Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User account disable causes infinite redirect #11

Open
RobNcsu opened this issue Jan 16, 2021 · 1 comment
Open

User account disable causes infinite redirect #11

RobNcsu opened this issue Jan 16, 2021 · 1 comment

Comments

@RobNcsu
Copy link

RobNcsu commented Jan 16, 2021
edited
Loading

Describe the bug
If logged in as an administrator; if you disable the account currently logged in with, it breaks the program without recovery.

To Reproduce
Steps to reproduce the behavior:
login as admin
go to user management
edit admin user
"Deactive" admin account, select update

Expected behavior
A clear and concise description of what you expected to happen.
admin account should be disabled and user is logged out

Desktop (please complete the following information):

  • OS: Mac OS
  • Browser: Safari and Chrome

Additional context
Recovering from the issue requires a git reset --hard to the previous state. Unclear why the problem occurs. When attempting to login with admin again, the logs will show that the user is authenticated but the program is possibly broken somewhere around the users/home.php line 11 if (!$session->isUserLoggedIn(true)) { redirect('index.php', false);} as it constantly redirects to home.php

edit: After a bit of digging this issue might have something to do with the session cookies for the browser. I can't seem to find a reliable fix. Sometimes a git reset works, sometimes a database table flush and rebuild works.
@RobNcsu
Copy link
Author

RobNcsu commented Jan 17, 2021

This could be prevented by adding a few lines of code to /users/users.php and /users/edit_users.php

LIne 86 users.php prevents deleting the master admin account.

 <?php if ($a_user['id'] != '1') { ?>
               <a href="../users/delete_user.php?id=<?php echo (int)$a_user['id'];?>"  onClick="return confirm('Are you sure you want to delete?')" class="btn btn-xs btn-danger" data-toggle="tooltip" title="Remove">
                 <i class="glyphicon glyphicon-remove"></i>
               </a>
                <?php } ?>

and

Line 126 edit_users.php prevents deactivating the admin account

              <?php if ($e_user['id'] != '1') { ?>
            <div class="form-group">
              <label for="status">Status</label>
                <select class="form-control" name="status">
                  <option <?php if ($e_user['status'] === '1') echo 'selected="selected"';?>value="1">Active</option>
                  <option <?php if ($e_user['status'] === '0') echo 'selected="selected"';?> value="0">Deactive</option>
                </select>
            </div>
              <?php } ?>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RobNcsu