|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #21113 Auth bug
Submitted: 2002-12-20 08:20 UTC Modified: 2003-01-03 05:57 UTC
From: entis at poczta dot fm Assigned:
Status: Closed Package: PEAR related
PHP Version: 4.2.3 OS: winxp
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: entis at poczta dot fm
New email:
PHP Version: OS:


 [2002-12-20 08:20 UTC] entis at poczta dot fm
there is dangerous bug in Auth package !

In file \Auth\Container\DB.php 
In method Auth_Container_DB::fetchData
In lines :
$res = $this->query($query);
if (DB::isError($res)) {
  return PEAR::raiseError($res->code, PEAR_ERROR_DIE);
} else {

compare raiseError definition :

    function &raiseError($message = null,
                         $code = null,
                         $mode = null,
                         $options = null,
                         $userinfo = null,
                         $error_class = null,
                         $skipmsg = false)

code should be second parameter and mode should be third parameter. 

I check if something go wrong in fetching data from database, this code don't stop program (PEAR_ERROR_DIE isn't in correct place) and user can gain unauthorized access. Solution is very simple :

$res = $this->query($query);
if (DB::isError($res)) {
  return PEAR::raiseError('',$res->code, PEAR_ERROR_DIE);
} else {

i have also proposition for Auth::login method :

replace this line :

$login_ok = $this->storage->fetchData($this->username, $this->password);

with this line :
$login_ok = ($this->storage->fetchData($this->username, $this->password) === TRUE);


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-12-20 08:30 UTC] entis at poczta dot fm
the same bug is in methods :
 [2003-01-03 05:57 UTC]
I've fixed the wrong usage of raiseError(). The changes will appear in the next release.

Thanks for noticing!
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Oct 28 17:03:35 2021 UTC