Welcome, Guest
R0.25 No Longer Supported

TOPIC: [SOLVED] - File JOOMDLE "LAND.PHP" in JOOMLA dir

[SOLVED] - File JOOMDLE "LAND.PHP" in JOOMLA dir 7 years 7 months ago #1

  • Fabio
  • Fabio's Avatar
  • Offline
  • Karma: 0
Hi all.

First of all, thanks in advance for any support.

Into directory ...\components\com_joomdle\views\login I found this file "LAND.PHP"

Inside I found this code:

<?

$credentials = 'pepe';
$credentials = 'lala';

$mainframe->login($credentials);

$mainframe->redirect( 'index.php' );
?>


If I try to sign in MOODLE with this credential ... I sign in...

Is it correct that:
- This file exists?
- The file contains within it the credentials that work on MOODLE?

Thanks in advance
Last Edit: 7 years 7 months ago by Fabio.
The topic has been locked.

Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir 7 years 7 months ago #2

  • Antonio Durán
  • Antonio Durán's Avatar
  • Offline
  • Karma: 158
Thanks for the tip.

Sorry, but this is a leftover file from testing, should not be there (need to check more when releasing!!!)

As for the credentials working in Moodle: are you sure? I tried and it does not work for me, just gives an auth error.
Can you confirm this / explain more the scenario tested?

Thanks again,
Antonio
The topic has been locked.

Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir 7 years 7 months ago #3

  • Fabio
  • Fabio's Avatar
  • Offline
  • Karma: 0
Hi Antonio. Thank you for your assistance.

I confirm. When I use the credentials that I have found in the file "land.php" and I try to connect to Moodle directly (without using the bridge Joomdle), I can access the page that asks me to complete Moodle user data. If I complete the data I log in.

For completeness:
- My homepage Moodle does not allow guests to enter. Homepage field has only the username and password;
- Instead, from the homepage of Joomla can not log in with the credentials that I have found into the file "Land.php".

I do not know if I answered your question fully. In any case, I will delete the file land.php I found.
The topic has been locked.

Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir 7 years 7 months ago #4

  • Antonio Durán
  • Antonio Durán's Avatar
  • Offline
  • Karma: 158
But... do you have a user in Moodle with username pepe? If so, I guess it was auto-created by some test code...
The topic has been locked.

Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir 7 years 7 months ago #5

  • Fabio
  • Fabio's Avatar
  • Offline
  • Karma: 0
Antonio, you're right in the middle ... And at the same time we have found the reason for what happened.

No user "pepe" in Moodle but a user in Joomla called "pepe"....

Evidently, Joomdle allows a user to access Moodle even if does not exist in Moodle but only in Joomla.

The strange thing is that the user "pepe" is locked in Joomla.
I checked also the component Joomdle. User "pepe" has only one account Joomla and not Moodle or Joomdle

Is it possible?
The topic has been locked.

Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir 7 years 7 months ago #6

  • Antonio Durán
  • Antonio Durán's Avatar
  • Offline
  • Karma: 158
Thanks for the additional info.

I will test this afternoon and report back.
The topic has been locked.

Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir 7 years 7 months ago #7

  • Antonio Durán
  • Antonio Durán's Avatar
  • Offline
  • Karma: 158
I am sorry, I thought you were using R0.3.

There is a bug in previous versions that may cause the behaviour you are seeing.

Please upgrade to R0.3 and test if this solves your problems.
The topic has been locked.

Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir 7 years 7 months ago #8

  • Fabio
  • Fabio's Avatar
  • Offline
  • Karma: 0
Hi Antonio.

With upgrade I solved the problem. Thanks.
The topic has been locked.