Fix "server error" message with incorrect username

2017-12-15 14:59:55 -07:00 · 2017-12-15 14:59:55 -07:00 · fec5e13415
commit fec5e13415
parent 6bf1606997
3 changed files with 15 additions and 14 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,4 @@
 /nbproject/private
 *.sync-conflict*
 test*
+/conf/
--- a/index.php
+++ b/index.php
@ -50,9 +50,9 @@ if ($VARS['progress'] == "1") {
                default:
                    if (!is_empty($error)) {
                        $alert = $error;
-                        break;
+                    } else {
+                        $alert = lang("login error", false);
                    }
-                    $alert = lang("login error", false);
                    break;
            }
            if ($username_ok) {
--- a/lib/login.php
+++ b/lib/login.php
@ -127,19 +127,19 @@ function change_password($old, $new, $new2, &$error) {
 function account_location($username) {
    global $database;
    $username = strtolower($username);
-    $user_exists = user_exists_local($username);
-    if (!$user_exists && !LDAP_ENABLED) {
-        return false;
+    $user_exists_local = user_exists_local($username);
+    if (!$user_exists_local && !LDAP_ENABLED) {
+        return "NONE";
    }
-    if ($user_exists) {
+    if ($user_exists_local) {
        $userinfo = $database->select('accounts', ['password'], ['username' => $username])[0];
        // if password empty, it's an LDAP user
-        if (is_empty($userinfo['password']) && LDAP_ENABLED) {
-            return "LDAP";
-        } else if (is_empty($userinfo['password']) && !LDAP_ENABLED) {
-            return "NONE";
-        } else {
+        if (!is_empty($userinfo['password'])) {
            return "LOCAL";
+        } else if (is_empty($userinfo['password']) && LDAP_ENABLED) {
+            return "LDAP";
+        } else {
+            return "NONE";
        }
    } else {
        if (user_exists_ldap($username)) {
@ -161,7 +161,7 @@ function authenticate_user($username, $password, &$errormsg = null, &$errorcode
    global $ldap;
    $username = strtolower($username);
    if (is_empty($username) || is_empty($password)) {
-        return false;
+        return "NONE";
    }
    $loc = account_location($username, $password);
    switch ($loc) {
@ -200,7 +200,7 @@ function user_exists($username) {
 function user_exists_local($username) {
    global $database;
    $username = strtolower($username);
-    return $database->has('accounts', ['username' => $username, "LIMIT" => QUERY_LIMIT]);
+    return $database->has('accounts', ['username' => $username]) === TRUE;
 }

 /**