User can login at back-end if the password is wrong.

[bhavikpatel10]

Steps to reproduce the issue

• Do not give write permission to log file.
• Trying to login at the back-end using wrong password and correct username.
• There will be error message that, Cannot write to log file.
• At the top right corner, you can see user is logged-in in the site, which is not correct, because the password is wrong.

Expected result

User can not access site with wrong password and stay at the login page.

Actual result

Use can login with wrong password.

System information (as much as possible)

Additional comments

[hacki65]

I can confirm this. But this seems to be the normal Errorpage from Joomla! for these cases and it is confusing. But no User is really logged in and any action will bring back to the Loginpage.

[ghost]

One could add a cosmetical

<?php if (!empty($user->id)) : ?>
 <ul class="nav nav-user<?php echo ($this->direction == 'rtl') ? ' pull-left' : ' pull-right'; ?>">
....
 </ul>
<?php endif; ?>

in templates/isis/error.php line 162.

[brianteeman]

This is a bug and needs fixing. The behaviour should be the same as if the logs file is writeable .

Thanks for reporting it

[mbabker]

The bug is just as @hacki65 pointed out, the error page is basically unaware of the user state. Since the Isis error page tries to mimic the base template layout, it has to have additional checks to be aware of user state. The Hathor error page doesn't do this.

[GeraintEdwards]

It appears to still be an issue in version 3.7.2.

The login script should catch the exception from the logger and return the visitor to the login page. I will implement this and post a PR.

[joomla-cms-bot]

Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/11869

[ghost]

closed as having PR #16475

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/11869.}