From 8c571758ab82a1409e8b8375e0945e7b7a2592c6 Mon Sep 17 00:00:00 2001 From: Xavier Lecours Date: Mon, 25 Feb 2019 12:22:35 -0500 Subject: [PATCH] [SinglePointLogin] fix passwordAuthenticate accessing $_POST superglobal (#4356) This removes the $_POST['username'] in favor of $username variable passed to the function as a parameter. It fixes `PHP Fatal error: Uncaught TypeError: Argument 1 passed to SinglePointLogin::accountLocked() must be of the type string, null given` occurring because the API consumes 'application/json' content-type and $_POST is populated only; > [...] when using application/x-www-form-urlencoded or multipart/form-data as the HTTP Content-Type in the request. > http://php.net/manual/en/reserved.variables.post.php --- php/libraries/SinglePointLogin.class.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/libraries/SinglePointLogin.class.inc b/php/libraries/SinglePointLogin.class.inc index 372174317d0..b615ee14fad 100644 --- a/php/libraries/SinglePointLogin.class.inc +++ b/php/libraries/SinglePointLogin.class.inc @@ -320,7 +320,7 @@ class SinglePointLogin /* Check whether a user's account is locked due to too many bad login * attempts before actually trying to authenticate their credentials. */ - if ($this->accountLocked($_POST['username'])) { + if ($this->accountLocked($username)) { $this->_lastError = 'This account is currently suspended due ' . 'to too many bad login attempts.'; $this->insertFailedDetail('Account locked', $setArray);