autologin on empty password
Issue #179
invalid
Originally reported on Google Code with ID 179
hello
what about adding autologin on empty password?
I did a patch, but not sure it is in a right place
regards
Reported by ykorotia on 2013-02-26 09:19:58
Comments (6)
-
-
Account Deleted
I use 1.9.4 and it waits for a POST. I did a mistake with patch.. it was generated within 1.9.4. My bad... here it isReported by
ykorotiaon 2013-02-26 10:40:37<hr> * Attachment: autologin.patch
-
Account Deleted
$this->authorized is set by attemptGrant(), which is called only after POSTReported by
ykorotiaon 2013-02-26 10:44:15 -
Hmm. I still don't see why autologin should not work without your patch. Lets look at the code. $auth = new Authorization(); -> Constructor called. This will set $auth->authorized=true because of line 628. if (isset($_POST['logout'])) $auth->revoke(); -> No logout, no call. Fine. // check if user has attempted to log in else if (isset($_POST['login']) && isset($_POST['password'])) $auth->attemptGrant($_POST['password'], isset($_POST['remember'])); -> No login, no call. if ($auth->isAuthorized()) -> returns $auth->authorized, which is still true. Fine. So the Authorization class does not need an attemptGrant() called, if the password is empty. So I think 1.9.4 allows auto-login without your patch. Why doesn't it work for you? And I think it would be a bad idea to implement auto-login outside the Authorisation class. (By the way, I think autologin is not possible in 1.9.3.x yet.)Reported by
crazy4chrission 2013-02-26 10:52:10 -
Account Deleted
really, it works! sorry, I'm noobReported by
ykorotiaon 2013-02-26 10:55:30 -
Okay, no problem. Thanks for confirming that it works ;-)Reported by
crazy4chrission 2013-02-26 10:58:28 - Status changed:Invalid - Log in to comment
Reported by
crazy4chrission 2013-02-26 09:52:54