Place Your Ad Here

Bug Failed login returns 200 status code

There is a bug in this version
W

W1zzard

Guest
This makes it hard to catch bruteforces in the logs, should return 401

edit:
SELECT COUNT(*) FROM xf_login_attempt WHERE FROM_UNIXTIME(attempt_date) > CURRENT_DATE()
-> 184468

and it's only 5 pm

fix:
edit LoginController.php, after $user = $loginService->validate($input['password'], $error);

change
return $this->view('XF:Login\Form', 'login', $viewParams);

to

$view = $this->view('XF:Login\Form', 'login', $viewParams)...

Read more

Continue reading...
 
You must log in or register to reply here.

Similar threads

P
Ques/Help Is there a way to lock an account after X amount of failed login attempts?
Replies
0
Views
256
XenForo General Discussions
PumpinIron
P
F
XenForo Can't login to my forum with 2FA after iOS upgrade failed on my iPhone
Replies
0
Views
412
XenForo Development & Modifications
fredrikse
F
L
Ques/Help Paypal Issue Authentication failed
Replies
0
Views
93
XenForo General Discussions
LemmeSeeHim
L
A
Ques/Help Mail Delivery Failed
Replies
0
Views
130
XenForo General Discussions
articulatedthoughts
A
M
Ques/Help Failed to authenticate on SMTP server with Google Suite email
Replies
0
Views
100
XenForo General Discussions
MTBeros
M
Top Bottom
Back