Add a configuration option to disable the login command.

$config['logincommand']['disabled'] = true;

This commit should be reverted once the command has been sufficiently tested and trusted.

diff --git a/actions/login.php b/actions/login.php
index cee29fd09e2e698f60339686ecdb35ea98ff68f3..a6f86c0ca1714b481da40f60de01649811ba1288 100644 (file)
--- a/actions/login.php
+++ b/actions/login.php
@@ -75,11 +75,14 @@ class LoginAction extends Action
     function handle($args)
     {
         parent::handle($args);
+
+        $disabled = common_config('logincommand','disabled');
+
         if (common_is_real_login()) {
             $this->clientError(_('Already logged in.'));
         } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             $this->checkLogin();
-        } else if (isset($args['user_id']) && isset($args['token'])){
+        } else if (!isset($disabled) && isset($args['user_id']) && isset($args['token'])){
             $this->checkLogin($args['user_id'],$args['token']);
         } else {
             common_ensure_session();

diff --git a/lib/command.php b/lib/command.php
index 7e98156b6679fd355e561f1839f27e1daad3e2f9..e2a665511154a080744f33b19d1ec40c3e77ba8f 100644 (file)
--- a/lib/command.php
+++ b/lib/command.php
@@ -583,6 +583,11 @@ class LoginCommand extends Command
 {
     function execute($channel)
     {
+        $disabled = common_config('logincommand','disabled');
+        if(isset($disabled)) {
+            $channel->error($this->user, _('Login command is disabled'));
+            return;
+        }
         $login_token = Login_token::staticGet('user_id',$this->user->id);
         if($login_token){
             $login_token->delete();