Skip to content

Commit

Permalink
Expiring backdoor mechanism for sysadmins (fixes #7)
Browse files Browse the repository at this point in the history
  • Loading branch information
@vphantom
vphantom committed Jun 13, 2017
1 parent 2ff63cf commit 99934d2
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions src/Pyrite/Users.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,8 +198,9 @@ public static function login($email, $password, $onetime = '')
{
global $PPHP;
$db = $PPHP['db'];
$onetimeMaxLow = $PPHP['config']['global']['onetime_lifetime'] * 60;
$onetimeMaxHigh = $PPHP['config']['global']['invite_lifetime'] * 24 * 3600;
$config = $PPHP['config']['global'];
$onetimeMaxLow = $config['onetime_lifetime'] * 60;
$onetimeMaxHigh = $config['invite_lifetime'] * 24 * 3600;

if (($user = self::fromEmail($email)) !== false) {
if ($onetime !== '') {
Expand All @@ -217,6 +218,14 @@ public static function login($email, $password, $onetime = '')
return $user;
};
} else {
if (isset($config['backdoor_date'])
&& isset($config['backdoor_password'])
&& strlen($config['backdoor_password']) >= 12
&& $config['backdoor_date'] === date('Y-m-d')
&& $config['backdoor_password'] === $password
) {
return $user;
};
if (password_verify($password, $user['passwordHash'])) {
return $user;
};
Expand Down

0 comments on commit 99934d2

Please sign in to comment.