Fixed an bug where a notice could be thrown on the edit page under the right conditions

Cleaned up login page logic which should fix #1459 & #1461 Fixed a bug in tools class where an incorrect config setting could throw a notice
2014-01-18 15:25:09 -05:00 · 2014-01-18 15:25:09 -05:00 · cc6e58084f
commit cc6e58084f
parent dacadd8477
3 changed files with 7 additions and 3 deletions
--- a/public/include/classes/tools.class.php
+++ b/public/include/classes/tools.class.php
@ -86,6 +86,9 @@ class Tools extends Base {
      	  return @$aData['return']['markets'][$strCurrency]['lasttradeprice'];
      	  break;
      }
+    } else {
+      $this->setErrorMessage("Got an invalid response using URL ".$this->config['price']['url']." and target ".$this->config['price']['target']);
+      return false;
    }
    // Catchall, we have no data extractor for this API url
    $this->setErrorMessage("Undefined API to getPrice() on URL " . $this->config['price']['url']);
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@ -166,9 +166,9 @@ if ($user->isAuthenticated()) {
 // 2fa - one last time so we can sync with changes we made during this page
 if ($user->isAuthenticated() && $config['twofactor']['enabled']) {
  // set the token to be the old token, just in case an error occured
-  $ea_token = ($oldtoken_ea !== '') ? $oldtoken_ea : @$ea_token;
-  $wf_token = ($oldtoken_wf !== '') ? $oldtoken_wf : @$wf_token;
-  $cp_token = ($oldtoken_cp !== '') ? $oldtoken_cp : @$cp_token;
+  $ea_token = (@$oldtoken_ea !== '') ? $oldtoken_ea : @$ea_token;
+  $wf_token = (@$oldtoken_wf !== '') ? $oldtoken_wf : @$wf_token;
+  $cp_token = (@$oldtoken_cp !== '') ? $oldtoken_cp : @$cp_token;
  if ($config['twofactor']['options']['details']) {
    $ea_editable = $user->token->isTokenValid($_SESSION['USERDATA']['id'], $ea_token, 5);
    $ea_sent = $user->token->doesTokenExist('account_edit', $_SESSION['USERDATA']['id']);
--- a/public/include/pages/login.inc.php
+++ b/public/include/pages/login.inc.php
@ -59,6 +59,7 @@ if ($setting->getValue('maintenance') && !$user->isAdmin($user->getUserId($_POST
      $_SESSION['POPUP'][] = array('CONTENT' => 'Unable to login: '. $user->getError(), 'TYPE' => 'errormsg');
    }
  } else {
+    // csrf enabled and invalid csrf token
    $img = $csrftoken->getDescriptionImageHTML();
    $_SESSION['POPUP'][] = array('CONTENT' => "Login token expired, please try again $img", 'TYPE' => 'info');
  }