SID Validation skipped due to incorrect $_POST variable key
Closed this issue · 1 comments
xyztextbooks commented
In admin/actions.php, code related to SID validation when a user record is updated includes:
$stm->execute(array(':SID'=>$_POST['adminname']));
But the key "adminname" is undefined (in fact, the string "adminname" appears nowhere else in the iMathAS code).
One would expect this line to be:
$stm->execute(array(':SID'=>$_POST['SID']));
With the revised line, the code will display "Username in use - left unchanged" message.
In its current state, no message is displayed if a SID is in use, and the form will silently fail to update the SID (due to the databases enforcement of unique SID constrain).
drlippman commented
Whoops, thanks.