inventory icon indicating copy to clipboard operation
inventory copied to clipboard

Published 20 hours ago verified publisher icon bitsandbots

User account disable causes infinite redirect

Open RobNcsu opened this issue 3 years ago • 1 comments

Describe the bug If logged in as an administrator; if you disable the account currently logged in with, it breaks the program without recovery.

To Reproduce Steps to reproduce the behavior: login as admin go to user management edit admin user "Deactive" admin account, select update

Expected behavior A clear and concise description of what you expected to happen. admin account should be disabled and user is logged out

Desktop (please complete the following information):

  • OS: Mac OS
  • Browser: Safari and Chrome

Additional context Recovering from the issue requires a git reset --hard to the previous state. Unclear why the problem occurs. When attempting to login with admin again, the logs will show that the user is authenticated but the program is possibly broken somewhere around the users/home.php line 11 if (!$session->isUserLoggedIn(true)) { redirect('index.php', false);} as it constantly redirects to home.php

edit: After a bit of digging this issue might have something to do with the session cookies for the browser. I can't seem to find a reliable fix. Sometimes a git reset works, sometimes a database table flush and rebuild works.

RobNcsu avatar Jan 16 '21 20:01 RobNcsu

This could be prevented by adding a few lines of code to /users/users.php and /users/edit_users.php

LIne 86 users.php prevents deleting the master admin account.

 <?php if ($a_user['id'] != '1') { ?>
               <a href="../users/delete_user.php?id=<?php echo (int)$a_user['id'];?>"  onClick="return confirm('Are you sure you want to delete?')" class="btn btn-xs btn-danger" data-toggle="tooltip" title="Remove">
                 <i class="glyphicon glyphicon-remove"></i>
               </a>
                <?php } ?>

and

Line 126 edit_users.php prevents deactivating the admin account

              <?php if ($e_user['id'] != '1') { ?>
            <div class="form-group">
              <label for="status">Status</label>
                <select class="form-control" name="status">
                  <option <?php if ($e_user['status'] === '1') echo 'selected="selected"';?>value="1">Active</option>
                  <option <?php if ($e_user['status'] === '0') echo 'selected="selected"';?> value="0">Deactive</option>
                </select>
            </div>
              <?php } ?>

RobNcsu avatar Jan 17 '21 00:01 RobNcsu