From 519fd1f8439b7ecc78439174e801365f6498db4f Mon Sep 17 00:00:00 2001
From: Stanislas Dolcini <stanislas.dolcini@devinci.fr>
Date: Fri, 5 Oct 2018 19:44:49 +0200
Subject: [PATCH] Remove code to allow unsafe authentication

---
 .../web/public_php/login/class/ConnectionHandler.php | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/code/web/public_php/login/class/ConnectionHandler.php b/code/web/public_php/login/class/ConnectionHandler.php
index bcc2cab3a..2733f5ba1 100644
--- a/code/web/public_php/login/class/ConnectionHandler.php
+++ b/code/web/public_php/login/class/ConnectionHandler.php
@@ -204,16 +204,8 @@ class ConnectionHandler
                         $permission = mysqli_fetch_assoc($result);
 
                         if (!strstr($permission['AccessPrivilege'], $accessPriv)) {
-                            // no right to connect
-                            if ($AcceptUnknownUser) {
-                                // set an additionnal privilege for this player
-                                $query = "UPDATE permission set AccessPrivilege='" . $permission['AccessPrivilege'] . ",$accessPriv' WHERE PermissionId=" . $permission['PermissionId'];
-                                $result = mysqli_query($link, $query) or die(errorMsgBlock(3006, $query, 'main', $DBName, $DBHost, $DBUserName, mysqli_error($link)));
-                                $reason = errorMsg(3012, $accessPriv);
-                            } else {
-                                // no permission
-                                $reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
-                            }
+                            // no permission
+                            $reason = errorMsg(3013, $clientApplication, $domainName, $accessPriv);
                         } else {
                             // // check if the user not already online
                             // if ($row["State"] != "Offline") {