {
return true;
}
break;
The line 381 MUST BE CHANGED in <font color="#cc0000">return false;</font>
--
_______________________
ing. Roberto Santacroce
CEO at Nablacom
<a href="mailto:santacroce@nablacom.it" target="_blank">santacroce@nablacom.it</a>
Tel/Fax +39894456012
Mobile +393470458824
Skype: nablacom
Via G. Accarino, 18 - 84013 - Cava de' Tirreni (SA)
Ai sensi del D.lgs n.196 del 30.06.03 (Codice Privacy) si precisa che le informazioni contenute in questo messaggio sono riservate e ad uso esclusivo del destinatario. Qualora il messaggio in parola Le fosse pervenuto per errore, La preghiamo di eliminarlo senza copiarlo e di non inoltrarlo a terzi, dandocene gentilmente comunicazione. Grazie
This message, for the D.lgs n.196 / 30.06.03 (Privacy Code), may contain confidential and/or privileged information. If you are not the address or authorized to receive this for the address, you must not use, copy, disclose or take any action based on this message or any information herein.
If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation</pre>
</div>
</div>
<br>_______________________________________________<br>
<a href="http://www.vtiger.com/" target="_blank">http://www.vtiger.com/</a><br></blockquote></div><br></div>