summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCraig Andrews <candrews@integralblue.com>2009-12-05 21:04:20 -0500
committerCraig Andrews <candrews@integralblue.com>2009-12-05 21:05:33 -0500
commit3b14b61fa745d4906796ac49e78ae712f61e9643 (patch)
tree7058e787308bb3b8324e3cb55d8e1a91bf5ee7ba
parent75cac0fd6b94f77ec8ff32ebc89ec513ee102831 (diff)
Add a configuration option to disable the login command.
$config['logincommand']['disabled'] = true; This commit should be reverted once the command has been sufficiently tested and trusted.
-rw-r--r--actions/login.php5
-rw-r--r--lib/command.php5
2 files changed, 9 insertions, 1 deletions
diff --git a/actions/login.php b/actions/login.php
index cee29fd09..a6f86c0ca 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -75,11 +75,14 @@ class LoginAction extends Action
function handle($args)
{
parent::handle($args);
+
+ $disabled = common_config('logincommand','disabled');
+
if (common_is_real_login()) {
$this->clientError(_('Already logged in.'));
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$this->checkLogin();
- } else if (isset($args['user_id']) && isset($args['token'])){
+ } else if (!isset($disabled) && isset($args['user_id']) && isset($args['token'])){
$this->checkLogin($args['user_id'],$args['token']);
} else {
common_ensure_session();
diff --git a/lib/command.php b/lib/command.php
index 7e98156b6..e2a665511 100644
--- a/lib/command.php
+++ b/lib/command.php
@@ -583,6 +583,11 @@ class LoginCommand extends Command
{
function execute($channel)
{
+ $disabled = common_config('logincommand','disabled');
+ if(isset($disabled)) {
+ $channel->error($this->user, _('Login command is disabled'));
+ return;
+ }
$login_token = Login_token::staticGet('user_id',$this->user->id);
if($login_token){
$login_token->delete();