From 3b14b61fa745d4906796ac49e78ae712f61e9643 Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Sat, 5 Dec 2009 21:04:20 -0500
Subject: Add a configuration option to disable the login command.

$config['logincommand']['disabled'] = true;

This commit should be reverted once the command has been sufficiently tested and trusted.
---
 actions/login.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'actions')

diff --git a/actions/login.php b/actions/login.php
index cee29fd09..a6f86c0ca 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -75,11 +75,14 @@ class LoginAction extends Action
     function handle($args)
     {
         parent::handle($args);
+
+        $disabled = common_config('logincommand','disabled');
+
         if (common_is_real_login()) {
             $this->clientError(_('Already logged in.'));
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $this->checkLogin();
-        } else if (isset($args['user_id']) && isset($args['token'])){
+        } else if (!isset($disabled) && isset($args['user_id']) && isset($args['token'])){
             $this->checkLogin($args['user_id'],$args['token']);
         } else {
             common_ensure_session();
-- 
cgit v1.2.3-54-g00ecf