search

sbpp / sourcebans-pp

Admin, ban, and comms management system for the Source engine
https://sbpp.github.io/
Creative Commons Attribution Share Alike 4.0 International
327 stars 175 forks source link

Disabling steamlogin disables normal login instead #954

Open Dragonisser opened 3 months ago

Dragonisser commented 3 months ago

What are the steps to reproduce this issue?

  1. Go into the sb++ database
  2. Open <prefix>_settings
  3. Set "config.enablesteamlogin" = 0

What happens?

Username/Pw login is disabled and only the steam login is shown

What were you expecting to happen?

The steam login is disabled

Any logs, error output, etc.?

https://github.com/sbpp/sourcebans-pp/blob/php81/web/themes/default/page_login.tpl#L8 https://github.com/sbpp/sourcebans-pp/blob/php81/web/themes/default/page_login.tpl#L28 https://github.com/sbpp/sourcebans-pp/blob/php81/web/themes/default/page_login.tpl#L32

Any other comments?

All those lines mention above are doing the opposite of what they should do. Instead of disabling the steam login button, they disable the user/pw fields, the forgot password and login button.

https://gist.github.com/Dragonisser/b8a30359bc25da590536bffec767b8f5

What versions of software are you using?

Operating System: WIndows 10 SourceBans++ Version: 1.8.0 (latest release which is named wrong) PHP Version: php8.1 MySQL Version: 10.3.39-MariaDB-0ubuntu0.20.04.2 Link to your project: Link to a phpinfo() output:

Dragonisser commented 3 months ago

It appears as this is legacy code that was never changed. The webpanel setting "Enable normal login" is linked to the database entry mentioned above, hence why this whole template is build the other way around.

It would be great if there was a setting to allow both "Enable Steam Login" and "Enable Normal Login", since there has been several OICD exploits in the past. The template and possible handler behind would need to be overhauled.