Changed $username/$password to $default_username/$default_password,

respecting Security::setDefaultAdmin() in MemberAuthenticator? (merged from branches/gsoc) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@42156 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 14:05:37 +02:00 · 2007-09-16 17:39:41 +00:00 · 2007-09-16 17:39:41 +00:00 · 6205cff4f1
commit 6205cff4f1
parent 2271dc5d4a
2 changed files with 42 additions and 17 deletions
--- a/security/MemberAuthenticator.php
+++ b/security/MemberAuthenticator.php
@ -28,14 +28,20 @@ class MemberAuthenticator extends Authenticator {
  public static function authenticate(array $RAW_data, Form $form = null) {
    $SQL_user = Convert::raw2sql($RAW_data['Email']);
-    $member = DataObject::get_one("Member",
+	// Default login (see {@setDetaultAdmin()})
-			"Email = '$SQL_user' AND Password IS NOT NULL");
+	$defaultUsername = Security::get_default_username();
-
+	$defaultPassword = Security::get_default_password();
-		if($member && ($member->checkPassword($RAW_data['Password']) == false)) {
+	if($RAW_data['Email'] == $defaultUsername 
-			$member = null;
+		&& $RAW_data['Password'] == $defaultPassword 
 		&& !empty($defaultUsername) 
 		&& !empty($defaultPassword) 
 	) {
 		$member = Security::findAnAdministrator();
 	} else {
 		$member = DataObject::get_one("Member", "Email = '$SQL_user' AND Password IS NOT NULL");
 		if($member && ($member->checkPassword($RAW_data['Password']) == false)) $member = null;
 	}
    if($member) {
      Session::clear("BackURL");
    } else if(!is_null($form)) {
--- a/security/Security.php
+++ b/security/Security.php
@ -6,14 +6,14 @@
 class Security extends Controller {
 	/**
-	 * @var $username String Only used in dev-mode by setDefaultAdmin()
+	 * @var $default_username String Only used in dev-mode by setDefaultAdmin()
 	 */
-	protected static $username;
+	protected static $default_username;
 	/**
-	 * @var $password String Only used in dev-mode by setDefaultAdmin()
+	 * @var $default_password String Only used in dev-mode by setDefaultAdmin()
 	 */
-	protected static $password;
+	protected static $default_password;
 	/**
 	 * If set to TRUE to prevent sharing of the session across several sites
@ -336,6 +336,25 @@ class Security extends Controller {
 		return self::Link('changepassword') . "?h=$autoLoginHash";
 	}
 	/**
 	 * Returns a username set by setDefaultAdmin()
 	 * 
 	 * @return String
 	 */
 	public static function get_default_username() {
 		return self::$default_username;
 	}
 	/**
 	 * Returns a password set by setDefaultAdmin()
 	 * 
 	 * @return String
 	 */
 	public static function get_default_password() {
 		return self::$default_password;
 	}
 	/**
 	 * Show the "change password" page
 	 *
@ -407,8 +426,8 @@ class Security extends Controller {
 		$SQL_password = Convert::raw2sql($RAW_password);
 		// Default login (see {@setDetaultAdmin()})
-		if(($RAW_email == self::$username) && ($RAW_password == self::$password)
+		if(($RAW_email == self::$default_username) && ($RAW_password == self::$default_password)
-				&& !empty(self::$username) && !empty(self::$password)) {
+				&& !empty(self::$default_username) && !empty(self::$default_password)) {
 			$member = self::findAnAdministrator();
 		} else {
 			$member = DataObject::get_one("Member",
@ -468,11 +487,11 @@ class Security extends Controller {
 	 * @param $password String (Cleartext)
 	 */
 	public static function setDefaultAdmin($username, $password) {
-		if( self::$username || self::$password )
+		// don't overwrite if already set
-			return;
+		if(self::$default_username || self::$default_password) return false;
-		self::$username = $username;
+		self::$default_username = $username;
-		self::$password = $password;
+		self::$default_password = $password;
 	}