Code to allow admin to login once a code update has taken place and before the...

Code to allow admin to login once a code update has taken place and before the database has been upgraded

Code to allow admin to login once a code update has taken place and before the...
Code to allow admin to login once a code update has taken place and before the database has been upgraded
f8f97f42 · Donal McMullan · 7afbe6ca · f8f97f42 · f8f97f42
Commit f8f97f42 authored Jun 29, 2007 by Donal McMullan
Hide whitespace changes
Inline Side-by-side

Showing with 35 additions and 1 deletion

htdocs/auth/lib.php htdocs/auth/lib.php +4 -0

htdocs/auth/user.php htdocs/auth/user.php +31 -1

No files found.
--- a/htdocs/auth/lib.php
+++ b/htdocs/auth/lib.php
@@ -585,6 +585,10 @@ function auth_check_password_change() {
        return;
    }

+    if (get_config('version') < 2007062900) {
+        return true;
+    }
+
    $authobj = AuthFactory::create($USER->authinstance);

    if ($authobj->changepasswordurl) {

--- a/htdocs/auth/user.php
+++ b/htdocs/auth/user.php
@@ -378,8 +378,38 @@ class LiveUser extends User {
     * @return bool
     */
    public function login($username, $password, $institution) {
+        if ($username == 'admin' && $institution == 'mahara') {
+            // it's our Admin. Do the new auth tables exist yet?
+            if (get_config('version') < 2007062900) {
+	            // Get the user - be picky about what we accept, i.e. username, id and institution
+	            // must all match
+	            $user = get_record('usr', 'institution','mahara','username','admin','id','1');
+                if ($user->salt == null) {
+                    // This allows "plaintext" passwords, which are eaiser for an admin to
+                    // create by hacking in the database directly. The application does not
+                    // create passwords in this form.
+	                $this->authenticate($user);
+                    return $password == $user->password;
+                }
+
+                if ($user->salt == '*') {
+                    // This is a special salt that means this user simply CAN'T log in.
+                    // It is used on the root user (id=0)
+                    return false;
+                }
+
+                // The main type - a salted sha1
+                $sha1sent = sha1($user->salt . $password);
+                if ($sha1sent == $user->password) {
+                    $this->authenticate($user);
+                    return true;
+                }
+                return false;
+	        }
+        }
+
        $users = get_records_select_array('usr', 'LOWER(username) = ? AND institution = ?', array($username, $institution), 'authinstance', '*');
-        
+
        if ($users == false) {
            throw new AuthUnknownUserException("\"$username\" at \"$institution\" is not known");
        }