R0.25 No Longer Supported

[SOLVED] - File JOOMDLE "LAND.PHP" in JOOMLA dir

  • Fabio
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
15 years 1 month ago - 15 years 1 month ago #1 by Fabio
[SOLVED] - File JOOMDLE "LAND.PHP" in JOOMLA dir was created by Fabio
Hi all.

First of all, thanks in advance for any support.

Into directory ...\components\com_joomdle\views\login I found this file "LAND.PHP"

Inside I found this code:

<?

$credentials = 'pepe';
$credentials = 'lala';

$mainframe->login($credentials);

$mainframe->redirect( 'index.php' );
?>

If I try to sign in MOODLE with this credential ... I sign in...

Is it correct that:
- This file exists?
- The file contains within it the credentials that work on MOODLE?

Thanks in advance
Last edit: 15 years 1 month ago by Fabio.
The topic has been locked.
More
15 years 1 month ago #2 by Antonio Durán
Replied by Antonio Durán on topic Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir
Thanks for the tip.

Sorry, but this is a leftover file from testing, should not be there (need to check more when releasing!!!)

As for the credentials working in Moodle: are you sure? I tried and it does not work for me, just gives an auth error.
Can you confirm this / explain more the scenario tested?

Thanks again,
Antonio
The topic has been locked.
  • Fabio
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
15 years 1 month ago #3 by Fabio
Replied by Fabio on topic Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir
Hi Antonio. Thank you for your assistance.

I confirm. When I use the credentials that I have found in the file "land.php" and I try to connect to Moodle directly (without using the bridge Joomdle), I can access the page that asks me to complete Moodle user data. If I complete the data I log in.

For completeness:
- My homepage Moodle does not allow guests to enter. Homepage field has only the username and password;
- Instead, from the homepage of Joomla can not log in with the credentials that I have found into the file "Land.php".

I do not know if I answered your question fully. In any case, I will delete the file land.php I found.
The topic has been locked.
More
15 years 1 month ago #4 by Antonio Durán
Replied by Antonio Durán on topic Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir
But... do you have a user in Moodle with username pepe? If so, I guess it was auto-created by some test code...
The topic has been locked.
  • Fabio
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
15 years 1 month ago #5 by Fabio
Replied by Fabio on topic Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir
Antonio, you're right in the middle ... And at the same time we have found the reason for what happened.

No user "pepe" in Moodle but a user in Joomla called "pepe"....

Evidently, Joomdle allows a user to access Moodle even if does not exist in Moodle but only in Joomla.

The strange thing is that the user "pepe" is locked in Joomla.
I checked also the component Joomdle. User "pepe" has only one account Joomla and not Moodle or Joomdle

Is it possible?
The topic has been locked.
More
15 years 1 month ago #6 by Antonio Durán
Replied by Antonio Durán on topic Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir
Thanks for the additional info.

I will test this afternoon and report back.
The topic has been locked.
More
15 years 1 month ago #7 by Antonio Durán
Replied by Antonio Durán on topic Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir
I am sorry, I thought you were using R0.3.

There is a bug in previous versions that may cause the behaviour you are seeing.

Please upgrade to R0.3 and test if this solves your problems.
The topic has been locked.
  • Fabio
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
15 years 1 month ago #8 by Fabio
Replied by Fabio on topic Re: Security - File JOOMDLE "LAND.PHP" in JOOMLA dir
Hi Antonio.

With upgrade I solved the problem. Thanks.
The topic has been locked.