From 1c2f2657d2c551add2f18b1c2c9ce26766466348 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 4 Feb 2020 16:41:19 -0500 Subject: [PATCH] We don't do automatic login when recaptcha is enabled, so add the login calls on successful recaptcha --- web/includes/actions/login.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/web/includes/actions/login.php b/web/includes/actions/login.php index 6c8312b2f..68ca4e604 100644 --- a/web/includes/actions/login.php +++ b/web/includes/actions/login.php @@ -49,14 +49,23 @@ if ( ('login' == $action) && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == ' // as it produces the same error as when you don't answer a recaptcha if ( isset($responseData['error-codes']) && is_array($responseData['error-codes']) ) { if ( !in_array('invalid-input-secret', $responseData['error-codes']) ) { - Error('reCaptcha authentication failed'); + ZM\Error('reCaptcha authentication failed. response was: ' . print_r($responseData['error-codes'],true)); unset($user); // unset should be ok here because we aren't in a function return; } else { - Error('Invalid recaptcha secret detected'); + ZM\Error('Invalid recaptcha secret detected'); } } } // end if success==false + if ( ! (empty($_REQUEST['username']) or empty($_REQUEST['password'])) ) { + $ret = validateUser($_REQUEST['username'], $_REQUEST['password']); + if ( !$ret[0] ) { + ZM\Error($ret[1]); + unset($user); // unset should be ok here because we aren't in a function + } else { + $user = $ret[0]; + } + } # end if have username and password } // end if using reCaptcha // if captcha existed, it was passed