Add the ability to locally cache passwords validated by external means

This can, for instance, be used to allow LDAP authenticated users to use the API without manually setting a password, as long as they've logged in using the web interface at least once.
author: Paul Arthur <paul.arthur@flowerysong.com> 2011-11-18 15:38:59 -0500
committer: Paul Arthur <paul.arthur@flowerysong.com> 2011-11-18 15:38:59 -0500
commit: 914261dcddd1178dd7eb6558095afc6bcdf8ddc9 (patch)
tree: b44af2e9a1ad6a24802eb98ffa8d29fc91d928ba /login.php
parent: 20311fe03e46667f8e1ce8efd25d42948038fe0e (diff)
download: ampache-914261dcddd1178dd7eb6558095afc6bcdf8ddc9.tar.gz
ampache-914261dcddd1178dd7eb6558095afc6bcdf8ddc9.tar.bz2
ampache-914261dcddd1178dd7eb6558095afc6bcdf8ddc9.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/login.php b/login.php
index 91e379cf..e7611611 100644
--- a/login.php
+++ b/login.php
@@ -130,6 +130,11 @@ if (($_POST['username'] && $_POST['password']) ||
 			}
 		} // End if auto_create
 
+		// This allows stealing passwords validated by external means
+		// such as LDAP
+		if (Config::get('auth_password_save') && $auth['success'] && $password) {
+			$user->update_password($password);
+		}
 	} // if we aren't in demo mode
 
 } // if they passed a username/password
author	Paul Arthur <paul.arthur@flowerysong.com>	2011-11-18 15:38:59 -0500
committer	Paul Arthur <paul.arthur@flowerysong.com>	2011-11-18 15:38:59 -0500
commit	914261dcddd1178dd7eb6558095afc6bcdf8ddc9 (patch)
tree	b44af2e9a1ad6a24802eb98ffa8d29fc91d928ba /login.php
parent	20311fe03e46667f8e1ce8efd25d42948038fe0e (diff)
download	ampache-914261dcddd1178dd7eb6558095afc6bcdf8ddc9.tar.gz ampache-914261dcddd1178dd7eb6558095afc6bcdf8ddc9.tar.bz2 ampache-914261dcddd1178dd7eb6558095afc6bcdf8ddc9.zip