News:

Wondering if this will always be free?  See why free is better.

Main Menu

$user_info does not exist in some cases

Started by cgeek, May 24, 2024, 11:22:37 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

cgeek

May 24, 2024, 11:22:37 AM Last Edit: May 24, 2024, 12:01:40 PM by cgeek
So this is odd and just started today with no code changes done in many months.  I have some bots hitting my site with URLs.  They are generating a lot of errors in Subs.php where the $user_info array does not exist somehow.  I have not modified any code in this module.  For the life of me, using the same URLs logged in and as a guest I can't seem to reproduce the errors.  Any ideas what conditions could possibly cause $user_info to not exist or maybe some critical values like "is_guest"?

SMF 2.1.4

Error message
8: Trying to access array offset on value of type null
File
/home/xxx/public_html/Sources/Errors.php
Line
222

Backtrace information
#0: smf_error_handler()
Called from /home/cigargeeks/public_html/Sources/Errors.php on line 222
#1: fatal_lang_error()
Called from /home/cigargeeks/public_html/Sources/LogInOut.php on line 957
#2: validatePasswordFlood()
Called from /home/cigargeeks/public_html/Sources/Load.php on line 664
#3: loadUserSettings()
Called from /home/cigargeeks/public_html/index.php on line 214
#4: smf_main()
Called from /home/cigargeeks/public_html/index.php on line 184

cgeek

#1
May 24, 2024, 12:21:02 PM Last Edit: May 24, 2024, 12:37:23 PM by cgeek
Just noticed something else.  Right before this series of errors start, an error like this gets reported in the same user session: "Sorry, but you've reached your login attempts threshold for account xyz. Please wait 30 seconds and try again later."

Wondering if whatever is logging this type of error, maybe leaves the $user_info variable in a bad state or doesn't end the user session how it should???

sudoku

#2
May 24, 2024, 12:54:03 PM
Seems you have some naughty bots about your forum.   :P

cgeek

#3
May 24, 2024, 12:54:27 PM
Ok.  Looking and tracing through the code - here's my hypothesis.  Whatever mechanism this bot is using is causing the validatePasswordFlood() function to fire.  It determines the user has violated the 5 tries in 10 seconds rule and calls fatal_lang_error(), which then calls smf_error_handler() to report the error. 

The problem (I believe) is that smf_error_handler() needs $user_session, which may not have been successfully created since it was determined to be a bad user???
Print
Go Up Pages1
User actions
Advertisement: