diff --git a/security/MemberAuthenticator.php b/security/MemberAuthenticator.php index d48826da8..94fa39fe1 100644 --- a/security/MemberAuthenticator.php +++ b/security/MemberAuthenticator.php @@ -29,13 +29,7 @@ class MemberAuthenticator extends Authenticator { $SQL_user = Convert::raw2sql($RAW_data['Email']); // Default login (see {@setDetaultAdmin()}) - $defaultUsername = Security::get_default_username(); - $defaultPassword = Security::get_default_password(); - if($RAW_data['Email'] == $defaultUsername - && $RAW_data['Password'] == $defaultPassword - && !empty($defaultUsername) - && !empty($defaultPassword) - ) { + if(Security::checkDefaultAdmin($RAW_data['Email'], $RAW_data['Password'])) { $member = Security::findAnAdministrator(); } else { $member = DataObject::get_one("Member", "Email = '$SQL_user' AND Password IS NOT NULL"); diff --git a/security/Security.php b/security/Security.php index 9ba636430..4ab1ae8a5 100644 --- a/security/Security.php +++ b/security/Security.php @@ -338,25 +338,6 @@ class Security extends Controller { return self::Link('changepassword') . "?h=$autoLoginHash"; } - /** - * Returns a username set by setDefaultAdmin() - * - * @return String - */ - public static function get_default_username() { - return self::$default_username; - } - - /** - * Returns a password set by setDefaultAdmin() - * - * @return String - */ - public static function get_default_password() { - return self::$default_password; - } - - /** * Show the "change password" page * @@ -495,6 +476,21 @@ class Security extends Controller { self::$default_username = $username; self::$default_password = $password; } + + /** + * Checks if the passed credentials are matching the default-admin. + * Compares cleartext-password set through Security::setDefaultAdmin(). + * + * @param string $username + * @param string $password + * @return bool + */ + public static function checkDefaultAdmin($username, $password) { + return ( + self::$default_username == $username + && self::$default_password == $password + ); + } /**