Skip to content
Permalink
Browse files

allow login without password in DEV mode

  • Loading branch information...
sbalmer committed Sep 17, 2015
1 parent 67873ae commit e1af89aa9df07ea265d879518ede9eb98aa494e0
Showing with 24 additions and 5 deletions.
  1. +3 −2 backend/backend.php
  2. +10 −0 config.base.php
  3. +2 −1 config.override.php
  4. +9 −2 lib/db/Users.php
@@ -11,9 +11,10 @@
/* Process logins & load logged in user */
$allpass = $aquarius->conf('admin/allpass');
require_once "db/Users.php";
$login_status = db_Users::authenticate();
$login_status = db_Users::authenticate($allpass);
// Redirect to frontend if user wants to
if ($login_status instanceof db_User && isset($_REQUEST['login_frontend'])) {
header('Location:'.PROJECT_URL);
@@ -200,6 +200,16 @@
$config['admin']['link_target'] = '';
/** Omit password checking for backend logins.
* This is useful during development, use with care! Do not ever enable this
* on a publicly accessible system. Best enable DEV mode to get this, change it
* in config.local.php if at all.
*
* Preset is false.
*/
$config['admin']['allpass'] = false;
/** Standard email address to use as sender address
* This is used in the "Sender:" header when the system generates mails. The
* "From:" header will also be set to this address should it not be set
@@ -7,7 +7,8 @@
* in config.local.php.
*/
if (DEV) {
/** Overrides suitable for developement */
/** Overrides suitable for development */
$config['admin']['allpass'] = true;
$config['frontend']['domain'] = null;
$config['frontend']['domains'] = array();
$config['frontend']['cache']['templates'] = false;
@@ -40,14 +40,21 @@ function staticGet($k,$v=NULL) { return DB_DataObject::staticGet('db_Users',$k,$
/** Verify user credentials and register user in session if successful.
* Requires fields 'backend_login', 'username' and 'password' to be set in $_REQUEST
* backend_login: must be set or this method won't try to authenticate
* @param $allpass optional parameter to skip password check
* @return user instance if login is successful, -1 if login failed, false if no login credentials were found.
*/
static function authenticate() {
static function authenticate($allpass=false) {
if (isset($_REQUEST['backend_login'])) {
$user = DB_DataObject::factory('users');
$user->active = true;
$user->name = $_REQUEST['username'];
$user->find(true);
$found = $user->find(true);
if ($found && $allpass) {
Log::debug("Logging in user '$user->name' without checking password");
$user->login();
return true;
}
// Don't look whether that user exists, so we give less timing information
// Instead, rely only on having a matching password

0 comments on commit e1af89a

Please sign in to comment.
You can’t perform that action at this time.