You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In core/plugins/Login/Controller.php there is a function called logme() - it allow a user to do a formless login. I found that the following code is completely unnecessary:
If the login is successful "authenticateAndRedirect" just redirects to $_REQUEST['url'] and exits. Otherwise the authenticate method prints an error to the user. authenticateAndRedirect does never return (it actually does not return anything at all), and even if it would $authenticate would be NULL.
logme as function name is not very descriptive. I can't think of a better name right now, but it should be changed.
The text was updated successfully, but these errors were encountered:
Another thought: Shouldn't logme() use tokenAuth to authenticate a user instead of the md5 hashed password? The password hash is definitely better to brute-force than the tokenAuth.
It's debateable whether switching to token_auth is more/less secure overall, but I agree it might be better against a dictionary attack. It's a compat buster, so I'll defer to Matthieu.
(In [2258]) fixes #1402 - remove unreachable if{} block; switching to token_auth is a wontfix as token_auth is intended for the API; logme() is a formless login which mirrors the form login, i.e., piwik_auth cookie and server-side session
In core/plugins/Login/Controller.php there is a function called logme() - it allow a user to do a formless login. I found that the following code is completely unnecessary:
If the login is successful "authenticateAndRedirect" just redirects to $_REQUEST['url'] and exits. Otherwise the authenticate method prints an error to the user. authenticateAndRedirect does never return (it actually does not return anything at all), and even if it would $authenticate would be NULL.
logme as function name is not very descriptive. I can't think of a better name right now, but it should be changed.
The text was updated successfully, but these errors were encountered: