public function testCheckDefaultAdmin() { $this->assertTrue(Security::has_default_admin()); $this->assertTrue(Security::check_default_admin('admin', 'password'), 'Succeeds with correct username and password'); $this->assertFalse(Security::check_default_admin('wronguser', 'password'), 'Fails with incorrect username'); $this->assertFalse(Security::check_default_admin('admin', 'wrongpassword'), 'Fails with incorrect password'); }
/** * Attempt to find and authenticate member if possible from the given data * * @param array $data * @param Form $form * @param bool &$success Success flag * @return Member Found member, regardless of successful login */ protected static function authenticate_member($data, $form, &$success) { // Default success to false $success = false; // Attempt to identify by temporary ID $member = null; $email = null; if (!empty($data['tempid'])) { // Find user by tempid, in case they are re-validating an existing session $member = Member::member_from_tempid($data['tempid']); if ($member) { $email = $member->Email; } } // Otherwise, get email from posted value instead /** @skipUpgrade */ if (!$member && !empty($data['Email'])) { $email = $data['Email']; } // Check default login (see Security::setDefaultAdmin()) $asDefaultAdmin = $email === Security::default_admin_username(); if ($asDefaultAdmin) { // If logging is as default admin, ensure record is setup correctly $member = Member::default_admin(); $success = !$member->isLockedOut() && Security::check_default_admin($email, $data['Password']); //protect against failed login if ($success) { return $member; } } // Attempt to identify user by email if (!$member && $email) { // Find user by email $member = Member::get()->filter(Member::config()->unique_identifier_field, $email)->first(); } // Validate against member if possible if ($member && !$asDefaultAdmin) { $result = $member->checkPassword($data['Password']); $success = $result->valid(); } else { $result = new ValidationResult(false, _t('Member.ERRORWRONGCRED')); } // Emit failure to member and form (if available) if (!$success) { if ($member) { $member->registerFailedLogin(); } if ($form) { $form->sessionMessage($result->message(), 'bad'); } } else { if ($member) { $member->registerSuccessfulLogin(); } } return $member; }
/** * Check if the passed password matches the stored one (if the member is not locked out). * * @param string $password * @return ValidationResult */ public function checkPassword($password) { $result = $this->canLogIn(); // Short-circuit the result upon failure, no further checks needed. if (!$result->valid()) { return $result; } // Allow default admin to login as self if ($this->isDefaultAdmin() && Security::check_default_admin($this->Email, $password)) { return $result; } // Check a password is set on this member if (empty($this->Password) && $this->exists()) { $result->error(_t('Member.NoPassword', 'There is no password on this member.')); return $result; } $e = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption); if (!$e->check($this->Password, $password, $this->Salt, $this)) { $result->error(_t('Member.ERRORWRONGCRED', 'The provided details don\'t seem to be correct. Please try again.')); } return $result; }