Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-69910

A way to infer if a username exists even if $CFG->protectusernames is set

    XMLWordPrintable

Details

    Description

      Since MDL-68845 in 3.10 you can now determine if an account exists even if $CFG->protectusernames is set.

      All you need is the valid user id of any unrelated account, it doesn't matter which, and almost all sites have an admin account with id = 2 which is enough, then compare a valid account and invalid account:

       

      http://moodle.local/calendar/export_execute.php?authtoken=x&userid=2&username=brendan

      Invalid authentication

       

      http://moodle.local/calendar/export_execute.php?authtoken=x&userid=2&username=brendancrap

      Exception - Argument 1 passed to calendar_get_export_token() must be an instance of stdClass, boolean given, called in [dirroot]/calendar/export_execute.php on line 29

       

       

      Attachments

        Issue Links

          Activity

            People

              brendanheywood Brendan Heywood
              brendanheywood Brendan Heywood
              Juan Leyva Juan Leyva
              Jake Dallimore Jake Dallimore
              Anna Carissa Sadia Anna Carissa Sadia
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/Nov/20

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour, 50 minutes
                  1h 50m