Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69910

A way to infer if a username exists even if $CFG->protectusernames is set

    XMLWordPrintable

Details

    Description

      Since MDL-68845 in 3.10 you can now determine if an account exists even if $CFG->protectusernames is set.

      All you need is the valid user id of any unrelated account, it doesn't matter which, and almost all sites have an admin account with id = 2 which is enough, then compare a valid account and invalid account:

       

      http://moodle.local/calendar/export_execute.php?authtoken=x&userid=2&username=brendan

      Invalid authentication

       

      http://moodle.local/calendar/export_execute.php?authtoken=x&userid=2&username=brendancrap

      Exception - Argument 1 passed to calendar_get_export_token() must be an instance of stdClass, boolean given, called in [dirroot]/calendar/export_execute.php on line 29

       

       

      Attachments

        Issue Links

          Activity

            People

              brendanheywood Brendan Heywood
              brendanheywood Brendan Heywood
              Juan Leyva Juan Leyva
              Jake Dallimore Jake Dallimore
              Anna Carissa Sadia Anna Carissa Sadia
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/Nov/20

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 50 minutes
                  1h 50m