Merge pull request #7012 from dhensby/pulls/3.5/member-null

FIX Order of conditionals for getting default admin
2024-10-22 12:05:37 +00:00 · 2017-06-13 09:58:22 +12:00 · 2017-06-13 09:58:22 +12:00 · 9c2f4e3c44
commit 9c2f4e3c44
parent 7cf7a7094c a5c84b12ab
2 changed files with 4 additions and 4 deletions
--- a/security/MemberAuthenticator.php
+++ b/security/MemberAuthenticator.php
@ -47,11 +47,11 @@ class MemberAuthenticator extends Authenticator {
 		}

 		// Check default login (see Security::setDefaultAdmin())
-		$asDefaultAdmin = $email === Security::default_admin_username();
+		$asDefaultAdmin = Security::has_default_admin() && $email === Security::default_admin_username();
 		if($asDefaultAdmin) {
 			// If logging is as default admin, ensure record is setup correctly
 			$member = Member::default_admin();
-			$success = !$member->isLockedOut() && Security::check_default_admin($email, $data['Password']);
+			$success = Security::check_default_admin($email, $data['Password']) && $member && !$member->isLockedOut();
 			//protect against failed login
 			if($success) {
 				return $member;
--- a/security/Security.php
+++ b/security/Security.php
@ -873,9 +873,9 @@ class Security extends Controller implements TemplateGlobalProvider {
 	 */
 	public static function check_default_admin($username, $password) {
 		return (
-			self::$default_username === $username
+			self::has_default_admin()
+			&& self::$default_username === $username
 			&& self::$default_password === $password
-			&& self::has_default_admin()
 		);
 	}