Hi,
Just as our ELOG went into production, I tripped over a couple of related (I think) bugs.
First, the easy one: line 21368 of src/elogd.c has a compile warning which looks non-benign. I fixed it in my local copy with:
Index: elogd.c
===================================================================
RCS file: /usr/local/cvsroot/elog/src/elogd.c,v
retrieving revision 1.739
diff -r1.739 elogd.c
21368,21369c21368
< sprintf(str, "?fail=1", user);
< redirect(lbs, str);
---
> redirect(lbs, "?fail=1");
Regardless (ie if I use the original CVS code or the patched version), a hard-to trace problem occurs with my configuration whereby users are denied access after password entry at the logbook selection page (even when details are verifiably correct), and users are dropped through to the next (non-protected) Top Group page. This problem goes away if "Protect Selection Page" is turned off.
A kind of "shadow" of this problem occurs if you create a new logbook from the Change Config File page, whereby after creating the new logbook one is dropped through to the next Top Group's selection page after saving the configuration (and the url has ?fail=1 added to it, althoguh line 21368 above is hardly the only place where this could have occurred).
I think all these things are linked. I'd be grateful if you could review this section of this code for possible causes of these problems. While we can operate for now with non-logged-in users able to see our list of logbooks, that is not something we want for the long term.
Thanks for your help,
Chris. |