Changed $username/$password to $default_username/$default_password,

respecting Security::setDefaultAdmin() in MemberAuthenticator? 
(merged from branches/gsoc)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@42156 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2007-09-16 17:39:41 +00:00
parent 2271dc5d4a
commit 6205cff4f1
2 changed files with 42 additions and 17 deletions

View File

@ -28,13 +28,19 @@ class MemberAuthenticator extends Authenticator {
public static function authenticate(array $RAW_data, Form $form = null) { public static function authenticate(array $RAW_data, Form $form = null) {
$SQL_user = Convert::raw2sql($RAW_data['Email']); $SQL_user = Convert::raw2sql($RAW_data['Email']);
$member = DataObject::get_one("Member", // Default login (see {@setDetaultAdmin()})
"Email = '$SQL_user' AND Password IS NOT NULL"); $defaultUsername = Security::get_default_username();
$defaultPassword = Security::get_default_password();
if($member && ($member->checkPassword($RAW_data['Password']) == false)) { if($RAW_data['Email'] == $defaultUsername
$member = null; && $RAW_data['Password'] == $defaultPassword
} && !empty($defaultUsername)
&& !empty($defaultPassword)
) {
$member = Security::findAnAdministrator();
} else {
$member = DataObject::get_one("Member", "Email = '$SQL_user' AND Password IS NOT NULL");
if($member && ($member->checkPassword($RAW_data['Password']) == false)) $member = null;
}
if($member) { if($member) {
Session::clear("BackURL"); Session::clear("BackURL");

View File

@ -6,14 +6,14 @@
class Security extends Controller { class Security extends Controller {
/** /**
* @var $username String Only used in dev-mode by setDefaultAdmin() * @var $default_username String Only used in dev-mode by setDefaultAdmin()
*/ */
protected static $username; protected static $default_username;
/** /**
* @var $password String Only used in dev-mode by setDefaultAdmin() * @var $default_password String Only used in dev-mode by setDefaultAdmin()
*/ */
protected static $password; protected static $default_password;
/** /**
* If set to TRUE to prevent sharing of the session across several sites * If set to TRUE to prevent sharing of the session across several sites
@ -335,6 +335,25 @@ class Security extends Controller {
$autoLoginHash = urldecode($autoLoginHash); $autoLoginHash = urldecode($autoLoginHash);
return self::Link('changepassword') . "?h=$autoLoginHash"; return self::Link('changepassword') . "?h=$autoLoginHash";
} }
/**
* Returns a username set by setDefaultAdmin()
*
* @return String
*/
public static function get_default_username() {
return self::$default_username;
}
/**
* Returns a password set by setDefaultAdmin()
*
* @return String
*/
public static function get_default_password() {
return self::$default_password;
}
/** /**
* Show the "change password" page * Show the "change password" page
@ -407,8 +426,8 @@ class Security extends Controller {
$SQL_password = Convert::raw2sql($RAW_password); $SQL_password = Convert::raw2sql($RAW_password);
// Default login (see {@setDetaultAdmin()}) // Default login (see {@setDetaultAdmin()})
if(($RAW_email == self::$username) && ($RAW_password == self::$password) if(($RAW_email == self::$default_username) && ($RAW_password == self::$default_password)
&& !empty(self::$username) && !empty(self::$password)) { && !empty(self::$default_username) && !empty(self::$default_password)) {
$member = self::findAnAdministrator(); $member = self::findAnAdministrator();
} else { } else {
$member = DataObject::get_one("Member", $member = DataObject::get_one("Member",
@ -468,11 +487,11 @@ class Security extends Controller {
* @param $password String (Cleartext) * @param $password String (Cleartext)
*/ */
public static function setDefaultAdmin($username, $password) { public static function setDefaultAdmin($username, $password) {
if( self::$username || self::$password ) // don't overwrite if already set
return; if(self::$default_username || self::$default_password) return false;
self::$username = $username; self::$default_username = $username;
self::$password = $password; self::$default_password = $password;
} }